tboot-devel — Developer support

[tboot-devel] [PATCH] ACPI cleanup's and enablement for Xen ACPI S3 [v3]

[Konrad R. W. <kon...@or...>]

Attached is an [v3] set of patches to enable S3 to work with the Xen hypervisor.

Changes since v2: [https://lkml.org/lkml/2011/9/29/408]
 - Moved tboot_sleep out to the osl.c code.
 - Dropped some patches.
since the RFC posting [http://comments.gmane.org/gmane.linux.acpi.devel/50701]:
 - Per review comments added: __unused__ attribute, support for PM1A/B if more than 16-bit,
   copyright/license.
 - Added support for PHYSDEVOP_restore_msi_ext call.

The first two patches can be considered independently as cleanup - they move
the tboot_sleep out of the ACPI code and move it in the OS part. That is
the OSPM code changes required.

The more complex ones are in the ACPI x86 code. I was not sure how to
post the patches so I grouped in the "functionality" parts.

1). Use the acpi_os_prepare_sleep to register a variant of it. The reason
    for the need for this is explained in more details below. The patches are:

 [PATCH 1/7] x86, acpi, tboot: Have a ACPI os prepare sleep instead
 [PATCH 2/7] tboot: Add return values for tboot_sleep
 [PATCH 3/7] xen/acpi/sleep: Enable ACPI sleep via the

2). Expand x86_msi_ops. Every time we resume, we end up calling write_msi_irq
    to resume the MSI vectors. But when using Xen, we would write the MSI
    vectors using the other x86_msi_ops - hence we expand the x86_msi_ops
    indirection mechanism to take resume in account. The paches are:

 [PATCH 4/7] x86: Expand the x86_msi_ops to have a restore MSIs.
 [PATCH 5/7] xen/pci: Utilize the restore_msi_irqs hook.
3). Make acpi_suspend_lowlevel be a function pointer instead of a function.
    Details of why we want to omit the lowlevel values is explained below.
    Originally I was thinking that perhaps doing it via a registration
    function would be better? But not sure what folks leanings are
    in this case. The patches are:

 [PATCH 6/7] x86/acpi/sleep: Provide registration for
 [PATCH 7/7] xen/acpi/sleep: Register to the acpi_suspend_lowlevel a

Details of what I said in the first postings:

The Xen ACPI S3 functionality requires help from the Linux kernel. The Linux
kernel does the ACPI "stuff" and tells the hypervisor to do the low-level
stuff (such as program the IOAPIC, setup vectors, etc). Naturally do it correctly
the Xen hypervisor must be programmed with correct values that are extracted
as part of parsing the ACPI.

The ACPI code used during suspend is mostly all in hwsleep.c and there is one
particular case where 'hwsleep.c' is calling in the tboot.c code. This is replaced
by making the call go through the OS part of the ACPI code. The reason for
doing this is two fold: 1) cleanup, 2) for Xen case, it needs to make a hypercall
so that the hypervisor can write the PM1A/PM1B bits.

The major difficulties we hit was with 'acpi_suspend_lowlevel' - which tweaks
a lot of lowlevel values and some of them are not properly handled by Xen.
Liang Tang has figured which ones of them we trip over (read below) - and he
suggested that perhaps we can provide a registration mechanism to abstract
this away. The reason for all of this is that Linux does not talk to the
BIOS directly - instead it simply walks through the necessary ACPI methods
and then issues hypercall to Xen which then further completes the remaining
suspend steps.

So the attached patches do exactly that - there are two entry points
in the ACPI.

 1). For S3: acpi_suspend_lowlevel -> .. lots of code -> acpi_enter_sleep_state
 2). For S1/S4/S5: acpi_enter_sleep_state

The first naive idea was of abstracting away in the 'acpi_enter_sleep_state'
function the tboot_sleep code so that we can use it too. And low-behold - it
worked splendidly for powering off (S5 I believe)

For S3 that did not work - during suspend the hypervisor tripped over when
saving cr8. During resume it tripped over at restoring the cr3, cr8, idt,
and gdt values.

When I posted the RFC, the feedback I got was to use a higher upper
interface to make the call to the hypervisor. Instead of doing it at the
lower pv-ops case for cr3, cr8, idt, gdt, etc. The code is much nicer
this way, I've to say.

Anyhow, please take a look!

The patches are also located at

git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen.git devel/acpi-s3.v5

Konrad Rzeszutek Wilk (5):
      tboot: Add return values for tboot_sleep
      xen/acpi/sleep: Enable ACPI sleep via the acpi_os_prepare_sleep_register
      x86: Expand the x86_msi_ops to have a restore MSIs.
      x86/acpi/sleep: Provide registration for acpi_suspend_lowlevel
      xen/acpi/sleep: Register to the acpi_suspend_lowlevel a callback.

Tang Liang (2):
      x86, acpi, tboot: Have a ACPI os prepare sleep instead of calling tboot_sleep.
      xen/pci: Utilize the restore_msi_irqs hook.

 arch/x86/include/asm/acpi.h     |    2 +-
 arch/x86/include/asm/pci.h      |    9 +++++
 arch/x86/include/asm/x86_init.h |    1 +
 arch/x86/kernel/acpi/boot.c     |    2 +
 arch/x86/kernel/acpi/sleep.c    |    4 +-
 arch/x86/kernel/acpi/sleep.h    |    2 +
 arch/x86/kernel/tboot.c         |   18 ++++++++--
 arch/x86/kernel/x86_init.c      |    1 +
 arch/x86/pci/xen.c              |   27 ++++++++++++++
 arch/x86/xen/enlighten.c        |    3 ++
 drivers/acpi/acpica/hwsleep.c   |    7 ++--
 drivers/acpi/osl.c              |   19 ++++++++++
 drivers/acpi/sleep.c            |    2 +
 drivers/pci/msi.c               |   29 ++++++++++++++-
 drivers/xen/Makefile            |    2 +-
 drivers/xen/acpi.c              |   62 ++++++++++++++++++++++++++++++++
 include/acpi/acpiosxf.h         |    6 +++
 include/linux/tboot.h           |    3 --
 include/xen/acpi.h              |   74 +++++++++++++++++++++++++++++++++++++++
 include/xen/interface/physdev.h |    7 ++++
 20 files changed, 265 insertions(+), 15 deletions(-)

Re: [tboot-devel] [flickertcb-devel] tboot Output

[Cihula, J. <jos...@in...>]

Correct.

