Xen devel - Nov 2007 - [Xense-devel] [PATCH] update for Trusted Boot v20071128

This patch updates the Xen to work with the latest version (20071128) of
Trusted Boot (tboot).  This version of tboot now resides at 16MB
(instead of the previous <1MB), in addition to several other
enhancements.  By residing at 16MB, this version of tboot will be
protected from access by dom0.

This patch allows Xen to correctly map the tboot shutdown code that it
must trampoline into for a clean shutdown (without this patch Xen will
fault on shutdown).  This patch will also work with the previous version
of tboot.

Signed-off-by:  Joseph Cihula <joseph.cihula@intel.com>

diff -r 3057f813da14 Makefile
--- a/Makefile	Thu Nov 29 19:30:33 2007 +0000
+++ b/Makefile	Thu Nov 29 17:42:02 2007 -0800
@@ -211,7 +211,7 @@ linux26:
 # tboot targets
 #
 
-TBOOT_TARFILE = tboot-20071029.tar.gz
+TBOOT_TARFILE = tboot-20071128.tar.gz
 TBOOT_BASE_URL = http://downloads.sourceforge.net/tboot
 
 .PHONY: build-tboot
@@ -222,6 +222,10 @@ install-tboot: download_tboot
 install-tboot: download_tboot
 	$(MAKE) -C tboot install
 
+.PHONY: dist-tboot
+dist-tboot: download_tboot
+	$(MAKE) DESTDIR=$(DISTDIR)/install -C tboot dist
+
 .PHONY: clean-tboot
 clean-tboot:
 	[ ! -d tboot ] || $(MAKE) -C tboot clean
diff -r 3057f813da14 xen/arch/x86/tboot.c
--- a/xen/arch/x86/tboot.c	Thu Nov 29 19:30:33 2007 +0000
+++ b/xen/arch/x86/tboot.c	Wed Nov 28 11:41:50 2007 -0800
@@ -43,16 +43,39 @@ void __init tboot_probe(void)
     printk("  s3_tb_wakeup_entry: 0x%08x\n",
tboot_shared->s3_tb_wakeup_entry);
     printk("  s3_k_wakeup_entry: 0x%08x\n",
tboot_shared->s3_k_wakeup_entry);
     printk("  &acpi_sinfo: 0x%p\n",
&tboot_shared->acpi_sinfo);
+    if ( tboot_shared->version >= 0x02 ) {
+        printk("  tboot_base: 0x%08x\n",
tboot_shared->tboot_base);
+        printk("  tboot_size: 0x%x\n", tboot_shared->tboot_size);
+    }
 }
 
 void tboot_shutdown(uint32_t shutdown_type)
 {
+    uint32_t map_base, map_size;
+    int err;
+
     g_tboot_shared->shutdown_type = shutdown_type;
 
     local_irq_disable();
 
-    /* Create identity map for 0-640k to include tboot code. */
-    map_pages_to_xen(0, 0, PFN_UP(0xa0000), __PAGE_HYPERVISOR);
+    /* Create identity map for tboot shutdown code. */
+    if ( g_tboot_shared->version >= 0x02 ) {
+        map_base = PFN_DOWN(g_tboot_shared->tboot_base);
+        map_size = PFN_UP(g_tboot_shared->tboot_size);
+    }
+    else {
+        map_base = 0;
+        map_size = PFN_UP(0xa0000);
+    }
+
+    err = map_pages_to_xen(map_base << PAGE_SHIFT, map_base, map_size,
+                           __PAGE_HYPERVISOR);
+    if ( err != 0 ) {
+        printk("error (0x%x) mapping tboot pages (mfns) @ 0x%x,
0x%x\n", err,
+               map_base, map_size);
+        return;
+    }
+
     write_ptbase(idle_vcpu[0]);
 
