For security reasons, add ''force_iommu'' option to ensure that it should not be possible under any conditions to boot Xen w/o VT-d being enabled. This would only be specified by users that really want the added security. Signed-off-by: Weidong Han <weidong.han@intel.com> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Cihula, Joseph
2008-Aug-06 08:43 UTC
RE: [Xen-devel] [PATCH] [VTD] Add ''force_iommu'' option
ACKed-by: Joseph Cihula <joseph.cihula@intel.com> This patch is needed to maintain trust in Xen when it is launched using Intel(R) Trusted Execution Technology, as it will be launched with DMA protection and needs to fail securely if that protection cannot be maintained. Joe -----Original Message----- From: xen-devel-bounces@lists.xensource.com [mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of Han, Weidong Sent: Tuesday, August 05, 2008 8:33 PM To: xen-devel@lists.xensource.com Subject: [Xen-devel] [PATCH] [VTD] Add ''force_iommu'' option For security reasons, add ''force_iommu'' option to ensure that it should not be possible under any conditions to boot Xen w/o VT-d being enabled. This would only be specified by users that really want the added security. Signed-off-by: Weidong Han <weidong.han@intel.com> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Espen Skoglund
2008-Aug-06 13:01 UTC
Re: [Xen-devel] [PATCH] [VTD] Add ''force_iommu'' option
[Weidong Han]> For security reasons, add ''force_iommu'' option to ensure that it should > not be possible under any conditions to boot Xen w/o VT-d being enabled. > This would only be