Joe

> -----Original Message-----
> From: Jonathan McCune [mailto:jon...@cm...]
> Sent: Monday, October 17, 2011 9:54 AM
> To: Steve Johnston
> Cc: tbo...@li...
> Subject: Re: [tboot-devel] [flickertcb-devel] tboot Output
> 
> I believe the tboot build script will insert a revision number if built in the revision control
> system (Mercurial? I think they're still using mercurial) repository.  If it can't find a version,
> it just prints "unavailable".
> 
> -Jon
> 
> 
> On Mon, Oct 17, 2011 at 12:40 PM, Steve Johnston <ste...@ad...> wrote:
> > Hi All,
> >
> > I was hoping for some assistance reading my tboot output (below).  The
> > line that concerns me is:
> >
> >
> > TBOOT: *********************************************
> > TBOOT:    unavailable
> > TBOOT: *********************************************
> >
> >
> > I'm working on a Dell 6510, using Ubuntu 10.04 and the stock kernel
> > (2.6.32-34).  I also receive this output using Ubuntu 11.04 and kernel
> > 2.6.38.8.
> >
> > Is this output something I should be concerned about?
> >
> > Steve J
> >
> >
> >
> >
> >
> >
> >
> >
> > <output>
> >
> >
> > TBOOT: *********************************************
> >
> > TBOOT:    unavailable
> >
> > TBOOT: *********************************************
> >
> > TBOOT: command line:
> >
> > TBOOT: BSP is cpu 0
> >
> > TBOOT: original e820 map:
> >
> > TBOOT:  0000000000000000 - 0000000000095c00  (1)
> >
> > TBOOT:  0000000000095c00 - 00000000000a0000  (2)
> >
> > TBOOT:  00000000000e0000 - 0000000000100000  (2)
> >
> > TBOOT:  0000000000100000 - 00000000db25f000  (1)
> >
> > TBOOT:  00000000db25f000 - 00000000db27f000  (2)
> >
> > TBOOT:  00000000db27f000 - 00000000db36f000  (4)
> >
> > TBOOT:  00000000db36f000 - 00000000dc000000  (2)
> >
> > TBOOT:  00000000ddc00000 - 00000000e0000000  (2)
> >
> > TBOOT:  00000000f8000000 - 00000000fc000000  (2)
> >
> > TBOOT:  00000000fec00000 - 00000000fec01000  (2)
> >
> > TBOOT:  00000000fed10000 - 00000000fed14000  (2)
> >
> > TBOOT:  00000000fed18000 - 00000000fed1a000  (2)
> >
> > TBOOT:  00000000fed1c000 - 00000000fed20000  (2)
> >
> > TBOOT:  00000000fee00000 - 00000000fee01000  (2)
> >
> > TBOOT:  00000000ff800000 - 0000000100000000  (2)
> >
> > TBOOT:  0000000100000000 - 0000000118000000  (1)
> >
> > TBOOT: TPM is ready
> >
> > TBOOT: TPM nv_locked: TRUE
> >
> > TBOOT: TPM timeout values: A: 750, B: 750, C: 2000, D: 750
> >
> > TBOOT: Wrong timeout B, fallback to 2000
> >
> > TBOOT: reading Verified Launch Policy from TPM NV...
> >
> > TBOOT: TPM: get capability, return value = 00000002
> >
> > TBOOT: TPM: fail to get public data of 0x20000001 in TPM NV
> >
> > TBOOT:  :reading failed
> >
> > TBOOT: reading Launch Control Policy from TPM NV...
> >
> > TBOOT: TPM: get capability, return value = 00000002
> >
> > TBOOT: TPM: fail to get public data of 0x40000001 in TPM NV
> >
> > TBOOT:  :reading failed
> >
> > TBOOT: failed to read policy from TPM NV, using default
> >
> > TBOOT: policy:
> >
> > TBOOT:   version: 2
> >
> > TBOOT:   policy_type: TB_POLTYPE_CONT_NON_FATAL
> >
> > TBOOT:   hash_alg: TB_HALG_SHA1
> >
> > TBOOT:   policy_control: 00000001 (EXTEND_PCR17)
> >
> > TBOOT:   num_entries: 2
> >
> > TBOOT:   policy entry[0]:
> >
> > TBOOT:           mod_num: 0
> >
> > TBOOT:           pcr: none
> >
> > TBOOT:           hash_type: TB_HTYPE_ANY
> >
> > TBOOT:           num_hashes: 0
> >
> > TBOOT:   policy entry[1]:
> >
> > TBOOT:           mod_num: any
> >
> > TBOOT:           pcr: 19
> >
> > TBOOT:           hash_type: TB_HTYPE_ANY
> >
> > TBOOT:           num_hashes: 0
> >
> > TBOOT: TPM: write nv 20000002, offset 00000000, 00000004 bytes, return
> > =
> > 00000002
> > TBOOT: Error: write TPM error: 0x2.
> >
> > TBOOT: no policy in TPM NV.
> >
> > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
> >
> > TBOOT: CPU is SMX-capable
> >
> > TBOOT: CPU is VMX-capable
> >
> > TBOOT: SMX is enabled
> >
> > TBOOT: TXT chipset and all needed capabilities present
> >
> > TBOOT: TXT.ERRORCODE: 0x0
> >
> > TBOOT: TXT.ESTS: 0x0
> >
> > TBOOT: TXT.E2STS: 0x0
> >
> > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
> >
> > TBOOT: CPU is SMX-capable
> >
> > TBOOT: CPU is VMX-capable
> >
> > TBOOT: SMX is enabled
> >
> > TBOOT: TXT chipset and all needed capabilities present
> >
> > TBOOT: TXT.HEAP.BASE: 0xdb720000
> >
> > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
> >
> > TBOOT: bios_data (@0xdb720008, 0x2c):
> >
> > TBOOT:   version: 3
> >
> > TBOOT:   bios_sinit_size: 0x0 (0)
> >
> > TBOOT:   lcp_pd_base: 0x0
> >
> > TBOOT:   lcp_pd_size: 0x0 (0)
> >
> > TBOOT:   num_logical_procs: 4
> >
> > TBOOT:   flags: 0x00000000
> >
> > TBOOT: CR0 and EFLAGS OK
> >
> > TBOOT: no machine check errors
> >
> > TBOOT: CPU is ready for SENTER
> >
> > TBOOT: checking previous errors on the last boot.
> >
> >        TPM: read nv index 20000002 offset 00000000, return value =
> > 00000002
> > TBOOT: Error: read TPM error: 0x2.
> >
> > TBOOT: last boot has no error.
> >
> > TBOOT: checking if module  is an SINIT for this platform...
> >
> > TBOOT: chipset production fused: 1
> >
> > TBOOT: chipset ids: vendor: 0x8086, device: 0xa000, revision: 0x1f
> >
> > TBOOT: processor family/model/stepping: 0x20655
> >
> > TBOOT: platform id: 0x10000000000000
> >
> > TBOOT:   1 ACM chipset id entries:
> >
> > TBOOT:       vendor: 0x8086, device: 0xa000, flags: 0x1, revision:
> > 0x1,
> > extended: 0x0
> > TBOOT: SINIT matches platform
> >
> > TBOOT: TXT.SINIT.BASE: 0xdb700000
> >
> > TBOOT: TXT.SINIT.SIZE: 0x20000 (131072)
> >
> > TBOOT: copied SINIT (size=8740) to 0xdb700000
> >
> > TBOOT: AC mod base alignment OK
> >
> > TBOOT: AC mod size OK
> >
> > TBOOT: AC module header dump for SINIT:
> >
> > TBOOT:   type: 0x2 (ACM_TYPE_CHIPSET)
> >
> > TBOOT:   subtype: 0x0
> >
> > TBOOT:   length: 0xa1 (161)
> >
> > TBOOT:   version: 0
> >
> > TBOOT:   chipset_id: 0xa000
> >
> > TBOOT:   flags: 0x0
> >
> > TBOOT:           pre_production: 0
> >
> > TBOOT:           debug_signed: 0
> >
> > TBOOT:   vendor: 0x8086
> >
> > TBOOT:   date: 0x20100311
> >
> > TBOOT:   size*4: 0x8740 (34624)
> >
> > TBOOT:   code_control: 0x0
> >
> > TBOOT:   entry point: 0x00000008:0000649c
> >
> > TBOOT:   scratch_size: 0x8f (143)
> >
> > TBOOT:   info_table:
> >
> > TBOOT:           uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e,
> >
> >                {0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}}
> >
> > TBOOT:               ACM_UUID_V3
> >
> > TBOOT:           chipset_acm_type: 0x1 (SINIT)
> >
> > TBOOT:           version: 3
> >
> > TBOOT:           length: 0x28 (40)
> >
> > TBOOT:           chipset_id_list: 0x4e8
> >
> > TBOOT:           os_sinit_data_ver: 0x5
> >
> > TBOOT:           min_mle_hdr_ver: 0x00020000
> >
> > TBOOT:           capabilities: 0x0000000e
> >
> > TBOOT:               rlp_wake_getsec: 0
> >
> > TBOOT:               rlp_wake_monitor: 1
> >
> > TBOOT:               ecx_pgtbl: 1
> >
> > TBOOT:           acm_ver: 18
> >
> > TBOOT:   chipset list:
> >
> > TBOOT:           count: 1
> >
> > TBOOT:           entry 0:
> >
> > TBOOT:               flags: 0x1
> >
> > TBOOT:               vendor_id: 0x8086
> >
> > TBOOT:               device_id: 0xa000
> >
> > TBOOT:               revision_id: 0x1
> >
> > TBOOT:               extended_id: 0x0
> >
> > TBOOT: file addresses:
> >
> > TBOOT:   &_start=0x803000
> >
> > TBOOT:   &_end=0x96dde0
> >
> > TBOOT:   &_mle_start=0x803000
> >
> > TBOOT:   &_mle_end=0x822000
> >
> > TBOOT:   &_post_launch_entry=0x803020
> >
> > TBOOT:   &_txt_wakeup=0x8031f0
> >
> > TBOOT:   &g_mle_hdr=0x818520
> >
> > TBOOT: MLE header:
> >
> > TBOOT:   uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f,
> >
> >                {0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}}
> >
> > TBOOT:   length=34
> >
> > TBOOT:   version=00020001
> >
> > TBOOT:   entry_point=00000020
> >
> > TBOOT:   first_valid_page=00000000
> >
> > TBOOT:   mle_start_off=0
> >
> > TBOOT:   mle_end_off=1f000
> >
> > TBOOT:   capabilities: 0x00000007
> >
> > TBOOT:       rlp_wake_getsec: 1
> >
> > TBOOT:       rlp_wake_monitor: 1
> >
> > TBOOT:       ecx_pgtbl: 1
> >
> > TBOOT: MLE start=803000, end=822000, size=1f000
> >
> > TBOOT: ptab_size=3000, ptab_base=0x800000
> >
> > TBOOT: TXT.HEAP.BASE: 0xdb720000
> >
> > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
> >
> > TBOOT: bios_data (@0xdb720008, 0x2c):
> >
> > TBOOT:   version: 3
> >
> > TBOOT:   bios_sinit_size: 0x0 (0)
> >
> > TBOOT:   lcp_pd_base: 0x0
> >
> > TBOOT:   lcp_pd_size: 0x0 (0)
> >
> > TBOOT:   num_logical_procs: 4
> >
> > TBOOT:   flags: 0x00000000
> >
> > TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xdb25f000
> >
> > TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x118000000
> >
> > TBOOT: no LCP module found
> >
> > TBOOT: os_sinit_data (@0xdb730154, 0x64):
> >
> > TBOOT:   version: 5
> >
> > TBOOT:   mle_ptab: 0x800000
> >
> > TBOOT:   mle_size: 0x1f000 (126976)
> >
> > TBOOT:   mle_hdr_base: 0x15520
> >
> > TBOOT:   vtd_pmr_lo_base: 0x0
> >
> > TBOOT:   vtd_pmr_lo_size: 0xdb200000
> >
> > TBOOT:   vtd_pmr_hi_base: 0x100000000
> >
> > TBOOT:   vtd_pmr_hi_size: 0x18000000
> >
> > TBOOT:   lcp_po_base: 0x0
> >
> > TBOOT:   lcp_po_size: 0x0 (0)
> >
> > TBOOT:   capabilities: 0x00000002
> >
> > TBOOT:       rlp_wake_getsec: 0
> >
> > TBOOT:       rlp_wake_monitor: 1
> >
> > TBOOT:       ecx_pgtbl: 0
> >
> > TBOOT:   efi_rsdt_ptr: 0x0
> >
> > TBOOT: setting MTRRs for acmod: base=0xdb700000, size=0x8740,
> > num_pages=9
> > TBOOT: executing GETSEC[SENTER]...
> >
> > TBOOT: ******************* TBOOT *******************
> >
> > TBOOT:    unavailable
> >
> > TBOOT: *********************************************
> >
> > TBOOT: command line:
> >
> > TBOOT: BSP is cpu 0
> >
> > TBOOT: original e820 map:
> >
> > TBOOT:  0000000000000000 - 0000000000095c00  (1)
> >
> > TBOOT:  0000000000095c00 - 00000000000a0000  (2)
> >
> > TBOOT:  00000000000e0000 - 0000000000100000  (2)
> >
> > TBOOT:  0000000000100000 - 00000000db25f000  (1)
> >
> > TBOOT:  00000000db25f000 - 00000000db27f000  (2)
> >
> > TBOOT:  00000000db27f000 - 00000000db36f000  (4)
> >
> > TBOOT:  00000000db36f000 - 00000000dc000000  (2)
> >
> > TBOOT:  00000000ddc00000 - 00000000e0000000  (2)
> >
> > TBOOT:  00000000f8000000 - 00000000fc000000  (2)
> >
> > TBOOT:  00000000fec00000 - 00000000fec01000  (2)
> >
> > TBOOT:  00000000fed10000 - 00000000fed14000  (2)
> >
> > TBOOT:  00000000fed18000 - 00000000fed1a000  (2)
> >
> > TBOOT:  00000000fed1c000 - 00000000fed20000  (2)
> >
> > TBOOT:  00000000fee00000 - 00000000fee01000  (2)
> >
> > TBOOT:  00000000ff800000 - 0000000100000000  (2)
> >
> > TBOOT:  0000000100000000 - 0000000118000000  (1)
> >
> > TBOOT: TPM is ready
> >
> > TBOOT: TPM nv_locked: TRUE
> >
> > TBOOT: TPM timeout values: A: 750, B: 750, C: 2000, D: 750
> >
> > TBOOT: Wrong timeout B, fallback to 2000
> >
> > TBOOT: reading Verified Launch Policy from TPM NV...
> >
> > TBOOT: TPM: get capability, return value = 00000002
> >
> > TBOOT: TPM: fail to get public data of 0x20000001 in TPM NV
> >
> > TBOOT:  :reading failed
> >
> > TBOOT: reading Launch Control Policy from TPM NV...
> >
> > TBOOT: TPM: get capability, return value = 00000002
> >
> > TBOOT: TPM: fail to get public data of 0x40000001 in TPM NV
> >
> > TBOOT:  :reading failed
> >
> > TBOOT: failed to read policy from TPM NV, using default
> >
> > TBOOT: policy:
> >
> > TBOOT:   version: 2
> >
> > TBOOT:   policy_type: TB_POLTYPE_CONT_NON_FATAL
> >
> > TBOOT:   hash_alg: TB_HALG_SHA1
> >
> > TBOOT:   policy_control: 00000001 (EXTEND_PCR17)
> >
> > TBOOT:   num_entries: 2
> >
> > TBOOT:   policy entry[0]:
> >
> > TBOOT:           mod_num: 0
> >
> > TBOOT:           pcr: none
> >
> > TBOOT:           hash_type: TB_HTYPE_ANY
> >
> > TBOOT:           num_hashes: 0
> >
> > TBOOT:   policy entry[1]:
> >
> > TBOOT:           mod_num: any
> >
> > TBOOT:           pcr: 19
> >
> > TBOOT:           hash_type: TB_HTYPE_ANY
> >
> > TBOOT:           num_hashes: 0
> >
> > TBOOT: TPM: write nv 20000002, offset 00000000, 00000004 bytes, return
> > =
> > 00000002
> > TBOOT: Error: write TPM error: 0x2.
> >
> > TBOOT: no policy in TPM NV.
> >
> > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
> >
> > TBOOT: CPU is SMX-capable
> >
> > TBOOT: CPU is VMX-capable
> >
> > TBOOT: SMX is enabled
> >
> > TBOOT: TXT chipset and all needed capabilities present
> >
> > TBOOT: TXT.ERRORCODE: 0xc0000001
> >
> > TBOOT: AC module error : acm_type=0x1, progress=0x00, error=0x0
> >
> > TBOOT: TXT.ESTS: 0x0
> >
> > TBOOT: TXT.E2STS: 0x0
> >
> > TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
> >
> > TBOOT: CPU is SMX-capable
> >
> > TBOOT: CPU is VMX-capable
> >
> > TBOOT: SMX is enabled
> >
> > TBOOT: TXT chipset and all needed capabilities present
> >
> > TBOOT: TXT.HEAP.BASE: 0xdb720000
> >
> > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
> >
> > TBOOT: bios_data (@0xdb720008, 0x2c):
> >
> > TBOOT:   version: 3
> >
> > TBOOT:   bios_sinit_size: 0x0 (0)
> >
> > TBOOT:   lcp_pd_base: 0x0
> >
> > TBOOT:   lcp_pd_size: 0x0 (0)
> >
> > TBOOT:   num_logical_procs: 4
> >
> > TBOOT:   flags: 0x00000000
> >
> > TBOOT: measured launch succeeded
> >
> > TBOOT: TXT.HEAP.BASE: 0xdb720000
> >
> > TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
> >
> > TBOOT: bios_data (@0xdb720008, 0x2c):
> >
> > TBOOT:   version: 3
> >
> > TBOOT:   bios_sinit_size: 0x0 (0)
> >
> > TBOOT:   lcp_pd_base: 0x0
> >
> > TBOOT:   lcp_pd_size: 0x0 (0)
> >
> > TBOOT:   num_logical_procs: 4
> >
> > TBOOT:   flags: 0x00000000
> >
> > TBOOT: os_mle_data (@0xdb720034, 0x10120):
> >
> > TBOOT:   version: 2
> >
> > TBOOT:   mbi: 0x96dde0
> >
> > TBOOT: os_sinit_data (@0xdb730154, 0x64):
> >
> > TBOOT:   version: 5
> >
> > TBOOT:   mle_ptab: 0x800000
> >
> > TBOOT:   mle_size: 0x1f000 (126976)
> >
> > TBOOT:   mle_hdr_base: 0x15520
> >
> > TBOOT:   vtd_pmr_lo_base: 0x0
> >
> > TBOOT:   vtd_pmr_lo_size: 0xdb200000
> >
> > TBOOT:   vtd_pmr_hi_base: 0x100000000
> >
> > TBOOT:   vtd_pmr_hi_size: 0x18000000
> >
> > TBOOT:   lcp_po_base: 0x0
> >
> > TBOOT:   lcp_po_size: 0x0 (0)
> >
> > TBOOT:   capabilities: 0x00000002
> >
> > TBOOT:       rlp_wake_getsec: 0
> >
> > TBOOT:       rlp_wake_monitor: 1
> >
> > TBOOT:       ecx_pgtbl: 0
> >
> > TBOOT:   efi_rsdt_ptr: 0x0
> >
> > TBOOT: sinit_mle_data (@0xdb7301b8, 0x1f8):
> >
> > TBOOT:   version: 7
> >
> > TBOOT:   bios_acm_id:
> >
> >        80 00 00 00 20 09 10 07 00 00 a0 00 ff ff ff ff ff ff ff ff
> >
> > TBOOT:   edx_senter_flags: 0x00000000
> >
> > TBOOT:   mseg_valid: 0x0
> >
> > TBOOT:   sinit_hash:
> >
> >        b7 36 7a b1 25 88 48 b9 a4 03 22 0a 01 cd 6a 2b 3b f3 b2 f6
> >
> > TBOOT:   mle_hash:
> >
> >        08 13 75 6e 41 d6 5a 94 f7 10 42 fc e8 39 80 80 db 0d 24 24
> >
> > TBOOT:   stm_hash:
> >
> >        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> >
> > TBOOT:   lcp_policy_hash:
> >
> >        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> >
> > TBOOT:   lcp_policy_control: 0x00000000
> >
> > TBOOT:   rlp_wakeup_addr: 0xdb701d20
> >
> > TBOOT:   num_mdrs: 7
> >
> > TBOOT:   mdrs_off: 0x98
> >
> > TBOOT:   num_vtd_dmars: 184
> >
> > TBOOT:   vtd_dmars_off: 0x140
> >
> > TBOOT:   sinit_mdrs:
> >
> > TBOOT:           0000000000000000 - 00000000000a0000 (GOOD)
> >
> > TBOOT:           0000000000100000 - 0000000000f00000 (GOOD)
> >
> > TBOOT:           0000000001000000 - 00000000db700000 (GOOD)
> >
> > TBOOT:           0000000100000000 - 0000000118000000 (GOOD)
> >
> > TBOOT:           0000000100000000 - 0000000118000000 (GOOD)
> >
> > TBOOT:           00000000db800000 - 00000000dc000000 (SMRAM
> > NON-OVERLAY)
> >
> > TBOOT:           00000000f800000c - 00000000fc00000c (PCIE EXTENDED
> > CONFIG)
> > TBOOT: CPU supports 36 phys address bits
> >
> > TBOOT: RSDP (v2, DELL   ' $) @ 0x0fe300
> >
> > TBOOT: acpi_table_ioapic @ 0xdb27cf84, .address = 0xfec00000
> >
> > TBOOT: acpi_table_mcfg @ 0xdb36dc98, .base_address = 0xf8000000
> >
> > TBOOT: mtrr_def_type: e = 1, fe = 1, type = 0
> >
> > TBOOT: mtrrs:
> >
> > TBOOT:              base          mask      type  v
> >
> > TBOOT:          0000000000000 0000000f80000  06  01
> >
> > TBOOT:          0000000080000 0000000fc0000  06  01
> >
> > TBOOT:          00000000c0000 0000000fe0000  06  01
> >
> > TBOOT:          00000000dc000 0000000ffc000  00  01
> >
> > TBOOT:          00000000db400 0000000fffc00  00  01
> >
> > TBOOT:          0000000100000 0000000fe0000  06  01
> >
> > TBOOT:          0000000118000 0000000ff8000  00  01
> >
> > TBOOT:          0000000000000 0000000000000  00  00
> >
> > TBOOT: reserving 0xdb200000 - 0xdb25f000, which was truncated for VT-d
> >
> > TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xdb25f000
> >
> > TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x118000000
> >
> > TBOOT: MSR for SMM monitor control on BSP is 0x0.
> >
> > TBOOT: verifying ILP is opt-out or has the same MSEG header with
> > TXT.MSEG.BASE
> >                opt-out
> >
> > TBOOT:  : succeeded.
> >
> > TBOOT: enabling SMIs on BSP
> >
> > TBOOT: mle_join.entry_point = 8031f0
> >
> > TBOOT: mle_join.seg_sel = 8
> >
> > TBOOT: mle_join.gdt_base = 804000
> >
> > TBOOT: mle_join.gdt_limit = 3f
> >
> > TBOOT: joining RLPs to MLE with MONITOR wakeup
> >
> > TBOOT: rlp_wakeup_addr = 0xdb701d20
> >
> > TBOOT: cpu 4 waking up from TXT sleep
> >
> > TBOOT: waiting for all APs (3) to enter wait-for-sipi...
> >
> > TBOOT: MSR for SMM monitor control on cpu 4 is 0x0
> >
> > TBOOT: verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 4
> >
> >         : succeeded.
> >
> > TBOOT: enabling SMIs on cpu 4
> >
> > TBOOT: .VMXON done for cpu 4
> >
> > TBOOT:
> >
> > TBOOT: cpu 5 waking up from TXT sleep
> >
> > TBOOT: launching mini-guest for cpu 4
> >
> > TBOOT: MSR for SMM monitor control on cpu 5 is 0x0
> >
> > TBOOT: verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 5
> >
> >         : succeeded.
> >
> > TBOOT: enabling SMIs on cpu 5
> >
> > TBOOT: VMXON done for cpu 5
> >
> > TBOOT: launching mini-guest for cpu 5
> >
> > TBOOT: cpu 1 waking up from TXT sleep
> >
> > TBOOT: MSR for SMM monitor control on cpu 1 is 0x0
> >
> > TBOOT: .verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 1
> >
> >        . : succeeded.
> >
> > TBOOT: .enabling SMIs on cpu 1
> >
> > TBOOT: .VMXON done for cpu 1
> >
> > TBOOT: .launching mini-guest for cpu 1
> >
> > TBOOT: .
> >
> > TBOOT: all APs in wait-for-sipi
> >
> > TBOOT: saved IA32_MISC_ENABLE = 0x00850089
> >
> > TBOOT: set TXT.CMD.SECRETS flag
> >
> > TBOOT: opened TPM locality 1
> >
> > TBOOT: DMAR table @ 0xdb36eb18 saved.
> >
> > TBOOT: no LCP module found
> >
> > TBOOT: verifying module 0 of mbi (a4608000 - a4a1946f) in e820 table
> >
> >         (range from 00000000a4608000 to 00000000a4a19470 is in
> > E820_RAM)
> > TBOOT: : succeeded.
> >
> > TBOOT: verifying module 1 of mbi (a4a1a000 - a61e17ff) in e820 table
> >
> >         (range from 00000000a4a1a000 to 00000000a61e1800 is in
> > E820_RAM)
> > TBOOT: : succeeded.
> >
> > TBOOT: protecting TXT heap (db720000 - db7fffff) in e820 table
> >
> > TBOOT: protecting SINIT (db700000 - db71ffff) in e820 table
> >
> > TBOOT: protecting TXT Private Space (fed20000 - fed2ffff) in e820
> > table
> >
> > TBOOT: verifying e820 table against SINIT MDRs: verification succeeded.
> >
> > TBOOT: verifying tboot and its page table (800000 - 96dddf) in e820
> > table
> >         (range from 0000000000800000 to 000000000096dde0 is in
> > E820_RAM)
> > TBOOT: : succeeded.
> >
> > TBOOT: Error: ELF magic number is not matched.
> >
> > TBOOT: protecting tboot (800000 - 96dfff) in e820 table
> >
> > TBOOT: adjusted e820 map:
> >
> > TBOOT:  0000000000000000 - 0000000000095c00  (1)
> >
> > TBOOT:  0000000000095c00 - 00000000000a0000  (2)
> >
> > TBOOT:  00000000000e0000 - 0000000000100000  (2)
> >
> > TBOOT:  0000000000100000 - 0000000000800000  (1)
> >
> > TBOOT:  0000000000800000 - 000000000096e000  (2)
> >
> > TBOOT:  000000000096e000 - 0000000000f00000  (1)
> >
> > TBOOT:  0000000000f00000 - 0000000001000000  (2)
> >
> > TBOOT:  0000000001000000 - 00000000db200000  (1)
> >
> > TBOOT:  00000000db200000 - 00000000db25f000  (2)
> >
> > TBOOT:  00000000db25f000 - 00000000db27f000  (2)
> >
> > TBOOT:  00000000db27f000 - 00000000db36f000  (4)
> >
> > TBOOT:  00000000db36f000 - 00000000db700000  (2)
> >
> > TBOOT:  00000000db700000 - 00000000db720000  (2)
> >
> > TBOOT:  00000000db720000 - 00000000db800000  (2)
> >
> > TBOOT:  00000000db800000 - 00000000dc000000  (2)
> >
> > TBOOT:  00000000ddc00000 - 00000000e0000000  (2)
> >
> > TBOOT:  00000000f8000000 - 00000000fc000000  (2)
> >
> > TBOOT:  00000000fec00000 - 00000000fec01000  (2)
> >
> > TBOOT:  00000000fed10000 - 00000000fed14000  (2)
> >
> > TBOOT:  00000000fed18000 - 00000000fed1a000  (2)
> >
> > TBOOT:  00000000fed1c000 - 00000000fed20000  (2)
> >
> > TBOOT:  00000000fed20000 - 00000000fed30000  (2)
> >
> > TBOOT:  00000000fee00000 - 00000000fee01000  (2)
> >
> > TBOOT:  00000000ff800000 - 0000000100000000  (2)
> >
> > TBOOT:  0000000100000000 - 0000000118000000  (1)
> >
> > TBOOT: verifying module
> > "root=UUID=5642bb59-16f2-40a8-934e-26ef7fb0c7d6
> > /boot/vmlinuz-2.6.38.8 root=UUID=5642bb59-1.
> > TBOOT:   OK : 66 9d ba fb 9b b4 63 a5 c1 8d d9 86 55 fa 32 23 d6 7b 46
> > 5d
> > TBOOT: verifying module "/boot/initrd.img-2.6.38.8"...
> >
> > TBOOT:   OK : 90 a7 41 25 3a 20 20 8c a4 25 40 db 41 1a a6 79 73 91 7f
> > c0
> > TBOOT: all modules are verified
> >
> > TBOOT: pre_k_s3_state:
> >
> > TBOOT:   vtd_pmr_lo_base: 0x0
> >
> > TBOOT:   vtd_pmr_lo_size: 0xdb200000
> >
> > TBOOT:   vtd_pmr_hi_base: 0x100000000
> >
> > TBOOT:   vtd_pmr_hi_size: 0x18000000
> >
> > TBOOT:   pol_hash: ab 41 62 4e 7d 71 f0 68 d4 8e 1c 2f 43 e6 16 bf 40
> > 67 1c 39
> > TBOOT:   VL measurements:
> >
> > TBOOT:     PCR 17: 97 04 35 36 30 67 4b fe 21 b8 6b 64 a7 b0 f9 9c 29
> > 7c
> > f9 02
> > TBOOT:     PCR 18: 66 9d ba fb 9b b4 63 a5 c1 8d d9 86 55 fa 32 23 d6
> > 7b
> > 46 5d
> > TBOOT:     PCR 19: 90 a7 41 25 3a 20 20 8c a4 25 40 db 41 1a a6 79 73
> > 91 7f c0
> > TBOOT: PCRs before extending:
> >
> > TBOOT:   PCR 17: 34 29 5e 15 c7 90 b5 26 05 9c ad 1e 88 bb f8 60 11 6c
> > 93 cf
> > TBOOT:   PCR 18: ff ab b1 0c 60 a8 db 2a 63 e5 12 cb 3f 43 e0 d8 b9 14
> > fa af
> > TBOOT: PCRs after extending:
> >
> > TBOOT:   PCR 17: 4b fd 50 90 3b b4 6e 90 4e e4 61 c7 34 4a f7 2e c9 35
> > 8f 63
> > TBOOT:   PCR 18: 05 b6 88 7a 79 b8 e3 96 2a 97 c2 cc ad d6 25 7c d8 c3
> > d8 dc
> > TBOOT: tboot_shared data:
> >
> > TBOOT:   version: 5
> >
> > TBOOT:   log_addr: 0x00000000
> >
> > TBOOT:   shutdown_entry: 0x008031b0
> >
> > TBOOT:   shutdown_type: 0
> >
> > TBOOT:   tboot_base: 0x00803000
> >
> > TBOOT:   tboot_size: 0x16ade0
> >
> > TBOOT:   num_in_wfs: 3
> >
> > TBOOT: no LCP module found
> >
> > TBOOT: Error: ELF magic number is not matched.
> >
> > TBOOT: assuming kernel is Linux format
> >
> > TBOOT: Initrd from 0x7e838000 to 0x7ffff800
> >
> > TBOOT: Kernel (protected mode) from 0x1000000 to 0x140da70
> >
> > TBOOT: Kernel (real mode) from 0x8cb00 to 0x90500
> >
> > TBOOT: transfering control to kernel @0x1000000...
> >
> > TBOOT: VMXOFF done for cpu 4
> >
> > TBOOT: cpu 4 waking up, SIPI vector=93000
> >
> > TBOOT: VMXOFF done for cpu 1
> >
> > TBOOT: cpu 1 waking up, SIPI vector=93000
> >
> > TBOOT: VMXOFF done for cpu 5
> >
> > TBOOT: cpu 5 waking up, SIPI vector=93000
> >
> > </output>
> >
> >
> > ----------------------------------------------------------------------
> > -------- All the data continuously generated in your IT infrastructure
> > contains a definitive record of customers, application performance,
> > security threats, fraudulent activity and more. Splunk takes this data
> > and makes sense of it. Business sense. IT sense. Common sense.
> > http://p.sf.net/sfu/splunk-d2d-oct
> > _______________________________________________
> > flickertcb-devel mailing list
> > fli...@li...
> > https://lists.sourceforge.net/lists/listinfo/flickertcb-devel
> >
> 
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure contains a definitive record of
> customers, application performance, security threats, fraudulent activity and more. Splunk takes
> this data and makes sense of it. Business sense. IT sense. Common sense.
> http://p.sf.net/sfu/splunk-d2d-oct
> _______________________________________________
> tboot-devel mailing list
> tbo...@li...
> https://lists.sourceforge.net/lists/listinfo/tboot-devel

Re: [tboot-devel] [flickertcb-devel] tboot Output

[Jonathan M. <jon...@cm...>]

I believe the tboot build script will insert a revision number if
built in the revision control system (Mercurial? I think they're still
using mercurial) repository.  If it can't find a version, it just
prints "unavailable".

-Jon


On Mon, Oct 17, 2011 at 12:40 PM, Steve Johnston
<ste...@ad...> wrote:
> Hi All,
>
> I was hoping for some assistance reading my tboot output (below).  The
> line that concerns me is:
>
>
> TBOOT: *********************************************
> TBOOT:    unavailable
> TBOOT: *********************************************
>
>
> I'm working on a Dell 6510, using Ubuntu 10.04 and the stock kernel
> (2.6.32-34).  I also receive this output using Ubuntu 11.04 and kernel
> 2.6.38.8.
>
> Is this output something I should be concerned about?
>
> Steve J
>
>
>
>
>
>
>
>
> <output>
>
>
> TBOOT: *********************************************
>
> TBOOT:    unavailable
>
> TBOOT: *********************************************
>
> TBOOT: command line:
>
> TBOOT: BSP is cpu 0
>
> TBOOT: original e820 map:
>
> TBOOT:  0000000000000000 - 0000000000095c00  (1)
>
> TBOOT:  0000000000095c00 - 00000000000a0000  (2)
>
> TBOOT:  00000000000e0000 - 0000000000100000  (2)
>
> TBOOT:  0000000000100000 - 00000000db25f000  (1)
>
> TBOOT:  00000000db25f000 - 00000000db27f000  (2)
>
> TBOOT:  00000000db27f000 - 00000000db36f000  (4)
>
> TBOOT:  00000000db36f000 - 00000000dc000000  (2)
>
> TBOOT:  00000000ddc00000 - 00000000e0000000  (2)
>
> TBOOT:  00000000f8000000 - 00000000fc000000  (2)
>
> TBOOT:  00000000fec00000 - 00000000fec01000  (2)
>
> TBOOT:  00000000fed10000 - 00000000fed14000  (2)
>
> TBOOT:  00000000fed18000 - 00000000fed1a000  (2)
>
> TBOOT:  00000000fed1c000 - 00000000fed20000  (2)
>
> TBOOT:  00000000fee00000 - 00000000fee01000  (2)
>
> TBOOT:  00000000ff800000 - 0000000100000000  (2)
>
> TBOOT:  0000000100000000 - 0000000118000000  (1)
>
> TBOOT: TPM is ready
>
> TBOOT: TPM nv_locked: TRUE
>
> TBOOT: TPM timeout values: A: 750, B: 750, C: 2000, D: 750
>
> TBOOT: Wrong timeout B, fallback to 2000
>
> TBOOT: reading Verified Launch Policy from TPM NV...
>
> TBOOT: TPM: get capability, return value = 00000002
>
> TBOOT: TPM: fail to get public data of 0x20000001 in TPM NV
>
> TBOOT:  :reading failed
>
> TBOOT: reading Launch Control Policy from TPM NV...
>
> TBOOT: TPM: get capability, return value = 00000002
>
> TBOOT: TPM: fail to get public data of 0x40000001 in TPM NV
>
> TBOOT:  :reading failed
>
> TBOOT: failed to read policy from TPM NV, using default
>
> TBOOT: policy:
>
> TBOOT:   version: 2
>
> TBOOT:   policy_type: TB_POLTYPE_CONT_NON_FATAL
>
> TBOOT:   hash_alg: TB_HALG_SHA1
>
> TBOOT:   policy_control: 00000001 (EXTEND_PCR17)
>
> TBOOT:   num_entries: 2
>
> TBOOT:   policy entry[0]:
>
> TBOOT:           mod_num: 0
>
> TBOOT:           pcr: none
>
> TBOOT:           hash_type: TB_HTYPE_ANY
>
> TBOOT:           num_hashes: 0
>
> TBOOT:   policy entry[1]:
>
> TBOOT:           mod_num: any
>
> TBOOT:           pcr: 19
>
> TBOOT:           hash_type: TB_HTYPE_ANY
>
> TBOOT:           num_hashes: 0
>
> TBOOT: TPM: write nv 20000002, offset 00000000, 00000004 bytes, return =
> 00000002
> TBOOT: Error: write TPM error: 0x2.
>
> TBOOT: no policy in TPM NV.
>
> TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
>
> TBOOT: CPU is SMX-capable
>
> TBOOT: CPU is VMX-capable
>
> TBOOT: SMX is enabled
>
> TBOOT: TXT chipset and all needed capabilities present
>
> TBOOT: TXT.ERRORCODE: 0x0
>
> TBOOT: TXT.ESTS: 0x0
>
> TBOOT: TXT.E2STS: 0x0
>
> TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
>
> TBOOT: CPU is SMX-capable
>
> TBOOT: CPU is VMX-capable
>
> TBOOT: SMX is enabled
>
> TBOOT: TXT chipset and all needed capabilities present
>
> TBOOT: TXT.HEAP.BASE: 0xdb720000
>
> TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
>
> TBOOT: bios_data (@0xdb720008, 0x2c):
>
> TBOOT:   version: 3
>
> TBOOT:   bios_sinit_size: 0x0 (0)
>
> TBOOT:   lcp_pd_base: 0x0
>
> TBOOT:   lcp_pd_size: 0x0 (0)
>
> TBOOT:   num_logical_procs: 4
>
> TBOOT:   flags: 0x00000000
>
> TBOOT: CR0 and EFLAGS OK
>
> TBOOT: no machine check errors
>
> TBOOT: CPU is ready for SENTER
>
> TBOOT: checking previous errors on the last boot.
>
>        TPM: read nv index 20000002 offset 00000000, return value =
> 00000002
> TBOOT: Error: read TPM error: 0x2.
>
> TBOOT: last boot has no error.
>
> TBOOT: checking if module  is an SINIT for this platform...
>
> TBOOT: chipset production fused: 1
>
> TBOOT: chipset ids: vendor: 0x8086, device: 0xa000, revision: 0x1f
>
> TBOOT: processor family/model/stepping: 0x20655
>
> TBOOT: platform id: 0x10000000000000
>
> TBOOT:   1 ACM chipset id entries:
>
> TBOOT:       vendor: 0x8086, device: 0xa000, flags: 0x1, revision: 0x1,
> extended: 0x0
> TBOOT: SINIT matches platform
>
> TBOOT: TXT.SINIT.BASE: 0xdb700000
>
> TBOOT: TXT.SINIT.SIZE: 0x20000 (131072)
>
> TBOOT: copied SINIT (size=8740) to 0xdb700000
>
> TBOOT: AC mod base alignment OK
>
> TBOOT: AC mod size OK
>
> TBOOT: AC module header dump for SINIT:
>
> TBOOT:   type: 0x2 (ACM_TYPE_CHIPSET)
>
> TBOOT:   subtype: 0x0
>
> TBOOT:   length: 0xa1 (161)
>
> TBOOT:   version: 0
>
> TBOOT:   chipset_id: 0xa000
>
> TBOOT:   flags: 0x0
>
> TBOOT:           pre_production: 0
>
> TBOOT:           debug_signed: 0
>
> TBOOT:   vendor: 0x8086
>
> TBOOT:   date: 0x20100311
>
> TBOOT:   size*4: 0x8740 (34624)
>
> TBOOT:   code_control: 0x0
>
> TBOOT:   entry point: 0x00000008:0000649c
>
> TBOOT:   scratch_size: 0x8f (143)
>
> TBOOT:   info_table:
>
> TBOOT:           uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e,
>
>                {0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}}
>
> TBOOT:               ACM_UUID_V3
>
> TBOOT:           chipset_acm_type: 0x1 (SINIT)
>
> TBOOT:           version: 3
>
> TBOOT:           length: 0x28 (40)
>
> TBOOT:           chipset_id_list: 0x4e8
>
> TBOOT:           os_sinit_data_ver: 0x5
>
> TBOOT:           min_mle_hdr_ver: 0x00020000
>
> TBOOT:           capabilities: 0x0000000e
>
> TBOOT:               rlp_wake_getsec: 0
>
> TBOOT:               rlp_wake_monitor: 1
>
> TBOOT:               ecx_pgtbl: 1
>
> TBOOT:           acm_ver: 18
>
> TBOOT:   chipset list:
>
> TBOOT:           count: 1
>
> TBOOT:           entry 0:
>
> TBOOT:               flags: 0x1
>
> TBOOT:               vendor_id: 0x8086
>
> TBOOT:               device_id: 0xa000
>
> TBOOT:               revision_id: 0x1
>
> TBOOT:               extended_id: 0x0
>
> TBOOT: file addresses:
>
> TBOOT:   &_start=0x803000
>
> TBOOT:   &_end=0x96dde0
>
> TBOOT:   &_mle_start=0x803000
>
> TBOOT:   &_mle_end=0x822000
>
> TBOOT:   &_post_launch_entry=0x803020
>
> TBOOT:   &_txt_wakeup=0x8031f0
>
> TBOOT:   &g_mle_hdr=0x818520
>
> TBOOT: MLE header:
>
> TBOOT:   uuid={0x9082ac5a, 0x476f, 0x74a7, 0x5c0f,
>
>                {0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42}}
>
> TBOOT:   length=34
>
> TBOOT:   version=00020001
>
> TBOOT:   entry_point=00000020
>
> TBOOT:   first_valid_page=00000000
>
> TBOOT:   mle_start_off=0
>
> TBOOT:   mle_end_off=1f000
>
> TBOOT:   capabilities: 0x00000007
>
> TBOOT:       rlp_wake_getsec: 1
>
> TBOOT:       rlp_wake_monitor: 1
>
> TBOOT:       ecx_pgtbl: 1
>
> TBOOT: MLE start=803000, end=822000, size=1f000
>
> TBOOT: ptab_size=3000, ptab_base=0x800000
>
> TBOOT: TXT.HEAP.BASE: 0xdb720000
>
> TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
>
> TBOOT: bios_data (@0xdb720008, 0x2c):
>
> TBOOT:   version: 3
>
> TBOOT:   bios_sinit_size: 0x0 (0)
>
> TBOOT:   lcp_pd_base: 0x0
>
> TBOOT:   lcp_pd_size: 0x0 (0)
>
> TBOOT:   num_logical_procs: 4
>
> TBOOT:   flags: 0x00000000
>
> TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xdb25f000
>
> TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x118000000
>
> TBOOT: no LCP module found
>
> TBOOT: os_sinit_data (@0xdb730154, 0x64):
>
> TBOOT:   version: 5
>
> TBOOT:   mle_ptab: 0x800000
>
> TBOOT:   mle_size: 0x1f000 (126976)
>
> TBOOT:   mle_hdr_base: 0x15520
>
> TBOOT:   vtd_pmr_lo_base: 0x0
>
> TBOOT:   vtd_pmr_lo_size: 0xdb200000
>
> TBOOT:   vtd_pmr_hi_base: 0x100000000
>
> TBOOT:   vtd_pmr_hi_size: 0x18000000
>
> TBOOT:   lcp_po_base: 0x0
>
> TBOOT:   lcp_po_size: 0x0 (0)
>
> TBOOT:   capabilities: 0x00000002
>
> TBOOT:       rlp_wake_getsec: 0
>
> TBOOT:       rlp_wake_monitor: 1
>
> TBOOT:       ecx_pgtbl: 0
>
> TBOOT:   efi_rsdt_ptr: 0x0
>
> TBOOT: setting MTRRs for acmod: base=0xdb700000, size=0x8740,
> num_pages=9
> TBOOT: executing GETSEC[SENTER]...
>
> TBOOT: ******************* TBOOT *******************
>
> TBOOT:    unavailable
>
> TBOOT: *********************************************
>
> TBOOT: command line:
>
> TBOOT: BSP is cpu 0
>
> TBOOT: original e820 map:
>
> TBOOT:  0000000000000000 - 0000000000095c00  (1)
>
> TBOOT:  0000000000095c00 - 00000000000a0000  (2)
>
> TBOOT:  00000000000e0000 - 0000000000100000  (2)
>
> TBOOT:  0000000000100000 - 00000000db25f000  (1)
>
> TBOOT:  00000000db25f000 - 00000000db27f000  (2)
>
> TBOOT:  00000000db27f000 - 00000000db36f000  (4)
>
> TBOOT:  00000000db36f000 - 00000000dc000000  (2)
>
> TBOOT:  00000000ddc00000 - 00000000e0000000  (2)
>
> TBOOT:  00000000f8000000 - 00000000fc000000  (2)
>
> TBOOT:  00000000fec00000 - 00000000fec01000  (2)
>
> TBOOT:  00000000fed10000 - 00000000fed14000  (2)
>
> TBOOT:  00000000fed18000 - 00000000fed1a000  (2)
>
> TBOOT:  00000000fed1c000 - 00000000fed20000  (2)
>
> TBOOT:  00000000fee00000 - 00000000fee01000  (2)
>
> TBOOT:  00000000ff800000 - 0000000100000000  (2)
>
> TBOOT:  0000000100000000 - 0000000118000000  (1)
>
> TBOOT: TPM is ready
>
> TBOOT: TPM nv_locked: TRUE
>
> TBOOT: TPM timeout values: A: 750, B: 750, C: 2000, D: 750
>
> TBOOT: Wrong timeout B, fallback to 2000
>
> TBOOT: reading Verified Launch Policy from TPM NV...
>
> TBOOT: TPM: get capability, return value = 00000002
>
> TBOOT: TPM: fail to get public data of 0x20000001 in TPM NV
>
> TBOOT:  :reading failed
>
> TBOOT: reading Launch Control Policy from TPM NV...
>
> TBOOT: TPM: get capability, return value = 00000002
>
> TBOOT: TPM: fail to get public data of 0x40000001 in TPM NV
>
> TBOOT:  :reading failed
>
> TBOOT: failed to read policy from TPM NV, using default
>
> TBOOT: policy:
>
> TBOOT:   version: 2
>
> TBOOT:   policy_type: TB_POLTYPE_CONT_NON_FATAL
>
> TBOOT:   hash_alg: TB_HALG_SHA1
>
> TBOOT:   policy_control: 00000001 (EXTEND_PCR17)
>
> TBOOT:   num_entries: 2
>
> TBOOT:   policy entry[0]:
>
> TBOOT:           mod_num: 0
>
> TBOOT:           pcr: none
>
> TBOOT:           hash_type: TB_HTYPE_ANY
>
> TBOOT:           num_hashes: 0
>
> TBOOT:   policy entry[1]:
>
> TBOOT:           mod_num: any
>
> TBOOT:           pcr: 19
>
> TBOOT:           hash_type: TB_HTYPE_ANY
>
> TBOOT:           num_hashes: 0
>
> TBOOT: TPM: write nv 20000002, offset 00000000, 00000004 bytes, return =
> 00000002
> TBOOT: Error: write TPM error: 0x2.
>
> TBOOT: no policy in TPM NV.
>
> TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
>
> TBOOT: CPU is SMX-capable
>
> TBOOT: CPU is VMX-capable
>
> TBOOT: SMX is enabled
>
> TBOOT: TXT chipset and all needed capabilities present
>
> TBOOT: TXT.ERRORCODE: 0xc0000001
>
> TBOOT: AC module error : acm_type=0x1, progress=0x00, error=0x0
>
> TBOOT: TXT.ESTS: 0x0
>
> TBOOT: TXT.E2STS: 0x0
>
> TBOOT: IA32_FEATURE_CONTROL_MSR: 0000ff07
>
> TBOOT: CPU is SMX-capable
>
> TBOOT: CPU is VMX-capable
>
> TBOOT: SMX is enabled
>
> TBOOT: TXT chipset and all needed capabilities present
>
> TBOOT: TXT.HEAP.BASE: 0xdb720000
>
> TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
>
> TBOOT: bios_data (@0xdb720008, 0x2c):
>
> TBOOT:   version: 3
>
> TBOOT:   bios_sinit_size: 0x0 (0)
>
> TBOOT:   lcp_pd_base: 0x0
>
> TBOOT:   lcp_pd_size: 0x0 (0)
>
> TBOOT:   num_logical_procs: 4
>
> TBOOT:   flags: 0x00000000
>
> TBOOT: measured launch succeeded
>
> TBOOT: TXT.HEAP.BASE: 0xdb720000
>
> TBOOT: TXT.HEAP.SIZE: 0xe0000 (917504)
>
> TBOOT: bios_data (@0xdb720008, 0x2c):
>
> TBOOT:   version: 3
>
> TBOOT:   bios_sinit_size: 0x0 (0)
>
> TBOOT:   lcp_pd_base: 0x0
>
> TBOOT:   lcp_pd_size: 0x0 (0)
>
> TBOOT:   num_logical_procs: 4
>
> TBOOT:   flags: 0x00000000
>
> TBOOT: os_mle_data (@0xdb720034, 0x10120):
>
> TBOOT:   version: 2
>
> TBOOT:   mbi: 0x96dde0
>
> TBOOT: os_sinit_data (@0xdb730154, 0x64):
>
> TBOOT:   version: 5
>
> TBOOT:   mle_ptab: 0x800000
>
> TBOOT:   mle_size: 0x1f000 (126976)
>
> TBOOT:   mle_hdr_base: 0x15520
>
> TBOOT:   vtd_pmr_lo_base: 0x0
>
> TBOOT:   vtd_pmr_lo_size: 0xdb200000
>
> TBOOT:   vtd_pmr_hi_base: 0x100000000
>
> TBOOT:   vtd_pmr_hi_size: 0x18000000
>
> TBOOT:   lcp_po_base: 0x0
>
> TBOOT:   lcp_po_size: 0x0 (0)
>
> TBOOT:   capabilities: 0x00000002
>
> TBOOT:       rlp_wake_getsec: 0
>
> TBOOT:       rlp_wake_monitor: 1
>
> TBOOT:       ecx_pgtbl: 0
>
> TBOOT:   efi_rsdt_ptr: 0x0
>
> TBOOT: sinit_mle_data (@0xdb7301b8, 0x1f8):
>
> TBOOT:   version: 7
>
> TBOOT:   bios_acm_id:
>
>        80 00 00 00 20 09 10 07 00 00 a0 00 ff ff ff ff ff ff ff ff
>
> TBOOT:   edx_senter_flags: 0x00000000
>
> TBOOT:   mseg_valid: 0x0
>
> TBOOT:   sinit_hash:
>
>        b7 36 7a b1 25 88 48 b9 a4 03 22 0a 01 cd 6a 2b 3b f3 b2 f6
>
> TBOOT:   mle_hash:
>
>        08 13 75 6e 41 d6 5a 94 f7 10 42 fc e8 39 80 80 db 0d 24 24
>
> TBOOT:   stm_hash:
>
>        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>
> TBOOT:   lcp_policy_hash:
>
>        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>
> TBOOT:   lcp_policy_control: 0x00000000
>
> TBOOT:   rlp_wakeup_addr: 0xdb701d20
>
> TBOOT:   num_mdrs: 7
>
> TBOOT:   mdrs_off: 0x98
>
> TBOOT:   num_vtd_dmars: 184
>
> TBOOT:   vtd_dmars_off: 0x140
>
> TBOOT:   sinit_mdrs:
>
> TBOOT:           0000000000000000 - 00000000000a0000 (GOOD)
>
> TBOOT:           0000000000100000 - 0000000000f00000 (GOOD)
>
> TBOOT:           0000000001000000 - 00000000db700000 (GOOD)
>
> TBOOT:           0000000100000000 - 0000000118000000 (GOOD)
>
> TBOOT:           0000000100000000 - 0000000118000000 (GOOD)
>
> TBOOT:           00000000db800000 - 00000000dc000000 (SMRAM NON-OVERLAY)
>
> TBOOT:           00000000f800000c - 00000000fc00000c (PCIE EXTENDED
> CONFIG)
> TBOOT: CPU supports 36 phys address bits
>
> TBOOT: RSDP (v2, DELL  �'�$) @ 0x0fe300
>
> TBOOT: acpi_table_ioapic @ 0xdb27cf84, .address = 0xfec00000
>
> TBOOT: acpi_table_mcfg @ 0xdb36dc98, .base_address = 0xf8000000
>
> TBOOT: mtrr_def_type: e = 1, fe = 1, type = 0
>
> TBOOT: mtrrs:
>
> TBOOT:              base          mask      type  v
>
> TBOOT:          0000000000000 0000000f80000  06  01
>
> TBOOT:          0000000080000 0000000fc0000  06  01
>
> TBOOT:          00000000c0000 0000000fe0000  06  01
>
> TBOOT:          00000000dc000 0000000ffc000  00  01
>
> TBOOT:          00000000db400 0000000fffc00  00  01
>
> TBOOT:          0000000100000 0000000fe0000  06  01
>
> TBOOT:          0000000118000 0000000ff8000  00  01
>
> TBOOT:          0000000000000 0000000000000  00  00
>
> TBOOT: reserving 0xdb200000 - 0xdb25f000, which was truncated for VT-d
>
> TBOOT: min_lo_ram: 0x0, max_lo_ram: 0xdb25f000
>
> TBOOT: min_hi_ram: 0x100000000, max_hi_ram: 0x118000000
>
> TBOOT: MSR for SMM monitor control on BSP is 0x0.
>
> TBOOT: verifying ILP is opt-out or has the same MSEG header with
> TXT.MSEG.BASE
>                opt-out
>
> TBOOT:  : succeeded.
>
> TBOOT: enabling SMIs on BSP
>
> TBOOT: mle_join.entry_point = 8031f0
>
> TBOOT: mle_join.seg_sel = 8
>
> TBOOT: mle_join.gdt_base = 804000
>
> TBOOT: mle_join.gdt_limit = 3f
>
> TBOOT: joining RLPs to MLE with MONITOR wakeup
>
> TBOOT: rlp_wakeup_addr = 0xdb701d20
>
> TBOOT: cpu 4 waking up from TXT sleep
>
> TBOOT: waiting for all APs (3) to enter wait-for-sipi...
>
> TBOOT: MSR for SMM monitor control on cpu 4 is 0x0
>
> TBOOT: verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 4
>
>         : succeeded.
>
> TBOOT: enabling SMIs on cpu 4
>
> TBOOT: .VMXON done for cpu 4
>
> TBOOT:
>
> TBOOT: cpu 5 waking up from TXT sleep
>
> TBOOT: launching mini-guest for cpu 4
>
> TBOOT: MSR for SMM monitor control on cpu 5 is 0x0
>
> TBOOT: verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 5
>
>         : succeeded.
>
> TBOOT: enabling SMIs on cpu 5
>
> TBOOT: VMXON done for cpu 5
>
> TBOOT: launching mini-guest for cpu 5
>
> TBOOT: cpu 1 waking up from TXT sleep
>
> TBOOT: MSR for SMM monitor control on cpu 1 is 0x0
>
> TBOOT: .verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu 1
>
>        . : succeeded.
>
> TBOOT: .enabling SMIs on cpu 1
>
> TBOOT: .VMXON done for cpu 1
>
> TBOOT: .launching mini-guest for cpu 1
>
> TBOOT: .
>
> TBOOT: all APs in wait-for-sipi
>
> TBOOT: saved IA32_MISC_ENABLE = 0x00850089
>
> TBOOT: set TXT.CMD.SECRETS flag
>
> TBOOT: opened TPM locality 1
>
> TBOOT: DMAR table @ 0xdb36eb18 saved.
>
> TBOOT: no LCP module found
>
> TBOOT: verifying module 0 of mbi (a4608000 - a4a1946f) in e820 table
>
>         (range from 00000000a4608000 to 00000000a4a19470 is in
> E820_RAM)
> TBOOT: : succeeded.
>
> TBOOT: verifying module 1 of mbi (a4a1a000 - a61e17ff) in e820 table
>
>         (range from 00000000a4a1a000 to 00000000a61e1800 is in
> E820_RAM)
> TBOOT: : succeeded.
>
> TBOOT: protecting TXT heap (db720000 - db7fffff) in e820 table
>
> TBOOT: protecting SINIT (db700000 - db71ffff) in e820 table
>
> TBOOT: protecting TXT Private Space (fed20000 - fed2ffff) in e820 table
>
> TBOOT: verifying e820 table against SINIT MDRs: verification succeeded.
>
> TBOOT: verifying tboot and its page table (800000 - 96dddf) in e820
> table
>         (range from 0000000000800000 to 000000000096dde0 is in
> E820_RAM)
> TBOOT: : succeeded.
>
> TBOOT: Error: ELF magic number is not matched.
>
> TBOOT: protecting tboot (800000 - 96dfff) in e820 table
>
> TBOOT: adjusted e820 map:
>
> TBOOT:  0000000000000000 - 0000000000095c00  (1)
>
> TBOOT:  0000000000095c00 - 00000000000a0000  (2)
>
> TBOOT:  00000000000e0000 - 0000000000100000  (2)
>
> TBOOT:  0000000000100000 - 0000000000800000  (1)
>
> TBOOT:  0000000000800000 - 000000000096e000  (2)
>
> TBOOT:  000000000096e000 - 0000000000f00000  (1)
>
> TBOOT:  0000000000f00000 - 0000000001000000  (2)
>
> TBOOT:  0000000001000000 - 00000000db200000  (1)
>
> TBOOT:  00000000db200000 - 00000000db25f000  (2)
>
> TBOOT:  00000000db25f000 - 00000000db27f000  (2)
>
> TBOOT:  00000000db27f000 - 00000000db36f000  (4)
>
> TBOOT:  00000000db36f000 - 00000000db700000  (2)
>
> TBOOT:  00000000db700000 - 00000000db720000  (2)
>
> TBOOT:  00000000db720000 - 00000000db800000  (2)
>
> TBOOT:  00000000db800000 - 00000000dc000000  (2)
>
> TBOOT:  00000000ddc00000 - 00000000e0000000  (2)
>
> TBOOT:  00000000f8000000 - 00000000fc000000  (2)
>
> TBOOT:  00000000fec00000 - 00000000fec01000  (2)
>
> TBOOT:  00000000fed10000 - 00000000fed14000  (2)
>
> TBOOT:  00000000fed18000 - 00000000fed1a000  (2)
>
> TBOOT:  00000000fed1c000 - 00000000fed20000  (2)
>
> TBOOT:  00000000fed20000 - 00000000fed30000  (2)
>
> TBOOT:  00000000fee00000 - 00000000fee01000  (2)
>
> TBOOT:  00000000ff800000 - 0000000100000000  (2)
>
> TBOOT:  0000000100000000 - 0000000118000000  (1)
>
> TBOOT: verifying module "root=UUID=5642bb59-16f2-40a8-934e-26ef7fb0c7d6
> /boot/vmlinuz-2.6.38.8 root=UUID=5642bb59-1.
> TBOOT:   OK : 66 9d ba fb 9b b4 63 a5 c1 8d d9 86 55 fa 32 23 d6 7b 46
> 5d
> TBOOT: verifying module "/boot/initrd.img-2.6.38.8"...
>
> TBOOT:   OK : 90 a7 41 25 3a 20 20 8c a4 25 40 db 41 1a a6 79 73 91 7f
> c0
> TBOOT: all modules are verified
>
> TBOOT: pre_k_s3_state:
>
> TBOOT:   vtd_pmr_lo_base: 0x0
>
> TBOOT:   vtd_pmr_lo_size: 0xdb200000
>
> TBOOT:   vtd_pmr_hi_base: 0x100000000
>
> TBOOT:   vtd_pmr_hi_size: 0x18000000
>
> TBOOT:   pol_hash: ab 41 62 4e 7d 71 f0 68 d4 8e 1c 2f 43 e6 16 bf 40 67
> 1c 39
> TBOOT:   VL measurements:
>
> TBOOT:     PCR 17: 97 04 35 36 30 67 4b fe 21 b8 6b 64 a7 b0 f9 9c 29 7c
> f9 02
> TBOOT:     PCR 18: 66 9d ba fb 9b b4 63 a5 c1 8d d9 86 55 fa 32 23 d6 7b
> 46 5d
> TBOOT:     PCR 19: 90 a7 41 25 3a 20 20 8c a4 25 40 db 41 1a a6 79 73 91
> 7f c0
> TBOOT: PCRs before extending:
>
> TBOOT:   PCR 17: 34 29 5e 15 c7 90 b5 26 05 9c ad 1e 88 bb f8 60 11 6c
> 93 cf
> TBOOT:   PCR 18: ff ab b1 0c 60 a8 db 2a 63 e5 12 cb 3f 43 e0 d8 b9 14
> fa af
> TBOOT: PCRs after extending:
>
> TBOOT:   PCR 17: 4b fd 50 90 3b b4 6e 90 4e e4 61 c7 34 4a f7 2e c9 35
> 8f 63
> TBOOT:   PCR 18: 05 b6 88 7a 79 b8 e3 96 2a 97 c2 cc ad d6 25 7c d8 c3
> d8 dc
> TBOOT: tboot_shared data:
>
> TBOOT:   version: 5
>
> TBOOT:   log_addr: 0x00000000
>
> TBOOT:   shutdown_entry: 0x008031b0
>
> TBOOT:   shutdown_type: 0
>
> TBOOT:   tboot_base: 0x00803000
>
> TBOOT:   tboot_size: 0x16ade0
>
> TBOOT:   num_in_wfs: 3
>
> TBOOT: no LCP module found
>
> TBOOT: Error: ELF magic number is not matched.
>
> TBOOT: assuming kernel is Linux format
>
> TBOOT: Initrd from 0x7e838000 to 0x7ffff800
>
> TBOOT: Kernel (protected mode) from 0x1000000 to 0x140da70
>
> TBOOT: Kernel (real mode) from 0x8cb00 to 0x90500
>
> TBOOT: transfering control to kernel @0x1000000...
>
> TBOOT: VMXOFF done for cpu 4
>
> TBOOT: cpu 4 waking up, SIPI vector=93000
>
> TBOOT: VMXOFF done for cpu 1
>
> TBOOT: cpu 1 waking up, SIPI vector=93000
>
> TBOOT: VMXOFF done for cpu 5
>
> TBOOT: cpu 5 waking up, SIPI vector=93000
>
> </output>
>
>
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure contains a
> definitive record of customers, application performance, security
> threats, fraudulent activity and more. Splunk takes this data and makes
> sense of it. Business sense. IT sense. Common sense.
> http://p.sf.net/sfu/splunk-d2d-oct
> _______________________________________________
> flickertcb-devel mailing list
> fli...@li...
> https://lists.sourceforge.net/lists/listinfo/flickertcb-devel
>

[tboot-devel] Kernel symbol table seems changed when booting with tboot

[Rogan K. L. <cre...@gm...>]

Hi, list,

I am a newbie for tboot. As you can easily imagine, I've got an issue that
kernel symbol tables seems to be changed when booting with tboot. For
example, the addresses of init_uts_ns are different between /proc/kallsyms
and my System.map file.

* System.map
# cat /boot/System.map-2.6.32-202.el6.i686 | grep -w init_uts_ns
c0a2f380 D init_uts_ns

* kallsyms
# cat /proc/kallsyms | grep -w init_uts_ns
c122f380 D init_uts_ns

The gap is 0x800000 and it looks to match up with ptab_base. I am using the
System.map file to develop a custom tool so that this change could be a
problem. Is there anyone who can verify if it is expected result? Any
comment would be helpful.

Thanks in advance,
Rogan Kyuseok Lee

Re: [tboot-devel] [PATCH v2] ACPI S3 to work under Xen.

[Konrad R. W. <kon...@or...>]

On Thu, Sep 29, 2011 at 04:16:46PM -0400, Konrad Rzeszutek Wilk wrote:
> Attached is an [v2] set of patches to enable S3 to work with the Xen hypervisor.
> 
> Changes since the RFC posting [http://comments.gmane.org/gmane.linux.acpi.devel/50701] by
> Liang Tang:
>  - Per review comments added: __unused__ attribute, support for PM1A/B if more than 16-bit,
>    copyright/license.
>  - Added support for PHYSDEVOP_restore_msi_ext call.

Rafael, Len,

Any chance you could take look at the patches - the parts that touch the ACPI
generic components are couple of lines? Much appreciated.

Joseph was OK with the tboot sections.

Re: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45

[Michael N. <mik...@ho...>]

Yeah upgraded to the latest BIOS over the weekend and got the same result. 
My new Q67 system is working successfully, so I am giving up the Q45.
Thanks,-mike
From: jos...@in...
To: mik...@ho...; tbo...@li...
Subject: RE: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45
Date: Tue, 4 Oct 2011 20:25:33 +0000











>From the ERRORCODE value, this is a BIOS issue.  Have you verified that you have the latest BIOS version?
 
Joe
 



From: Michael Nelson [mailto:mik...@ho...]


Sent: Sunday, October 02, 2011 9:38 PM

To: Cihula, Joseph; tbo...@li...

Subject: RE: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45


 



Screen shots will have to do for now (txt-stat can't retrieve the tboot memory log and I can't find a null modem cable):


 


http://www.tnld.net/~mikenel/txt.html


 


I included the txt-stat log with the TXT.ERRORCODE as well.


 


Thanks,


-mike




From:
jos...@in...

To: mik...@ho...; 
tbo...@li...

Subject: RE: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45

Date: Sat, 1 Oct 2011 22:09:49 +0000

Hmm… I don’t see any posting from you after the one below.  But if you want to continue with this system, can you post your serial or memory log.
 
Joe
 



From: Michael Nelson
[mailto:mik...@ho...] 

Sent: Saturday, October 01, 2011 3:05 PM

To: Cihula, Joseph; tbo...@li...

Subject: RE: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45


 


In the case below, I wasn't passing any options in GRUB. As I noted in a later posting, I was able to get past the MLE error by doing a cold reboot after configuring things
 correctly.


 


Unfortunately now the machine reboots shortly after SENTER is called. Looking at the TXT error code on reboot, the progress code is 0xf and the error code is unlisted in sinit_errors.txt
 (can't remember the exact #). I looked around in the BIOS settings, but I don't see options that might help that situation.


 


I will be getting a Q67 system (Intel motherboard) next week, so hopefully I will have better luck with that.


 


Thanks for your help.


 


-mike


 





From:
jos...@in...

To: mik...@ho...; 
tbo...@li...

Subject: RE: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45

Date: Thu, 29 Sep 2011 17:49:08 +0000

You aren’t passing a command line string (-c “…”) to lcp_mlehash—is it the case that your grub.conf file doesn’t have any command line options for tboot?
 
Joe
 



From: Michael Nelson
[mailto:mik...@ho...] 

Sent: Tuesday, September 27, 2011 7:06 PM

To: tbo...@li...

Subject: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45


 


(Using tboot-1.6 + Q45_Q43_SINIT_19.BIN)


 


I am trying to get tboot working on a Dell Optiplex 960 and getting an "MLE measurement not in policy" (TXT ERRORCODE=0xc0003501) error. I've tried a number of different things
 but I am stuck at this point trying to figure out what's wrong. 


 


Here are the commands that I have run (after taking ownership and creating the NV storage):


 


lcp_mlehash /boot/tboot.gz > mlehash


lcp_crtpol -t hashonly -m mle_hash -o lcp.pol


lcp_writepol -i owner -f lcp.pol -p password


 


I have also configured the tboot policy with tb_polgen (which tboot summarizes during bootup), but I don't think I am getting far enough for that to be relevant yet.


 


Any help would be appreciated.


 




Thanks,


-mike




 













 		 	   		  

Re: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45

[Cihula, J. <jos...@in...>]

>From the ERRORCODE value, this is a BIOS issue.  Have you verified that you have the latest BIOS version?

Joe

From: Michael Nelson [mailto:mik...@ho...]
Sent: Sunday, October 02, 2011 9:38 PM
To: Cihula, Joseph; tbo...@li...
Subject: RE: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45

Screen shots will have to do for now (txt-stat can't retrieve the tboot memory log and I can't find a null modem cable):

http://www.tnld.net/~mikenel/txt.html

I included the txt-stat log with the TXT.ERRORCODE as well.

Thanks,
-mike
________________________________
From: jos...@in...<mailto:jos...@in...>
To: mik...@ho...<mailto:mik...@ho...>; tbo...@li...<mailto:tbo...@li...>
Subject: RE: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45
Date: Sat, 1 Oct 2011 22:09:49 +0000
Hmm... I don't see any posting from you after the one below.  But if you want to continue with this system, can you post your serial or memory log.

Joe

From: Michael Nelson [mailto:mik...@ho...]<mailto:[mailto:mik...@ho...]>
Sent: Saturday, October 01, 2011 3:05 PM
To: Cihula, Joseph; tbo...@li...<mailto:tbo...@li...>
Subject: RE: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45

In the case below, I wasn't passing any options in GRUB. As I noted in a later posting, I was able to get past the MLE error by doing a cold reboot after configuring things correctly.

Unfortunately now the machine reboots shortly after SENTER is called. Looking at the TXT error code on reboot, the progress code is 0xf and the error code is unlisted in sinit_errors.txt (can't remember the exact #). I looked around in the BIOS settings, but I don't see options that might help that situation.

I will be getting a Q67 system (Intel motherboard) next week, so hopefully I will have better luck with that.

Thanks for your help.

-mike

________________________________
From: jos...@in...<mailto:jos...@in...>
To: mik...@ho...<mailto:mik...@ho...>; tbo...@li...<mailto:tbo...@li...>
Subject: RE: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45
Date: Thu, 29 Sep 2011 17:49:08 +0000
You aren't passing a command line string (-c "...") to lcp_mlehash-is it the case that your grub.conf file doesn't have any command line options for tboot?

Joe

From: Michael Nelson [mailto:mik...@ho...]<mailto:[mailto:mik...@ho...]>
Sent: Tuesday, September 27, 2011 7:06 PM
To: tbo...@li...<mailto:tbo...@li...>
Subject: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45

(Using tboot-1.6 + Q45_Q43_SINIT_19.BIN)

I am trying to get tboot working on a Dell Optiplex 960 and getting an "MLE measurement not in policy" (TXT ERRORCODE=0xc0003501) error. I've tried a number of different things but I am stuck at this point trying to figure out what's wrong.

Here are the commands that I have run (after taking ownership and creating the NV storage):

lcp_mlehash /boot/tboot.gz > mlehash
lcp_crtpol -t hashonly -m mle_hash -o lcp.pol
lcp_writepol -i owner -f lcp.pol -p password

I have also configured the tboot policy with tb_polgen (which tboot summarizes during bootup), but I don't think I am getting far enough for that to be relevant yet.

Any help would be appreciated.

Thanks,
-mike

Re: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45

[Michael N. <mik...@ho...>]

Screen shots will have to do for now (txt-stat can't retrieve the tboot memory log and I can't find a null modem cable):
http://www.tnld.net/~mikenel/txt.html
I included the txt-stat log with the TXT.ERRORCODE as well.
Thanks,-mike

From: jos...@in...
To: mik...@ho...; tbo...@li...
Subject: RE: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45
Date: Sat, 1 Oct 2011 22:09:49 +0000











Hmm… I don’t see any posting from you after the one below.  But if you want to continue with this system, can you post your serial or memory log.
 
Joe
 



From: Michael Nelson [mailto:mik...@ho...]


Sent: Saturday, October 01, 2011 3:05 PM

To: Cihula, Joseph; tbo...@li...

Subject: RE: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45


 


In the case below, I wasn't passing any options in GRUB. As I noted in a later posting, I was able to get past the MLE error by doing a cold reboot after configuring things
 correctly.


 


Unfortunately now the machine reboots shortly after SENTER is called. Looking at the TXT error code on reboot, the progress code is 0xf and the error code is unlisted in sinit_errors.txt
 (can't remember the exact #). I looked around in the BIOS settings, but I don't see options that might help that situation.


 


I will be getting a Q67 system (Intel motherboard) next week, so hopefully I will have better luck with that.


 


Thanks for your help.


 


-mike


 





From:
jos...@in...

To: mik...@ho...; 
tbo...@li...

Subject: RE: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45

Date: Thu, 29 Sep 2011 17:49:08 +0000

You aren’t passing a command line string (-c “…”) to lcp_mlehash—is it the case that your grub.conf file doesn’t have any command line options for tboot?
 
Joe
 



From: Michael Nelson
[mailto:mik...@ho...] 

Sent: Tuesday, September 27, 2011 7:06 PM

To: tbo...@li...

Subject: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45


 


(Using tboot-1.6 + Q45_Q43_SINIT_19.BIN)


 


I am trying to get tboot working on a Dell Optiplex 960 and getting an "MLE measurement not in policy" (TXT ERRORCODE=0xc0003501) error. I've tried a number of different things
 but I am stuck at this point trying to figure out what's wrong. 


 


Here are the commands that I have run (after taking ownership and creating the NV storage):


 


lcp_mlehash /boot/tboot.gz > mlehash


lcp_crtpol -t hashonly -m mle_hash -o lcp.pol


lcp_writepol -i owner -f lcp.pol -p password


 


I have also configured the tboot policy with tb_polgen (which tboot summarizes during bootup), but I don't think I am getting far enough for that to be relevant yet.


 


Any help would be appreciated.


 




Thanks,


-mike




 







 		 	   		  

Re: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45

[Cihula, J. <jos...@in...>]

Hmm... I don't see any posting from you after the one below.  But if you want to continue with this system, can you post your serial or memory log.

Joe

From: Michael Nelson [mailto:mik...@ho...]
Sent: Saturday, October 01, 2011 3:05 PM
To: Cihula, Joseph; tbo...@li...
Subject: RE: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45

In the case below, I wasn't passing any options in GRUB. As I noted in a later posting, I was able to get past the MLE error by doing a cold reboot after configuring things correctly.

Unfortunately now the machine reboots shortly after SENTER is called. Looking at the TXT error code on reboot, the progress code is 0xf and the error code is unlisted in sinit_errors.txt (can't remember the exact #). I looked around in the BIOS settings, but I don't see options that might help that situation.

I will be getting a Q67 system (Intel motherboard) next week, so hopefully I will have better luck with that.

Thanks for your help.

-mike

________________________________
From: jos...@in...<mailto:jos...@in...>
To: mik...@ho...<mailto:mik...@ho...>; tbo...@li...<mailto:tbo...@li...>
Subject: RE: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45
Date: Thu, 29 Sep 2011 17:49:08 +0000
You aren't passing a command line string (-c "...") to lcp_mlehash-is it the case that your grub.conf file doesn't have any command line options for tboot?

Joe

From: Michael Nelson [mailto:mik...@ho...]<mailto:[mailto:mik...@ho...]>
Sent: Tuesday, September 27, 2011 7:06 PM
To: tbo...@li...<mailto:tbo...@li...>
Subject: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45

(Using tboot-1.6 + Q45_Q43_SINIT_19.BIN)

I am trying to get tboot working on a Dell Optiplex 960 and getting an "MLE measurement not in policy" (TXT ERRORCODE=0xc0003501) error. I've tried a number of different things but I am stuck at this point trying to figure out what's wrong.

Here are the commands that I have run (after taking ownership and creating the NV storage):

lcp_mlehash /boot/tboot.gz > mlehash
lcp_crtpol -t hashonly -m mle_hash -o lcp.pol
lcp_writepol -i owner -f lcp.pol -p password

I have also configured the tboot policy with tb_polgen (which tboot summarizes during bootup), but I don't think I am getting far enough for that to be relevant yet.

Any help would be appreciated.

Thanks,
-mike

Re: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45

[Michael N. <mik...@ho...>]

In the case below, I wasn't passing any options in GRUB. As I noted in a later posting, I was able to get past the MLE error by doing a cold reboot after configuring things correctly.
Unfortunately now the machine reboots shortly after SENTER is called. Looking at the TXT error code on reboot, the progress code is 0xf and the error code is unlisted in sinit_errors.txt (can't remember the exact #). I looked around in the BIOS settings, but I don't see options that might help that situation.
I will be getting a Q67 system (Intel motherboard) next week, so hopefully I will have better luck with that.
Thanks for your help.
-mike
From: jos...@in...
To: mik...@ho...; tbo...@li...
Subject: RE: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45
Date: Thu, 29 Sep 2011 17:49:08 +0000











You aren’t passing a command line string (-c “…”) to lcp_mlehash—is it the case that your grub.conf file doesn’t have any command line options for tboot?
 
Joe
 



From: Michael Nelson [mailto:mik...@ho...]


Sent: Tuesday, September 27, 2011 7:06 PM

To: tbo...@li...

Subject: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45


 


(Using tboot-1.6 + Q45_Q43_SINIT_19.BIN)


 


I am trying to get tboot working on a Dell Optiplex 960 and getting an "MLE measurement not in policy" (TXT ERRORCODE=0xc0003501) error. I've tried a number of different things
 but I am stuck at this point trying to figure out what's wrong. 


 


Here are the commands that I have run (after taking ownership and creating the NV storage):


 


lcp_mlehash /boot/tboot.gz > mlehash


lcp_crtpol -t hashonly -m mle_hash -o lcp.pol


lcp_writepol -i owner -f lcp.pol -p password


 


I have also configured the tboot policy with tb_polgen (which tboot summarizes during bootup), but I don't think I am getting far enough for that to be relevant yet.


 


Any help would be appreciated.


 




Thanks,


-mike




 



 		 	   		  

Re: [tboot-devel] [PATCH 3/8] x86/acpi/sleep: Provide registration for acpi_suspend_lowlevel.

[Cihula, J. <jos...@in...>]

ACK

> -----Original Message-----
> From: Konrad Rzeszutek Wilk [mailto:kon...@or...]
> Sent: Thursday, September 29, 2011 1:17 PM
> To: lin...@vg...; rj...@si...; tg...@li...; hp...@zy...; x8...@ke...;
> Brown, Len; Cihula, Joseph; Wang, Shane; xen...@li...; lin...@li...-
> foundation.org; tbo...@li...; lin...@vg...;
> lia...@or...; Yu, Ke; Tian, Kevin; je...@go...
> Cc: Konrad Rzeszutek Wilk
> Subject: [PATCH 3/8] x86/acpi/sleep: Provide registration for acpi_suspend_lowlevel.
> 
> From: Liang Tang <lia...@or...>
> 
> Which by default will be x86_acpi_suspend_lowlevel.
> This registration allows us to register another callback if there is a need to use another
> platform specific callback.
> 
> CC: Thomas Gleixner <tg...@li...>
> CC: "H. Peter Anvin" <hp...@zy...>
> CC: x8...@ke...
> CC: Len Brown <len...@in...>
> CC: Joseph Cihula <jos...@in...>
> CC: Shane Wang <sha...@in...>
> CC: lin...@li...
> CC: lin...@vg...
> CC: Len Brown <len...@in...>
> Signed-off-by: Konrad Rzeszutek Wilk <kon...@or...>
> Signed-off-by: Liang Tang <lia...@or...>
> ---
>  arch/x86/include/asm/acpi.h  |    2 +-
>  arch/x86/kernel/acpi/boot.c  |    2 ++
>  arch/x86/kernel/acpi/sleep.c |    4 ++--
>  arch/x86/kernel/acpi/sleep.h |    2 ++
>  drivers/acpi/sleep.c         |    2 ++
>  5 files changed, 9 insertions(+), 3 deletions(-)
> 
> diff --git a/arch/x86/include/asm/acpi.h b/arch/x86/include/asm/acpi.h index 0a46696..9b538dc
> 100644
> --- a/arch/x86/include/asm/acpi.h
> +++ b/arch/x86/include/asm/acpi.h
> @@ -119,7 +119,7 @@ static inline void acpi_disable_pci(void)  }
> 
>  /* Low-level suspend routine. */
> -extern int acpi_suspend_lowlevel(void);
> +extern int (*acpi_suspend_lowlevel)(void);
> 
>  extern const unsigned char acpi_wakeup_code[];  #define acpi_wakeup_address
> (__pa(TRAMPOLINE_SYM(acpi_wakeup_code)))
> diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c index 7f30806..ddd081b
> 100644
> --- a/arch/x86/kernel/acpi/boot.c
> +++ b/arch/x86/kernel/acpi/boot.c
> @@ -44,6 +44,7 @@
>  #include <asm/mpspec.h>
>  #include <asm/smp.h>
> 
> +#include "sleep.h" /* To include x86_acpi_suspend_lowlevel */
>  static int __initdata acpi_force = 0;
>  u32 acpi_rsdt_forced;
>  int acpi_disabled;
> @@ -556,6 +557,7 @@ int (*__acpi_override_sleep)(u8 sleep_state, u32 pm1a_ctrl,
>  			     u32 pm1b_ctrl, bool *skip_rest) \
>  			   __attribute__ ((unused)) = NULL;
> 
> +int (*acpi_suspend_lowlevel)(void) = x86_acpi_suspend_lowlevel;
>  /*
>   * success: return IRQ number (>=0)
>   * failure: return < 0
> diff --git a/arch/x86/kernel/acpi/sleep.c b/arch/x86/kernel/acpi/sleep.c index 103b6ab..4d2d0b1
> 100644
> --- a/arch/x86/kernel/acpi/sleep.c
> +++ b/arch/x86/kernel/acpi/sleep.c
> @@ -25,12 +25,12 @@ static char temp_stack[4096];  #endif
> 
>  /**
> - * acpi_suspend_lowlevel - save kernel state
> + * x86_acpi_suspend_lowlevel - save kernel state
>   *
>   * Create an identity mapped page table and copy the wakeup routine to
>   * low memory.
>   */
> -int acpi_suspend_lowlevel(void)
> +int x86_acpi_suspend_lowlevel(void)
>  {
>  	struct wakeup_header *header;
>  	/* address in low memory of the wakeup routine. */ diff --git a/arch/x86/kernel/acpi/sleep.h
> b/arch/x86/kernel/acpi/sleep.h index 416d4be..4d3feb5 100644
> --- a/arch/x86/kernel/acpi/sleep.h
> +++ b/arch/x86/kernel/acpi/sleep.h
> @@ -13,3 +13,5 @@ extern unsigned long acpi_copy_wakeup_routine(unsigned long);  extern void
> wakeup_long64(void);
> 
>  extern void do_suspend_lowlevel(void);
> +
> +extern int x86_acpi_suspend_lowlevel(void);
> diff --git a/drivers/acpi/sleep.c b/drivers/acpi/sleep.c index 3ed80b2..3570c00 100644
> --- a/drivers/acpi/sleep.c
> +++ b/drivers/acpi/sleep.c
> @@ -254,6 +254,8 @@ static int acpi_suspend_enter(suspend_state_t pm_state)
>  		break;
> 
>  	case ACPI_STATE_S3:
> +		if (!acpi_suspend_lowlevel)
> +			return -ENODEV;
>  		error = acpi_suspend_lowlevel();
>  		if (error)
>  			return error;
> --
> 1.7.4.1

Re: [tboot-devel] [PATCH 2/8] x86, acpi, tboot: Have a ACPI sleep override instead of calling tboot_sleep.

[Cihula, J. <jos...@in...>]

ACK.

> -----Original Message-----
> From: Konrad Rzeszutek Wilk [mailto:kon...@or...]
> Sent: Thursday, September 29, 2011 1:17 PM
> To: lin...@vg...; rj...@si...; tg...@li...; hp...@zy...; x8...@ke...;
> Brown, Len; Cihula, Joseph; Wang, Shane; xen...@li...; lin...@li...-
> foundation.org; tbo...@li...; lin...@vg...;
> lia...@or...; Yu, Ke; Tian, Kevin; je...@go...
> Cc: Konrad Rzeszutek Wilk
> Subject: [PATCH 2/8] x86, acpi, tboot: Have a ACPI sleep override instead of calling tboot_sleep.
> 
> The ACPI suspend path makes a call to tboot_sleep right before it writes the PM1A, PM1B values. We
> replace the direct call to tboot via an registration callback similar to __acpi_register_gsi.
> 
> CC: Thomas Gleixner <tg...@li...>
> CC: "H. Peter Anvin" <hp...@zy...>
> CC: x8...@ke...
> CC: Len Brown <len...@in...>
> CC: Joseph Cihula <jos...@in...>
> CC: Shane Wang <sha...@in...>
> CC: xen...@li...
> CC: lin...@li...
> CC: tbo...@li...
> CC: lin...@vg...
> [v1: Added __attribute__ ((unused))]
> Signed-off-by: Konrad Rzeszutek Wilk <kon...@or...>
> ---
>  arch/x86/include/asm/acpi.h   |    4 ++++
>  arch/x86/kernel/acpi/boot.c   |    4 ++++
>  arch/x86/kernel/tboot.c       |   14 ++++++++++----
>  drivers/acpi/acpica/hwsleep.c |   12 ++++++++++--
>  include/linux/tboot.h         |    3 ++-
>  5 files changed, 30 insertions(+), 7 deletions(-)
> 
> diff --git a/arch/x86/include/asm/acpi.h b/arch/x86/include/asm/acpi.h index 610001d..0a46696
> 100644
> --- a/arch/x86/include/asm/acpi.h
> +++ b/arch/x86/include/asm/acpi.h
> @@ -98,6 +98,10 @@ void acpi_pic_sci_set_trigger(unsigned int, u16);  extern int
> (*__acpi_register_gsi)(struct device *dev, u32 gsi,
>  				  int trigger, int polarity);
> 
> +extern int (*__acpi_override_sleep)(u8 sleep_state, u32 pm1a_ctrl,
> +				    u32 pm1b_ctrl, bool *skip_rest) \
> +				    __attribute__ ((unused));
> +
>  static inline void disable_acpi(void)
>  {
>  	acpi_disabled = 1;
> diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c index 4558f0d..7f30806
> 100644
> --- a/arch/x86/kernel/acpi/boot.c
> +++ b/arch/x86/kernel/acpi/boot.c
> @@ -552,6 +552,10 @@ static int acpi_register_gsi_ioapic(struct device *dev, u32 gsi,  int
> (*__acpi_register_gsi)(struct device *dev, u32 gsi,
>  			   int trigger, int polarity) = acpi_register_gsi_pic;
> 
> +int (*__acpi_override_sleep)(u8 sleep_state, u32 pm1a_ctrl,
> +			     u32 pm1b_ctrl, bool *skip_rest) \
> +			   __attribute__ ((unused)) = NULL;
> +
>  /*
>   * success: return IRQ number (>=0)
>   * failure: return < 0
> diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c index e07a2fc..a6c0a30 100644
> --- a/arch/x86/kernel/tboot.c
> +++ b/arch/x86/kernel/tboot.c
> @@ -42,7 +42,7 @@
>  #include <asm/setup.h>
>  #include <asm/e820.h>
>  #include <asm/io.h>
> -
> +#include <linux/acpi.h>
>  #include "acpi/realmode/wakeup.h"
> 
>  /* Global pointer to shared data; NULL means no measured launch. */ @@ -271,7 +271,9 @@ static
> void tboot_copy_fadt(const struct acpi_table_fadt *fadt)
>  		offsetof(struct acpi_table_facs, firmware_waking_vector);  }
> 
> -void tboot_sleep(u8 sleep_state, u32 pm1a_control, u32 pm1b_control)
> +
> +int tboot_sleep(u8 sleep_state, u32 pm1a_control, u32 pm1b_control,
> +		bool *skip_rest)
>  {
>  	static u32 acpi_shutdown_map[ACPI_S_STATE_COUNT] = {
>  		/* S0,1,2: */ -1, -1, -1,
> @@ -280,7 +282,7 @@ void tboot_sleep(u8 sleep_state, u32 pm1a_control, u32 pm1b_control)
>  		/* S5: */ TB_SHUTDOWN_S5 };
> 
>  	if (!tboot_enabled())
> -		return;
> +		return AE_OK;
> 
>  	tboot_copy_fadt(&acpi_gbl_FADT);
>  	tboot->acpi_sinfo.pm1a_cnt_val = pm1a_control; @@ -291,10 +293,12 @@ void tboot_sleep(u8
> sleep_state, u32 pm1a_control, u32 pm1b_control)
>  	if (sleep_state >= ACPI_S_STATE_COUNT ||
>  	    acpi_shutdown_map[sleep_state] == -1) {
>  		pr_warning("unsupported sleep state 0x%x\n", sleep_state);
> -		return;
> +		return AE_ERROR;
>  	}
> 
>  	tboot_shutdown(acpi_shutdown_map[sleep_state]);
> +
> +	return AE_OK;
>  }
> 
>  static atomic_t ap_wfs_count;
> @@ -344,6 +348,8 @@ static __init int tboot_late_init(void)
> 
>  	atomic_set(&ap_wfs_count, 0);
>  	register_hotcpu_notifier(&tboot_cpu_notifier);
> +
> +	__acpi_override_sleep = tboot_sleep;
>  	return 0;
>  }
> 
> diff --git a/drivers/acpi/acpica/hwsleep.c b/drivers/acpi/acpica/hwsleep.c index 2ac28bb..31d1198
> 100644
> --- a/drivers/acpi/acpica/hwsleep.c
> +++ b/drivers/acpi/acpica/hwsleep.c
> @@ -45,7 +45,6 @@
>  #include <acpi/acpi.h>
>  #include "accommon.h"
>  #include "actables.h"
> -#include <linux/tboot.h>
> 
>  #define _COMPONENT          ACPI_HARDWARE
>  ACPI_MODULE_NAME("hwsleep")
> @@ -343,8 +342,17 @@ acpi_status asmlinkage acpi_enter_sleep_state(u8 sleep_state)
> 
>  	ACPI_FLUSH_CPU_CACHE();
> 
> -	tboot_sleep(sleep_state, pm1a_control, pm1b_control);
> +	if (__acpi_override_sleep) {
> +		bool skip_rest = false;
> 
> +		status = __acpi_override_sleep(sleep_state, pm1a_control,
> +					       pm1b_control, &skip_rest);
> +
> +		if (ACPI_FAILURE(status))
> +			return_ACPI_STATUS(status);
> +		if (skip_rest)
> +			return_ACPI_STATUS(AE_OK);
> +	}
>  	/* Write #2: Write both SLP_TYP + SLP_EN */
> 
>  	status = acpi_hw_write_pm1_control(pm1a_control, pm1b_control); diff --git
> a/include/linux/tboot.h b/include/linux/tboot.h index 1dba6ee..1216698 100644
> --- a/include/linux/tboot.h
> +++ b/include/linux/tboot.h
> @@ -143,7 +143,8 @@ static inline int tboot_enabled(void)
> 
>  extern void tboot_probe(void);
>  extern void tboot_shutdown(u32 shutdown_type); -extern void tboot_sleep(u8 sleep_state, u32
> pm1a_control, u32 pm1b_control);
> +extern int tboot_sleep(u8 sleep_state, u32 pm1a_control, u32 pm1b_control,
> +		       bool *skip_rest)  __attribute__ ((unused));
>  extern struct acpi_table_header *tboot_get_dmar_table(
>  				      struct acpi_table_header *dmar_tbl);  extern int
> tboot_force_iommu(void);
> --
> 1.7.4.1

[tboot-devel] [PATCH 6/8] xen/acpi/sleep: Enable ACPI sleep via the __acpi_override_sleep

[Konrad R. W. <kon...@or...>]

Provide the registration callback to call in the Xen's
ACPI sleep functionality. This means that during S3/S5
we make a hypercall XENPF_enter_acpi_sleep with the
proper PM1A/PM1B registers.

Based of Ke Yu's <ke...@in...> initial idea.
[ From http://xenbits.xensource.com/linux-2.6.18-xen.hg
change c68699484a65 ]

[v1: Added Copyright and license]
[v2: Added check if PM1A/B the 16-bits MSB contain something. The spec
     only uses 16-bits but might have more in future]
Signed-off-by: Liang Tang <lia...@or...>
Signed-off-by: Konrad Rzeszutek Wilk <kon...@or...>
---
 arch/x86/include/asm/xen/hypercall.h |    8 ++++
 arch/x86/xen/enlighten.c             |    3 ++
 drivers/xen/Makefile                 |    2 +-
 drivers/xen/acpi.c                   |   65 ++++++++++++++++++++++++++++++++++
 include/xen/acpi.h                   |   58 ++++++++++++++++++++++++++++++
 5 files changed, 135 insertions(+), 1 deletions(-)
 create mode 100644 drivers/xen/acpi.c
 create mode 100644 include/xen/acpi.h

diff --git a/arch/x86/include/asm/xen/hypercall.h b/arch/x86/include/asm/xen/hypercall.h
index 417777d..5728852 100644
--- a/arch/x86/include/asm/xen/hypercall.h
+++ b/arch/x86/include/asm/xen/hypercall.h
@@ -47,6 +47,7 @@
 #include <xen/interface/xen.h>
 #include <xen/interface/sched.h>
 #include <xen/interface/physdev.h>
+#include <xen/interface/platform.h>
 
 /*
  * The hypercall asms have to meet several constraints:
@@ -301,6 +302,13 @@ HYPERVISOR_set_timer_op(u64 timeout)
 }
 
 static inline int
+HYPERVISOR_dom0_op(struct xen_platform_op *platform_op)
+{
+	platform_op->interface_version = XENPF_INTERFACE_VERSION;
+	return _hypercall1(int, dom0_op, platform_op);
+}
+
+static inline int
 HYPERVISOR_set_debugreg(int reg, unsigned long value)
 {
 	return _hypercall2(int, set_debugreg, reg, value);
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
index 2d69617..9306320 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -42,6 +42,7 @@
 #include <xen/page.h>
 #include <xen/hvm.h>
 #include <xen/hvc-console.h>
+#include <xen/acpi.h>
 
 #include <asm/paravirt.h>
 #include <asm/apic.h>
@@ -1276,6 +1277,8 @@ asmlinkage void __init xen_start_kernel(void)
 
 		/* Make sure ACS will be enabled */
 		pci_request_acs();
+
+		xen_acpi_sleep_register();
 	}
 		
 
diff --git a/drivers/xen/Makefile b/drivers/xen/Makefile
index 72bbb27..6539673 100644
--- a/drivers/xen/Makefile
+++ b/drivers/xen/Makefile
@@ -17,7 +17,7 @@ obj-$(CONFIG_XEN_SYS_HYPERVISOR)	+= sys-hypervisor.o
 obj-$(CONFIG_XEN_PLATFORM_PCI)		+= xen-platform-pci.o
 obj-$(CONFIG_XEN_TMEM)			+= tmem.o
 obj-$(CONFIG_SWIOTLB_XEN)		+= swiotlb-xen.o
-obj-$(CONFIG_XEN_DOM0)			+= pci.o
+obj-$(CONFIG_XEN_DOM0)			+= pci.o acpi.o
 obj-$(CONFIG_XEN_PCIDEV_BACKEND)	+= xen-pciback/
 
 xen-evtchn-y				:= evtchn.o
diff --git a/drivers/xen/acpi.c b/drivers/xen/acpi.c
new file mode 100644
index 0000000..ba9a5d2
--- /dev/null
+++ b/drivers/xen/acpi.c
@@ -0,0 +1,65 @@
+/******************************************************************************
+ * acpi.c
+ * acpi file for domain 0 kernel
+ *
+ * Copyright (c) 2011 Konrad Rzeszutek Wilk <kon...@or...>
+ * Copyright (c) 2011 Yu Ke ke...@in...
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation; or, when distributed
+ * separately from the Linux kernel or incorporated into other
+ * software packages, subject to the following license:
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this source file (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy, modify,
+ * merge, publish, distribute, sublicense, and/or sell copies of the Software,
+ * and to permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ */
+
+#include <xen/acpi.h>
+#include <xen/interface/platform.h>
+#include <asm/xen/hypercall.h>
+#include <asm/xen/hypervisor.h>
+
+int xen_acpi_notify_hypervisor_state(u8 sleep_state,
+				     u32 pm1a_cnt, u32 pm1b_cnt,
+				     bool *skip_rest)
+{
+	struct xen_platform_op op = {
+		.cmd = XENPF_enter_acpi_sleep,
+		.interface_version = XENPF_INTERFACE_VERSION,
+		.u = {
+			.enter_acpi_sleep = {
+				.pm1a_cnt_val = (u16)pm1a_cnt,
+				.pm1b_cnt_val = (u16)pm1b_cnt,
+				.sleep_state = sleep_state,
+			},
+		},
+	};
+
+	if ((pm1a_cnt & 0xffff0000) || (pm1b_cnt & 0xffff0000)) {
+		WARN(1, "Using more than 16bits of PM1A/B 0x%x/0x%x!"
+		     "Email xen...@li...  Thank you.\n", \
+		     pm1a_cnt, pm1b_cnt);
+		return AE_ERROR;
+	}
+
+	if (skip_rest)
+		*skip_rest = true;
+
+	return HYPERVISOR_dom0_op(&op);
+}
diff --git a/include/xen/acpi.h b/include/xen/acpi.h
new file mode 100644
index 0000000..c981887
--- /dev/null
+++ b/include/xen/acpi.h
@@ -0,0 +1,58 @@
+/******************************************************************************
+ * acpi.h
+ * acpi file for domain 0 kernel
+ *
+ * Copyright (c) 2011 Konrad Rzeszutek Wilk <kon...@or...>
+ * Copyright (c) 2011 Yu Ke <ke...@in...>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation; or, when distributed
+ * separately from the Linux kernel or incorporated into other
+ * software packages, subject to the following license:
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this source file (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy, modify,
+ * merge, publish, distribute, sublicense, and/or sell copies of the Software,
+ * and to permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ */
+
+#ifndef _XEN_ACPI_H
+#define _XEN_ACPI_H
+
+#include <linux/types.h>
+
+#ifdef CONFIG_XEN_DOM0
+#include <asm/xen/hypervisor.h>
+#include <xen/xen.h>
+#include <linux/acpi.h>
+
+int xen_acpi_notify_hypervisor_state(u8 sleep_state,
+				     u32 pm1a_cnt, u32 pm1b_cnd,
+				     bool *skip_rest);
+
+static inline void xen_acpi_sleep_register(void)
+{
+	if (xen_initial_domain())
+		__acpi_override_sleep = xen_acpi_notify_hypervisor_state;
+}
+#else
+static inline void xen_acpi_sleep_register(void)
+{
+}
+#endif
+
+#endif	/* _XEN_ACPI_H */
-- 
1.7.4.1

[tboot-devel] [PATCH 5/8] xen/acpi: Domain0 acpi parser related platform hypercall

[Konrad R. W. <kon...@or...>]

From: Yu Ke <ke...@in...>

This patches implements the xen_platform_op hypercall, to pass the parsed
ACPI info to hypervisor.

Signed-off-by: Yu Ke <ke...@in...>
Signed-off-by: Tian Kevin <kev...@in...>
Signed-off-by: Jeremy Fitzhardinge <jer...@ci...>
[v1: Added DEFINE_GUEST.. in appropiate headers]
[v2: Ripped out typedefs]
Signed-off-by: Konrad Rzeszutek Wilk <kon...@or...>
---
 arch/ia64/include/asm/xen/interface.h |    1 +
 arch/x86/include/asm/xen/interface.h  |    1 +
 include/xen/interface/platform.h      |  320 +++++++++++++++++++++++++++++++++
 include/xen/interface/xen.h           |    1 +
 4 files changed, 323 insertions(+), 0 deletions(-)
 create mode 100644 include/xen/interface/platform.h

diff --git a/arch/ia64/include/asm/xen/interface.h b/arch/ia64/include/asm/xen/interface.h
index e951e74..1d2427d 100644
--- a/arch/ia64/include/asm/xen/interface.h
+++ b/arch/ia64/include/asm/xen/interface.h
@@ -76,6 +76,7 @@ DEFINE_GUEST_HANDLE(char);
 DEFINE_GUEST_HANDLE(int);
 DEFINE_GUEST_HANDLE(long);
 DEFINE_GUEST_HANDLE(void);
+DEFINE_GUEST_HANDLE(uint64_t);
 
 typedef unsigned long xen_pfn_t;
 DEFINE_GUEST_HANDLE(xen_pfn_t);
diff --git a/arch/x86/include/asm/xen/interface.h b/arch/x86/include/asm/xen/interface.h
index 5d4922a..a1f2db5 100644
--- a/arch/x86/include/asm/xen/interface.h
+++ b/arch/x86/include/asm/xen/interface.h
@@ -55,6 +55,7 @@ DEFINE_GUEST_HANDLE(char);
 DEFINE_GUEST_HANDLE(int);
 DEFINE_GUEST_HANDLE(long);
 DEFINE_GUEST_HANDLE(void);
+DEFINE_GUEST_HANDLE(uint64_t);
 #endif
 
 #ifndef HYPERVISOR_VIRT_START
diff --git a/include/xen/interface/platform.h b/include/xen/interface/platform.h
new file mode 100644
index 0000000..c168468
--- /dev/null
+++ b/include/xen/interface/platform.h
@@ -0,0 +1,320 @@
+/******************************************************************************
+ * platform.h
+ *
+ * Hardware platform operations. Intended for use by domain-0 kernel.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ * Copyright (c) 2002-2006, K Fraser
+ */
+
+#ifndef __XEN_PUBLIC_PLATFORM_H__
+#define __XEN_PUBLIC_PLATFORM_H__
+
+#include "xen.h"
+
+#define XENPF_INTERFACE_VERSION 0x03000001
+
+/*
+ * Set clock such that it would read <secs,nsecs> after 00:00:00 UTC,
+ * 1 January, 1970 if the current system time was <system_time>.
+ */
+#define XENPF_settime             17
+struct xenpf_settime {
+	/* IN variables. */
+	uint32_t secs;
+	uint32_t nsecs;
+	uint64_t system_time;
+};
+DEFINE_GUEST_HANDLE_STRUCT(xenpf_settime_t);
+
+/*
+ * Request memory range (@mfn, @mfn+@nr_mfns-1) to have type @type.
+ * On x86, @type is an architecture-defined MTRR memory type.
+ * On success, returns the MTRR that was used (@reg) and a handle that can
+ * be passed to XENPF_DEL_MEMTYPE to accurately tear down the new setting.
+ * (x86-specific).
+ */
+#define XENPF_add_memtype         31
+struct xenpf_add_memtype {
+	/* IN variables. */
+	unsigned long mfn;
+	uint64_t nr_mfns;
+	uint32_t type;
+	/* OUT variables. */
+	uint32_t handle;
+	uint32_t reg;
+};
+DEFINE_GUEST_HANDLE_STRUCT(xenpf_add_memtype_t);
+
+/*
+ * Tear down an existing memory-range type. If @handle is remembered then it
+ * should be passed in to accurately tear down the correct setting (in case
+ * of overlapping memory regions with differing types). If it is not known
+ * then @handle should be set to zero. In all cases @reg must be set.
+ * (x86-specific).
+ */
+#define XENPF_del_memtype         32
+struct xenpf_del_memtype {
+	/* IN variables. */
+	uint32_t handle;
+	uint32_t reg;
+};
+DEFINE_GUEST_HANDLE_STRUCT(xenpf_del_memtype_t);
+
+/* Read current type of an MTRR (x86-specific). */
+#define XENPF_read_memtype        33
+struct xenpf_read_memtype {
+	/* IN variables. */
+	uint32_t reg;
+	/* OUT variables. */
+	unsigned long mfn;
+	uint64_t nr_mfns;
+	uint32_t type;
+};
+DEFINE_GUEST_HANDLE_STRUCT(xenpf_read_memtype_t);
+
+#define XENPF_microcode_update    35
+struct xenpf_microcode_update {
+	/* IN variables. */
+	GUEST_HANDLE(void) data;          /* Pointer to microcode data */
+	uint32_t length;                  /* Length of microcode data. */
+};
+DEFINE_GUEST_HANDLE_STRUCT(xenpf_microcode_update_t);
+
+#define XENPF_platform_quirk      39
+#define QUIRK_NOIRQBALANCING      1 /* Do not restrict IO-APIC RTE targets */
+#define QUIRK_IOAPIC_BAD_REGSEL   2 /* IO-APIC REGSEL forgets its value    */
+#define QUIRK_IOAPIC_GOOD_REGSEL  3 /* IO-APIC REGSEL behaves properly     */
+struct xenpf_platform_quirk {
+	/* IN variables. */
+	uint32_t quirk_id;
+};
+DEFINE_GUEST_HANDLE_STRUCT(xenpf_platform_quirk_t);
+
+#define XENPF_firmware_info       50
+#define XEN_FW_DISK_INFO          1 /* from int 13 AH=08/41/48 */
+#define XEN_FW_DISK_MBR_SIGNATURE 2 /* from MBR offset 0x1b8 */
+#define XEN_FW_VBEDDC_INFO        3 /* from int 10 AX=4f15 */
+struct xenpf_firmware_info {
+	/* IN variables. */
+	uint32_t type;
+	uint32_t index;
+	/* OUT variables. */
+	union {
+		struct {
+			/* Int13, Fn48: Check Extensions Present. */
+			uint8_t device;                   /* %dl: bios device number */
+			uint8_t version;                  /* %ah: major version      */
+			uint16_t interface_support;       /* %cx: support bitmap     */
+			/* Int13, Fn08: Legacy Get Device Parameters. */
+			uint16_t legacy_max_cylinder;     /* %cl[7:6]:%ch: max cyl # */
+			uint8_t legacy_max_head;          /* %dh: max head #         */
+			uint8_t legacy_sectors_per_track; /* %cl[5:0]: max sector #  */
+			/* Int13, Fn41: Get Device Parameters (as filled into %ds:%esi). */
+			/* NB. First uint16_t of buffer must be set to buffer size.      */
+			GUEST_HANDLE(void) edd_params;
+		} disk_info; /* XEN_FW_DISK_INFO */
+		struct {
+			uint8_t device;                   /* bios device number  */
+			uint32_t mbr_signature;           /* offset 0x1b8 in mbr */
+		} disk_mbr_signature; /* XEN_FW_DISK_MBR_SIGNATURE */
+		struct {
+			/* Int10, AX=4F15: Get EDID info. */
+			uint8_t capabilities;
+			uint8_t edid_transfer_time;
+			/* must refer to 128-byte buffer */
+			GUEST_HANDLE(uchar) edid;
+		} vbeddc_info; /* XEN_FW_VBEDDC_INFO */
+	} u;
+};
+DEFINE_GUEST_HANDLE_STRUCT(xenpf_firmware_info_t);
+
+#define XENPF_enter_acpi_sleep    51
+struct xenpf_enter_acpi_sleep {
+	/* IN variables */
+	uint16_t pm1a_cnt_val;      /* PM1a control value. */
+	uint16_t pm1b_cnt_val;      /* PM1b control value. */
+	uint32_t sleep_state;       /* Which state to enter (Sn). */
+	uint32_t flags;             /* Must be zero. */
+};
+DEFINE_GUEST_HANDLE_STRUCT(xenpf_enter_acpi_sleep_t);
+
+#define XENPF_change_freq         52
+struct xenpf_change_freq {
+	/* IN variables */
+	uint32_t flags; /* Must be zero. */
+	uint32_t cpu;   /* Physical cpu. */
+	uint64_t freq;  /* New frequency (Hz). */
+};
+DEFINE_GUEST_HANDLE_STRUCT(xenpf_change_freq_t);
+
+/*
+ * Get idle times (nanoseconds since boot) for physical CPUs specified in the
+ * @cpumap_bitmap with range [0..@cpumap_nr_cpus-1]. The @idletime array is
+ * indexed by CPU number; only entries with the corresponding @cpumap_bitmap
+ * bit set are written to. On return, @cpumap_bitmap is modified so that any
+ * non-existent CPUs are cleared. Such CPUs have their @idletime array entry
+ * cleared.
+ */
+#define XENPF_getidletime         53
+struct xenpf_getidletime {
+	/* IN/OUT variables */
+	/* IN: CPUs to interrogate; OUT: subset of IN which are present */
+	GUEST_HANDLE(uchar) cpumap_bitmap;
+	/* IN variables */
+	/* Size of cpumap bitmap. */
+	uint32_t cpumap_nr_cpus;
+	/* Must be indexable for every cpu in cpumap_bitmap. */
+	GUEST_HANDLE(uint64_t) idletime;
+	/* OUT variables */
+	/* System time when the idletime snapshots were taken. */
+	uint64_t now;
+};
+DEFINE_GUEST_HANDLE_STRUCT(xenpf_getidletime_t);
+
+#define XENPF_set_processor_pminfo      54
+
+/* ability bits */
+#define XEN_PROCESSOR_PM_CX	1
+#define XEN_PROCESSOR_PM_PX	2
+#define XEN_PROCESSOR_PM_TX	4
+
+/* cmd type */
+#define XEN_PM_CX   0
+#define XEN_PM_PX   1
+#define XEN_PM_TX   2
+
+/* Px sub info type */
+#define XEN_PX_PCT   1
+#define XEN_PX_PSS   2
+#define XEN_PX_PPC   4
+#define XEN_PX_PSD   8
+
+struct xen_power_register {
+	uint32_t     space_id;
+	uint32_t     bit_width;
+	uint32_t     bit_offset;
+	uint32_t     access_size;
+	uint64_t     address;
+};
+
+struct xen_processor_csd {
+	uint32_t    domain;      /* domain number of one dependent group */
+	uint32_t    coord_type;  /* coordination type */
+	uint32_t    num;         /* number of processors in same domain */
+};
+DEFINE_GUEST_HANDLE_STRUCT(xen_processor_csd);
+
+struct xen_processor_cx {
+	struct xen_power_register  reg; /* GAS for Cx trigger register */
+	uint8_t     type;     /* cstate value, c0: 0, c1: 1, ... */
+	uint32_t    latency;  /* worst latency (ms) to enter/exit this cstate */
+	uint32_t    power;    /* average power consumption(mW) */
+	uint32_t    dpcnt;    /* number of dependency entries */
+	GUEST_HANDLE(xen_processor_csd) dp; /* NULL if no dependency */
+};
+DEFINE_GUEST_HANDLE_STRUCT(xen_processor_cx);
+
+struct xen_processor_flags {
+	uint32_t bm_control:1;
+	uint32_t bm_check:1;
+	uint32_t has_cst:1;
+	uint32_t power_setup_done:1;
+	uint32_t bm_rld_set:1;
+};
+
+struct xen_processor_power {
+	uint32_t count;  /* number of C state entries in array below */
+	struct xen_processor_flags flags;  /* global flags of this processor */
+	GUEST_HANDLE(xen_processor_cx) states; /* supported c states */
+};
+
+struct xen_pct_register {
+	uint8_t  descriptor;
+	uint16_t length;
+	uint8_t  space_id;
+	uint8_t  bit_width;
+	uint8_t  bit_offset;
+	uint8_t  reserved;
+	uint64_t address;
+};
+
+struct xen_processor_px {
+	uint64_t core_frequency; /* megahertz */
+	uint64_t power;      /* milliWatts */
+	uint64_t transition_latency; /* microseconds */
+	uint64_t bus_master_latency; /* microseconds */
+	uint64_t control;        /* control value */
+	uint64_t status;     /* success indicator */
+};
+DEFINE_GUEST_HANDLE_STRUCT(xen_processor_px);
+
+struct xen_psd_package {
+	uint64_t num_entries;
+	uint64_t revision;
+	uint64_t domain;
+	uint64_t coord_type;
+	uint64_t num_processors;
+};
+
+struct xen_processor_performance {
+	uint32_t flags;     /* flag for Px sub info type */
+	uint32_t platform_limit;  /* Platform limitation on freq usage */
+	struct xen_pct_register control_register;
+	struct xen_pct_register status_register;
+	uint32_t state_count;     /* total available performance states */
+	GUEST_HANDLE(xen_processor_px) states;
+	struct xen_psd_package domain_info;
+	uint32_t shared_type;     /* coordination type of this processor */
+};
+DEFINE_GUEST_HANDLE_STRUCT(xen_processor_performance);
+
+struct xenpf_set_processor_pminfo {
+	/* IN variables */
+	uint32_t id;    /* ACPI CPU ID */
+	uint32_t type;  /* {XEN_PM_CX, XEN_PM_PX} */
+	union {
+		struct xen_processor_power          power;/* Cx: _CST/_CSD */
+		struct xen_processor_performance    perf; /* Px: _PPC/_PCT/_PSS/_PSD */
+	};
+};
+DEFINE_GUEST_HANDLE_STRUCT(xenpf_set_processor_pminfo);
+
+struct xen_platform_op {
+	uint32_t cmd;
+	uint32_t interface_version; /* XENPF_INTERFACE_VERSION */
+	union {
+		struct xenpf_settime           settime;
+		struct xenpf_add_memtype       add_memtype;
+		struct xenpf_del_memtype       del_memtype;
+		struct xenpf_read_memtype      read_memtype;
+		struct xenpf_microcode_update  microcode;
+		struct xenpf_platform_quirk    platform_quirk;
+		struct xenpf_firmware_info     firmware_info;
+		struct xenpf_enter_acpi_sleep  enter_acpi_sleep;
+		struct xenpf_change_freq       change_freq;
+		struct xenpf_getidletime       getidletime;
+		struct xenpf_set_processor_pminfo set_pminfo;
+		uint8_t                        pad[128];
+	} u;
+};
+DEFINE_GUEST_HANDLE_STRUCT(xen_platform_op_t);
+
+#endif /* __XEN_PUBLIC_PLATFORM_H__ */
diff --git a/include/xen/interface/xen.h b/include/xen/interface/xen.h
index 6acd9ce..6a6e914 100644
--- a/include/xen/interface/xen.h
+++ b/include/xen/interface/xen.h
@@ -492,6 +492,7 @@ struct dom0_vga_console_info {
 /* These flags are passed in the 'flags' field of start_info_t. */
 #define SIF_PRIVILEGED    (1<<0)  /* Is the domain privileged? */
 #define SIF_INITDOMAIN    (1<<1)  /* Is this the initial control domain? */
+#define SIF_PM_MASK       (0xFF<<8) /* reserve 1 byte for xen-pm options */
 
 typedef uint64_t cpumap_t;
 
-- 
1.7.4.1

[tboot-devel] [PATCH 3/8] x86/acpi/sleep: Provide registration for acpi_suspend_lowlevel.

[Konrad R. W. <kon...@or...>]

From: Liang Tang <lia...@or...>

Which by default will be x86_acpi_suspend_lowlevel.
This registration allows us to register another callback
if there is a need to use another platform specific callback.

CC: Thomas Gleixner <tg...@li...>
CC: "H. Peter Anvin" <hp...@zy...>
CC: x8...@ke...
CC: Len Brown <len...@in...>
CC: Joseph Cihula <jos...@in...>
CC: Shane Wang <sha...@in...>
CC: lin...@li...
CC: lin...@vg...
CC: Len Brown <len...@in...>
Signed-off-by: Konrad Rzeszutek Wilk <kon...@or...>
Signed-off-by: Liang Tang <lia...@or...>
---
 arch/x86/include/asm/acpi.h  |    2 +-
 arch/x86/kernel/acpi/boot.c  |    2 ++
 arch/x86/kernel/acpi/sleep.c |    4 ++--
 arch/x86/kernel/acpi/sleep.h |    2 ++
 drivers/acpi/sleep.c         |    2 ++
 5 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/arch/x86/include/asm/acpi.h b/arch/x86/include/asm/acpi.h
index 0a46696..9b538dc 100644
--- a/arch/x86/include/asm/acpi.h
+++ b/arch/x86/include/asm/acpi.h
@@ -119,7 +119,7 @@ static inline void acpi_disable_pci(void)
 }
 
 /* Low-level suspend routine. */
-extern int acpi_suspend_lowlevel(void);
+extern int (*acpi_suspend_lowlevel)(void);
 
 extern const unsigned char acpi_wakeup_code[];
 #define acpi_wakeup_address (__pa(TRAMPOLINE_SYM(acpi_wakeup_code)))
diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c
index 7f30806..ddd081b 100644
--- a/arch/x86/kernel/acpi/boot.c
+++ b/arch/x86/kernel/acpi/boot.c
@@ -44,6 +44,7 @@
 #include <asm/mpspec.h>
 #include <asm/smp.h>
 
+#include "sleep.h" /* To include x86_acpi_suspend_lowlevel */
 static int __initdata acpi_force = 0;
 u32 acpi_rsdt_forced;
 int acpi_disabled;
@@ -556,6 +557,7 @@ int (*__acpi_override_sleep)(u8 sleep_state, u32 pm1a_ctrl,
 			     u32 pm1b_ctrl, bool *skip_rest) \
 			   __attribute__ ((unused)) = NULL;
 
+int (*acpi_suspend_lowlevel)(void) = x86_acpi_suspend_lowlevel;
 /*
  * success: return IRQ number (>=0)
  * failure: return < 0
diff --git a/arch/x86/kernel/acpi/sleep.c b/arch/x86/kernel/acpi/sleep.c
index 103b6ab..4d2d0b1 100644
--- a/arch/x86/kernel/acpi/sleep.c
+++ b/arch/x86/kernel/acpi/sleep.c
@@ -25,12 +25,12 @@ static char temp_stack[4096];
 #endif
 
 /**
- * acpi_suspend_lowlevel - save kernel state
+ * x86_acpi_suspend_lowlevel - save kernel state
  *
  * Create an identity mapped page table and copy the wakeup routine to
  * low memory.
  */
-int acpi_suspend_lowlevel(void)
+int x86_acpi_suspend_lowlevel(void)
 {
 	struct wakeup_header *header;
 	/* address in low memory of the wakeup routine. */
diff --git a/arch/x86/kernel/acpi/sleep.h b/arch/x86/kernel/acpi/sleep.h
index 416d4be..4d3feb5 100644
--- a/arch/x86/kernel/acpi/sleep.h
+++ b/arch/x86/kernel/acpi/sleep.h
@@ -13,3 +13,5 @@ extern unsigned long acpi_copy_wakeup_routine(unsigned long);
 extern void wakeup_long64(void);
 
 extern void do_suspend_lowlevel(void);
+
+extern int x86_acpi_suspend_lowlevel(void);
diff --git a/drivers/acpi/sleep.c b/drivers/acpi/sleep.c
index 3ed80b2..3570c00 100644
--- a/drivers/acpi/sleep.c
+++ b/drivers/acpi/sleep.c
@@ -254,6 +254,8 @@ static int acpi_suspend_enter(suspend_state_t pm_state)
 		break;
 
 	case ACPI_STATE_S3:
+		if (!acpi_suspend_lowlevel)
+			return -ENODEV;
 		error = acpi_suspend_lowlevel();
 		if (error)
 			return error;
-- 
1.7.4.1

[tboot-devel] [PATCH 7/8] xen/acpi/sleep: Register to the acpi_suspend_lowlevel a callback.

[Konrad R. W. <kon...@or...>]

We piggyback on "x86/acpi: Provide registration for acpi_suspend_lowlevel."
to register a Xen version of the callback. The callback does not
do anything special - except it omits the x86_acpi_suspend_lowlevel.
It does that b/c during suspend it tries to save cr8 values (which
the hypervisor does not support), and then on resume path the
cr3, cr8, idt, and gdt are all resumed which clashes with what
the hypervisor has set up for the guest.

Signed-off-by: Liang Tang <lia...@or...>
Signed-off-by: Konrad Rzeszutek Wilk <kon...@or...>
---
 include/xen/acpi.h |   14 +++++++++++++-
 1 files changed, 13 insertions(+), 1 deletions(-)

diff --git a/include/xen/acpi.h b/include/xen/acpi.h
index c981887..18025e0 100644
--- a/include/xen/acpi.h
+++ b/include/xen/acpi.h
@@ -44,10 +44,22 @@ int xen_acpi_notify_hypervisor_state(u8 sleep_state,
 				     u32 pm1a_cnt, u32 pm1b_cnd,
 				     bool *skip_rest);
 
+static inline int xen_acpi_suspend_lowlevel(void)
+{
+	/*
+	 * Xen will save and restore CPU context, so
+	 * we can skip that and just go straight to
+	 * the suspend.
+	 */
+	acpi_enter_sleep_state(ACPI_STATE_S3);
+	return 0;
+}
 static inline void xen_acpi_sleep_register(void)
 {
-	if (xen_initial_domain())
+	if (xen_initial_domain()) {
+		acpi_suspend_lowlevel = xen_acpi_suspend_lowlevel;
 		__acpi_override_sleep = xen_acpi_notify_hypervisor_state;
+	}
 }
 #else
 static inline void xen_acpi_sleep_register(void)
-- 
1.7.4.1

[tboot-devel] [PATCH 8/8] xen/pci:use hypercall PHYSDEVOP_restore_msi_ext to restore MSI/MSI-X vectors

[Konrad R. W. <kon...@or...>]

From: Liang Tang <lia...@or...>

.. to use the new hypercall to restore the vectors for MSI/MSI-X devices.
If the new hypercall fail, we will call the old one (PHYSDEVOP_restore_msi).

[v1: Attempt only once to make the new hypercall, not everytime]
Signed-off-by: Konrad Rzeszutek Wilk <kon...@or...>
Signed-off-by: Liang Tang <lia...@or...>
---
 arch/x86/pci/xen.c              |   27 ++++++++++++++++++++++-----
 include/xen/interface/physdev.h |    8 ++++++++
 2 files changed, 30 insertions(+), 5 deletions(-)

diff --git a/arch/x86/pci/xen.c b/arch/x86/pci/xen.c
index 9eea4ed..4521b05 100644
--- a/arch/x86/pci/xen.c
+++ b/arch/x86/pci/xen.c
@@ -248,6 +248,8 @@ error:
 }
 
 #ifdef CONFIG_XEN_DOM0
+static bool __read_mostly pci_seg_supported = true;
+
 static int xen_initdom_setup_msi_irqs(struct pci_dev *dev, int nvec, int type)
 {
 	int ret = 0;
@@ -308,12 +310,27 @@ out:
 static void xen_initdom_restore_msi_irqs(struct pci_dev *dev, int irq)
 {
 	int ret = 0;
-	struct physdev_restore_msi restore;
 
-	restore.bus = dev->bus->number;
-	restore.devfn = dev->devfn;
-	ret = HYPERVISOR_physdev_op(PHYSDEVOP_restore_msi, &restore);
-	WARN(ret && ret != -ENOSYS, "restore_msi -> %d\n", ret);
+	if (pci_seg_supported) {
+		struct physdev_pci_device restore_ext;
+
+		restore_ext.seg = pci_domain_nr(dev->bus);
+		restore_ext.bus = dev->bus->number;
+		restore_ext.devfn = dev->devfn;
+		ret = HYPERVISOR_physdev_op(PHYSDEVOP_restore_msi_ext,
+					    &restore_ext);
+		if (ret == -ENOSYS)
+			pci_seg_supported = false;
+		WARN(ret && ret != -ENOSYS, "restore_msi_ext -> %d\n", ret);
+	}
+	if (!pci_seg_supported) {
+		struct physdev_restore_msi restore;
+
+		restore.bus = dev->bus->number;
+		restore.devfn = dev->devfn;
+		ret = HYPERVISOR_physdev_op(PHYSDEVOP_restore_msi, &restore);
+		WARN(ret && ret != -ENOSYS, "restore_msi -> %d\n", ret);
+	}
 }
 #endif
 
diff --git a/include/xen/interface/physdev.h b/include/xen/interface/physdev.h
index 44aefa9..9818456 100644
--- a/include/xen/interface/physdev.h
+++ b/include/xen/interface/physdev.h
@@ -205,6 +205,14 @@ struct physdev_get_free_pirq {
     uint32_t pirq;
 };
 
+#define PHYSDEVOP_restore_msi_ext       27
+struct physdev_pci_device {
+	/* IN */
+	uint16_t seg;
+	uint8_t bus;
+	uint8_t devfn;
+};
+
 /*
  * Notify that some PIRQ-bound event channels have been unmasked.
  * ** This command is obsolete since interface version 0x00030202 and is **
-- 
1.7.4.1

[tboot-devel] [PATCH v2] ACPI S3 to work under Xen.

[Konrad R. W. <kon...@or...>]

Attached is an [v2] set of patches to enable S3 to work with the Xen hypervisor.

Changes since the RFC posting [http://comments.gmane.org/gmane.linux.acpi.devel/50701] by
Liang Tang:
 - Per review comments added: __unused__ attribute, support for PM1A/B if more than 16-bit,
   copyright/license.
 - Added support for PHYSDEVOP_restore_msi_ext call.

The relationship that Xen has with Linux kernel is symbiotic. The Linux
kernel does the ACPI "stuff" and tells the hypervisor to do the low-level
stuff (such as program the IOAPIC, setup vectors, etc). The realm of
ACPI S3 is more complex as we need to save the CPU state (and Intel TXT
values - which the hypervisor has to do).

The major difficulties we hit was with 'acpi_suspend_lowlevel' - which tweaks
a lot of lowlevel values and some of them are not properly handled by Xen.
Liang Tang has figured which ones of them we trip over (read below) - and he
suggested that perhaps we can provide a registration mechanism to abstract
this away. The reason for all of this is that Linux does not talk to the
BIOS directly - instead it simply walks through the necessary ACPI methods
and then issues hypercall to Xen which then further completes the remaining
suspend steps.

So the attached patches do exactly that - there are two entry points
in the ACPI.

 1). For S3: acpi_suspend_lowlevel -> .. lots of code -> acpi_enter_sleep_state
 2). For S1/S4/S5: acpi_enter_sleep_state

The first naive idea was of abstracting away in the 'acpi_enter_sleep_state'
function the tboot_sleep code so that we can use it too. And low-behold - it
worked splendidly for powering off (S5 I believe)

For S3 that did not work - during suspend the hypervisor tripped over when
saving cr8. During resume it tripped over at restoring the cr3, cr8, idt,
and gdt values.

When I posted the RFC, the feedback I got was to use a higher upper interface
to make the call to the hypervisor. Instead of doing it at the lower pv-ops
case for cr3, cr8, idt, gdt, etc. The code I've to say - is much nicer than
doing it via pv-ops.

Anyhow, please take a look!

Konrad Rzeszutek Wilk (5):
      x86: Expand the x86_msi_ops to have a restore MSIs.
      x86, acpi, tboot: Have a ACPI sleep override instead of calling tboot_sleep.
      xen: Utilize the restore_msi_irqs hook.
      xen/acpi/sleep: Enable ACPI sleep via the __acpi_override_sleep
      xen/acpi/sleep: Register to the acpi_suspend_lowlevel a callback.

Liang Tang (2):
      x86/acpi/sleep: Provide registration for acpi_suspend_lowlevel.
      xen/pci:use hypercall PHYSDEVOP_restore_msi_ext to restore MSI/MSI-X vectors

Yu Ke (1):
      xen/acpi: Domain0 acpi parser related platform hypercall


 arch/ia64/include/asm/xen/interface.h |    1 +
 arch/x86/include/asm/acpi.h           |    6 +-
 arch/x86/include/asm/pci.h            |    9 +
 arch/x86/include/asm/x86_init.h       |    1 +
 arch/x86/include/asm/xen/hypercall.h  |    8 +
 arch/x86/include/asm/xen/interface.h  |    1 +
 arch/x86/kernel/acpi/boot.c           |    6 +
 arch/x86/kernel/acpi/sleep.c          |    4 +-
 arch/x86/kernel/acpi/sleep.h          |    2 +
 arch/x86/kernel/tboot.c               |   14 +-
 arch/x86/kernel/x86_init.c            |    1 +
 arch/x86/pci/xen.c                    |   29 +++
 arch/x86/xen/enlighten.c              |    3 +
 drivers/acpi/acpica/hwsleep.c         |   12 +-
 drivers/acpi/sleep.c                  |    2 +
 drivers/pci/msi.c                     |   29 +++-
 drivers/xen/Makefile                  |    2 +-
 drivers/xen/acpi.c                    |   65 +++++++
 include/linux/tboot.h                 |    3 +-
 include/xen/acpi.h                    |   70 +++++++
 include/xen/interface/physdev.h       |   15 ++
 include/xen/interface/platform.h      |  320 +++++++++++++++++++++++++++++++++
 include/xen/interface/xen.h           |    1 +
 23 files changed, 591 insertions(+), 13 deletions(-)

[tboot-devel] [PATCH 4/8] xen: Utilize the restore_msi_irqs hook.

[Konrad R. W. <kon...@or...>]

to make a hypercall to restore the vectors in the MSI/MSI-X
configuration space.

Signed-off-by: Konrad Rzeszutek Wilk <kon...@or...>
---
 arch/x86/pci/xen.c              |   12 ++++++++++++
 include/xen/interface/physdev.h |    7 +++++++
 2 files changed, 19 insertions(+), 0 deletions(-)

diff --git a/arch/x86/pci/xen.c b/arch/x86/pci/xen.c
index 1017c7b..9eea4ed 100644
--- a/arch/x86/pci/xen.c
+++ b/arch/x86/pci/xen.c
@@ -304,6 +304,17 @@ static int xen_initdom_setup_msi_irqs(struct pci_dev *dev, int nvec, int type)
 out:
 	return ret;
 }
+
+static void xen_initdom_restore_msi_irqs(struct pci_dev *dev, int irq)
+{
+	int ret = 0;
+	struct physdev_restore_msi restore;
+
+	restore.bus = dev->bus->number;
+	restore.devfn = dev->devfn;
+	ret = HYPERVISOR_physdev_op(PHYSDEVOP_restore_msi, &restore);
+	WARN(ret && ret != -ENOSYS, "restore_msi -> %d\n", ret);
+}
 #endif
 
 static void xen_teardown_msi_irqs(struct pci_dev *dev)
@@ -426,6 +437,7 @@ int __init pci_xen_initial_domain(void)
 #ifdef CONFIG_PCI_MSI
 	x86_msi.setup_msi_irqs = xen_initdom_setup_msi_irqs;
 	x86_msi.teardown_msi_irq = xen_teardown_msi_irq;
+	x86_msi.restore_msi_irqs = xen_initdom_restore_msi_irqs;
 #endif
 	xen_setup_acpi_sci();
 	__acpi_register_gsi = acpi_register_gsi_xen;
diff --git a/include/xen/interface/physdev.h b/include/xen/interface/physdev.h
index 534cac8..44aefa9 100644
--- a/include/xen/interface/physdev.h
+++ b/include/xen/interface/physdev.h
@@ -144,6 +144,13 @@ struct physdev_manage_pci {
 	uint8_t devfn;
 };
 
+#define PHYSDEVOP_restore_msi            19
+struct physdev_restore_msi {
+	/* IN */
+	uint8_t bus;
+	uint8_t devfn;
+};
+
 #define PHYSDEVOP_manage_pci_add_ext	20
 struct physdev_manage_pci_ext {
 	/* IN */
-- 
1.7.4.1

[tboot-devel] [PATCH 2/8] x86, acpi, tboot: Have a ACPI sleep override instead of calling tboot_sleep.

[Konrad R. W. <kon...@or...>]

The ACPI suspend path makes a call to tboot_sleep right before
it writes the PM1A, PM1B values. We replace the direct call to
tboot via an registration callback similar to __acpi_register_gsi.

CC: Thomas Gleixner <tg...@li...>
CC: "H. Peter Anvin" <hp...@zy...>
CC: x8...@ke...
CC: Len Brown <len...@in...>
CC: Joseph Cihula <jos...@in...>
CC: Shane Wang <sha...@in...>
CC: xen...@li...
CC: lin...@li...
CC: tbo...@li...
CC: lin...@vg...
[v1: Added __attribute__ ((unused))]
Signed-off-by: Konrad Rzeszutek Wilk <kon...@or...>
---
 arch/x86/include/asm/acpi.h   |    4 ++++
 arch/x86/kernel/acpi/boot.c   |    4 ++++
 arch/x86/kernel/tboot.c       |   14 ++++++++++----
 drivers/acpi/acpica/hwsleep.c |   12 ++++++++++--
 include/linux/tboot.h         |    3 ++-
 5 files changed, 30 insertions(+), 7 deletions(-)

diff --git a/arch/x86/include/asm/acpi.h b/arch/x86/include/asm/acpi.h
index 610001d..0a46696 100644
--- a/arch/x86/include/asm/acpi.h
+++ b/arch/x86/include/asm/acpi.h
@@ -98,6 +98,10 @@ void acpi_pic_sci_set_trigger(unsigned int, u16);
 extern int (*__acpi_register_gsi)(struct device *dev, u32 gsi,
 				  int trigger, int polarity);
 
+extern int (*__acpi_override_sleep)(u8 sleep_state, u32 pm1a_ctrl,
+				    u32 pm1b_ctrl, bool *skip_rest) \
+				    __attribute__ ((unused));
+
 static inline void disable_acpi(void)
 {
 	acpi_disabled = 1;
diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c
index 4558f0d..7f30806 100644
--- a/arch/x86/kernel/acpi/boot.c
+++ b/arch/x86/kernel/acpi/boot.c
@@ -552,6 +552,10 @@ static int acpi_register_gsi_ioapic(struct device *dev, u32 gsi,
 int (*__acpi_register_gsi)(struct device *dev, u32 gsi,
 			   int trigger, int polarity) = acpi_register_gsi_pic;
 
+int (*__acpi_override_sleep)(u8 sleep_state, u32 pm1a_ctrl,
+			     u32 pm1b_ctrl, bool *skip_rest) \
+			   __attribute__ ((unused)) = NULL;
+
 /*
  * success: return IRQ number (>=0)
  * failure: return < 0
diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c
index e07a2fc..a6c0a30 100644
--- a/arch/x86/kernel/tboot.c
+++ b/arch/x86/kernel/tboot.c
@@ -42,7 +42,7 @@
 #include <asm/setup.h>
 #include <asm/e820.h>
 #include <asm/io.h>
-
+#include <linux/acpi.h>
 #include "acpi/realmode/wakeup.h"
 
 /* Global pointer to shared data; NULL means no measured launch. */
@@ -271,7 +271,9 @@ static void tboot_copy_fadt(const struct acpi_table_fadt *fadt)
 		offsetof(struct acpi_table_facs, firmware_waking_vector);
 }
 
-void tboot_sleep(u8 sleep_state, u32 pm1a_control, u32 pm1b_control)
+
+int tboot_sleep(u8 sleep_state, u32 pm1a_control, u32 pm1b_control,
+		bool *skip_rest)
 {
 	static u32 acpi_shutdown_map[ACPI_S_STATE_COUNT] = {
 		/* S0,1,2: */ -1, -1, -1,
@@ -280,7 +282,7 @@ void tboot_sleep(u8 sleep_state, u32 pm1a_control, u32 pm1b_control)
 		/* S5: */ TB_SHUTDOWN_S5 };
 
 	if (!tboot_enabled())
-		return;
+		return AE_OK;
 
 	tboot_copy_fadt(&acpi_gbl_FADT);
 	tboot->acpi_sinfo.pm1a_cnt_val = pm1a_control;
@@ -291,10 +293,12 @@ void tboot_sleep(u8 sleep_state, u32 pm1a_control, u32 pm1b_control)
 	if (sleep_state >= ACPI_S_STATE_COUNT ||
 	    acpi_shutdown_map[sleep_state] == -1) {
 		pr_warning("unsupported sleep state 0x%x\n", sleep_state);
-		return;
+		return AE_ERROR;
 	}
 
 	tboot_shutdown(acpi_shutdown_map[sleep_state]);
+
+	return AE_OK;
 }
 
 static atomic_t ap_wfs_count;
@@ -344,6 +348,8 @@ static __init int tboot_late_init(void)
 
 	atomic_set(&ap_wfs_count, 0);
 	register_hotcpu_notifier(&tboot_cpu_notifier);
+
+	__acpi_override_sleep = tboot_sleep;
 	return 0;
 }
 
diff --git a/drivers/acpi/acpica/hwsleep.c b/drivers/acpi/acpica/hwsleep.c
index 2ac28bb..31d1198 100644
--- a/drivers/acpi/acpica/hwsleep.c
+++ b/drivers/acpi/acpica/hwsleep.c
@@ -45,7 +45,6 @@
 #include <acpi/acpi.h>
 #include "accommon.h"
 #include "actables.h"
-#include <linux/tboot.h>
 
 #define _COMPONENT          ACPI_HARDWARE
 ACPI_MODULE_NAME("hwsleep")
@@ -343,8 +342,17 @@ acpi_status asmlinkage acpi_enter_sleep_state(u8 sleep_state)
 
 	ACPI_FLUSH_CPU_CACHE();
 
-	tboot_sleep(sleep_state, pm1a_control, pm1b_control);
+	if (__acpi_override_sleep) {
+		bool skip_rest = false;
 
+		status = __acpi_override_sleep(sleep_state, pm1a_control,
+					       pm1b_control, &skip_rest);
+
+		if (ACPI_FAILURE(status))
+			return_ACPI_STATUS(status);
+		if (skip_rest)
+			return_ACPI_STATUS(AE_OK);
+	}
 	/* Write #2: Write both SLP_TYP + SLP_EN */
 
 	status = acpi_hw_write_pm1_control(pm1a_control, pm1b_control);
diff --git a/include/linux/tboot.h b/include/linux/tboot.h
index 1dba6ee..1216698 100644
--- a/include/linux/tboot.h
+++ b/include/linux/tboot.h
@@ -143,7 +143,8 @@ static inline int tboot_enabled(void)
 
 extern void tboot_probe(void);
 extern void tboot_shutdown(u32 shutdown_type);
-extern void tboot_sleep(u8 sleep_state, u32 pm1a_control, u32 pm1b_control);
+extern int tboot_sleep(u8 sleep_state, u32 pm1a_control, u32 pm1b_control,
+		       bool *skip_rest)  __attribute__ ((unused));
 extern struct acpi_table_header *tboot_get_dmar_table(
 				      struct acpi_table_header *dmar_tbl);
 extern int tboot_force_iommu(void);
-- 
1.7.4.1

[tboot-devel] [PATCH 1/8] x86: Expand the x86_msi_ops to have a restore MSIs.

[Konrad R. W. <kon...@or...>]

The MSI restore function will become a function pointer in an
x86_msi_ops struct. It defaults to the implementation in the
io_apic.c and msi.c. We piggyback on the indirection mechanism
introduced by "x86: Introduce x86_msi_ops".

c: x8...@ke...
Cc: Thomas Gleixner <tg...@li...>
Cc: "H. Peter Anvin" <hp...@zy...>
Signed-off-by: Konrad Rzeszutek Wilk <kon...@or...>
---
 arch/x86/include/asm/pci.h      |    9 +++++++++
 arch/x86/include/asm/x86_init.h |    1 +
 arch/x86/kernel/x86_init.c      |    1 +
 drivers/pci/msi.c               |   29 +++++++++++++++++++++++++++--
 4 files changed, 38 insertions(+), 2 deletions(-)

diff --git a/arch/x86/include/asm/pci.h b/arch/x86/include/asm/pci.h
index d498943..df75d07 100644
--- a/arch/x86/include/asm/pci.h
+++ b/arch/x86/include/asm/pci.h
@@ -112,19 +112,28 @@ static inline void x86_teardown_msi_irq(unsigned int irq)
 {
 	x86_msi.teardown_msi_irq(irq);
 }
+static inline void x86_restore_msi_irqs(struct pci_dev *dev, int irq)
+{
+	x86_msi.restore_msi_irqs(dev, irq);
+}
 #define arch_setup_msi_irqs x86_setup_msi_irqs
 #define arch_teardown_msi_irqs x86_teardown_msi_irqs
 #define arch_teardown_msi_irq x86_teardown_msi_irq
+#define arch_restore_msi_irqs x86_restore_msi_irqs
 /* implemented in arch/x86/kernel/apic/io_apic. */
 int native_setup_msi_irqs(struct pci_dev *dev, int nvec, int type);
 void native_teardown_msi_irq(unsigned int irq);
+void native_restore_msi_irqs(struct pci_dev *dev, int irq);
 /* default to the implementation in drivers/lib/msi.c */
 #define HAVE_DEFAULT_MSI_TEARDOWN_IRQS
+#define HAVE_DEFAULT_MSI_RESTORE_IRQS
 void default_teardown_msi_irqs(struct pci_dev *dev);
+void default_restore_msi_irqs(struct pci_dev *dev, int irq);
 #else
 #define native_setup_msi_irqs		NULL
 #define native_teardown_msi_irq		NULL
 #define default_teardown_msi_irqs	NULL
+#define default_restore_msi_irqs	NULL
 #endif
 
 #define PCI_DMA_BUS_IS_PHYS (dma_ops->is_phys)
diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h
index d3d8590..7af18be 100644
--- a/arch/x86/include/asm/x86_init.h
+++ b/arch/x86/include/asm/x86_init.h
@@ -174,6 +174,7 @@ struct x86_msi_ops {
 	int (*setup_msi_irqs)(struct pci_dev *dev, int nvec, int type);
 	void (*teardown_msi_irq)(unsigned int irq);
 	void (*teardown_msi_irqs)(struct pci_dev *dev);
+	void (*restore_msi_irqs)(struct pci_dev *dev, int irq);
 };
 
 extern struct x86_init_ops x86_init;
diff --git a/arch/x86/kernel/x86_init.c b/arch/x86/kernel/x86_init.c
index 6f164bd..bd1fe10 100644
--- a/arch/x86/kernel/x86_init.c
+++ b/arch/x86/kernel/x86_init.c
@@ -110,4 +110,5 @@ struct x86_msi_ops x86_msi = {
 	.setup_msi_irqs = native_setup_msi_irqs,
 	.teardown_msi_irq = native_teardown_msi_irq,
 	.teardown_msi_irqs = default_teardown_msi_irqs,
+	.restore_msi_irqs = default_restore_msi_irqs,
 };
diff --git a/drivers/pci/msi.c b/drivers/pci/msi.c
index 2f10328..f1fd801 100644
--- a/drivers/pci/msi.c
+++ b/drivers/pci/msi.c
@@ -85,6 +85,31 @@ void default_teardown_msi_irqs(struct pci_dev *dev)
 }
 #endif
 
+#ifndef arch_restore_msi_irqs
+# define arch_restore_msi_irqs default_restore_msi_irqs
+# define HAVE_DEFAULT_MSI_RESTORE_IRQS
+#endif
+
+#ifdef HAVE_DEFAULT_MSI_RESTORE_IRQS
+void default_restore_msi_irqs(struct pci_dev *dev, int irq)
+{
+	struct msi_desc *entry;
+
+	entry = NULL;
+	if (dev->msix_enabled) {
+		list_for_each_entry(entry, &dev->msi_list, list) {
+			if (irq == entry->irq)
+				break;
+		}
+	} else if (dev->msi_enabled)  {
+		entry = irq_get_msi_desc(irq);
+	}
+
+	if (entry)
+		write_msi_msg(irq, &entry->msg);
+}
+#endif
+
 static void msi_set_enable(struct pci_dev *dev, int pos, int enable)
 {
 	u16 control;
@@ -359,7 +384,7 @@ static void __pci_restore_msi_state(struct pci_dev *dev)
 
 	pci_intx_for_msi(dev, 0);
 	msi_set_enable(dev, pos, 0);
-	write_msi_msg(dev->irq, &entry->msg);
+	arch_restore_msi_irqs(dev, dev->irq);
 
 	pci_read_config_word(dev, pos + PCI_MSI_FLAGS, &control);
 	msi_mask_irq(entry, msi_capable_mask(control), entry->masked);
@@ -387,7 +412,7 @@ static void __pci_restore_msix_state(struct pci_dev *dev)
 	pci_write_config_word(dev, pos + PCI_MSIX_FLAGS, control);
 
 	list_for_each_entry(entry, &dev->msi_list, list) {
-		write_msi_msg(entry->irq, &entry->msg);
+		arch_restore_msi_irqs(dev, entry->irq);
 		msix_mask_irq(entry, entry->masked);
 	}
 
-- 
1.7.4.1

Re: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45

[Cihula, J. <jos...@in...>]

You aren't passing a command line string (-c "...") to lcp_mlehash-is it the case that your grub.conf file doesn't have any command line options for tboot?

Joe

From: Michael Nelson [mailto:mik...@ho...]
Sent: Tuesday, September 27, 2011 7:06 PM
To: tbo...@li...
Subject: [tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45

(Using tboot-1.6 + Q45_Q43_SINIT_19.BIN)

I am trying to get tboot working on a Dell Optiplex 960 and getting an "MLE measurement not in policy" (TXT ERRORCODE=0xc0003501) error. I've tried a number of different things but I am stuck at this point trying to figure out what's wrong.

Here are the commands that I have run (after taking ownership and creating the NV storage):

lcp_mlehash /boot/tboot.gz > mlehash
lcp_crtpol -t hashonly -m mle_hash -o lcp.pol
lcp_writepol -i owner -f lcp.pol -p password

I have also configured the tboot policy with tb_polgen (which tboot summarizes during bootup), but I don't think I am getting far enough for that to be relevant yet.

Any help would be appreciated.

Thanks,
-mike

[tboot-devel] MLE measurement not in policy - tboot-1.6 on Q45

[Michael N. <mik...@ho...>]

(Using tboot-1.6 + Q45_Q43_SINIT_19.BIN)
I am trying to get tboot working on a Dell Optiplex 960 and getting an "MLE measurement not in policy" (TXT ERRORCODE=0xc0003501) error. I've tried a number of different things but I am stuck at this point trying to figure out what's wrong. 
Here are the commands that I have run (after taking ownership and creating the NV storage):
lcp_mlehash /boot/tboot.gz > mlehashlcp_crtpol -t hashonly -m mle_hash -o lcp.pollcp_writepol -i owner -f lcp.pol -p password
I have also configured the tboot policy with tb_polgen (which tboot summarizes during bootup), but I don't think I am getting far enough for that to be relevant yet.
Any help would be appreciated.
Thanks,-mike
 		 	   		  

[tboot-devel] FYI: acTvSM platform 0.3

[Martin P. <Mar...@ia...>]

Hi list...

For your interest, IAIK released the third revision of their acTvSM
prototype platform - download at [1].


acTvSM is a proof-of-concept integration of Trusted Computing and
Intel TXT into an off-the-shelf Debian Linux system. TBoot is used to
anchor the chain-of-trust in the DRTM and the initial ramdisk obtains the
key for the encrypted system root partition only if the TPM PCRs are in
the correct state.
Also, acTvSM provides management scripts for the sysadmin to reseal
the system to a new administrator defined state. Using KVM, on top
of the tightly controlled base system custom virtual applications
can be run.


Contrary to the announcement the last release did contain some bugs.
We are sorry for that. ;-)

However, we believe this release to be the best ever, supporting more
chipsets and being rebased to the latest Debian release (Squeeze).


This experimental platform was demoed last week at ETISS 2011 and
received pleasant feedback. Maybe you like this demonstration of TXT
integration, too.

Note that this is (still) an experimental prototype and thus contains
sharp edges to hurt yourself and some debugging code obviously contrary
to security.


We thank every helping hand who made this release possible!


Have fun,
  Martin & Ronald


[1] http://trustedjava.sourceforge.net/

[tboot-devel] Compilation error in tboot1.6

[Hilfi A. <hil...@be...>]

Hi, the following is a snippet of my compilation process with tboot. I haven't
seen any errors like this before so I'm not sure on how to approach it. I just
upgraded my binutils to the latest version (binutils-2.21.1-2)

-----------------------------------------------------------------------
ld -melf_i386 -T
/home/aurum/projects/cloud_security/tboot-1.6/tboot/common/tboot.lds 
/home/aurum/projects/cloud_security/tboot-1.6/tboot/.tboot.0 -o
/home/aurum/projects/cloud_security/tboot-1.6/tboot/tboot
ld: error in
/home/aurum/projects/cloud_security/tboot-1.6/tboot/.tboot.0(.eh_frame); no
.eh_frame_hdr table will be created.
rm -f /home/aurum/projects/cloud_security/tboot-1.6/tboot/.tboot.0
gzip -f -9 < /home/aurum/projects/cloud_security/tboot-1.6/tboot/tboot >
/home/aurum/projects/cloud_security/tboot-1.6/tboot/tboot.gz
-----------------------------------------------------------------------