 #ifdef __x86_64__
@@ -68,3 +91,13 @@ int tboot_in_measured_env(void)
 {
     return (g_tboot_shared != NULL);
 }
+
+/*
+ * Local variables:
+ * mode: C
+ * c-set-style: "BSD"
+ * c-basic-offset: 4
+ * tab-width: 4
+ * indent-tabs-mode: nil
+ * End:
+ */
diff -r 3057f813da14 xen/include/asm-x86/tboot.h
--- a/xen/include/asm-x86/tboot.h	Thu Nov 29 19:30:33 2007 +0000
+++ b/xen/include/asm-x86/tboot.h	Wed Nov 28 09:50:25 2007 -0800
@@ -49,6 +49,7 @@ typedef struct __attribute__ ((__packed_
 #define MAX_TB_ACPI_SINFO_SIZE   64
 
 typedef struct __attribute__ ((__packed__)) {
+    /* version 0x01+ fields: */
     uuid_t    uuid;              /*
{663C8DFF-E8B3-4b82-AABF-19EA4D057A08} */
     uint32_t  version;           /* 0x01 */
     uint32_t  log_addr;          /* physical addr of tb_log_t log */
@@ -59,6 +60,9 @@ typedef struct __attribute__ ((__packed_
     uint32_t  s3_k_wakeup_entry; /* entry point for xen s3 wake up */
     uint8_t   acpi_sinfo[MAX_TB_ACPI_SINFO_SIZE];
                                  /* where kernel put acpi sleep info in
Sx */
+    /* version 0x02+ fields: */
+    uint32_t  tboot_base;        /* starting addr for tboot */
+    uint32_t  tboot_size;        /* size of tboot */
 } tboot_shared_t;
 
 #define TB_SHUTDOWN_REBOOT      0


_______________________________________________
Xense-devel mailing list
Xense-devel@lists.xensource.com
http://lists.xensource.com/xense-devel

Hi, 

I have just one question.
Currently Your patch supports version=0x01 only?
>From seeing tboot code, It seems 
0x01 for tboot-20071029
0x02 for tboot-20071128
I think it should fix the comment of "version" in tboot_shared_t.

Thanks
Atsushi SAKAI


"Cihula, Joseph" <joseph.cihula@intel.com>
wrote:
>  typedef struct __attribute__ ((__packed__)) {
> +    /* version 0x01+ fields: */
>      uuid_t    uuid;              /*
> {663C8DFF-E8B3-4b82-AABF-19EA4D057A08} */
>      uint32_t  version;           /* 0x01 */
>      uint32_t  log_addr;          /* physical addr of tb_log_t log */
> @@ -59,6 +60,9 @@ typedef struct __attribute__ ((__packed_
>      uint32_t  s3_k_wakeup_entry; /* entry point for xen s3 wake up */
>      uint8_t   acpi_sinfo[MAX_TB_ACPI_SINFO_SIZE];
>                                   /* where kernel put acpi sleep info in
> Sx */
> +    /* version 0x02+ fields: */
> +    uint32_t  tboot_base;        /* starting addr for tboot */
> +    uint32_t  tboot_size;        /* size of tboot */
>  } tboot_shared_t;
>  
>  #define TB_SHUTDOWN_REBOOT      0


_______________________________________________
Xense-devel mailing list
Xense-devel@lists.xensource.com
http://lists.xensource.com/xense-devel

On Thursday, November 29, 2007 6:55 PM, Atsushi SAKAI
wrote:
> Hi,
> 
> I have just one question.
> Currently Your patch supports version=0x01 only?
> From seeing tboot code, It seems
> 0x01 for tboot-20071029
> 0x02 for tboot-20071128
> I think it should fix the comment of "version" in tboot_shared_t.
Good catch.  Keir, can you do that as part of the check-in?

Joe

_______________________________________________
Xense-devel mailing list
Xense-devel@lists.xensource.com
http://lists.xensource.com/xense-devel

On 30/11/07 05:04, "Cihula, Joseph" <joseph.cihula@intel.com>
wrote:
> On Thursday, November 29, 2007 6:55 PM, Atsushi SAKAI wrote:
>> Hi,
>> 
>> I have just one question.
>> Currently Your patch supports version=0x01 only?
>> From seeing tboot code, It seems
>> 0x01 for tboot-20071029
>> 0x02 for tboot-20071128
>> I think it should fix the comment of "version" in
tboot_shared_t.
> 
> Good catch.  Keir, can you do that as part of the check-in?
Sure.

 -- Keir




_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel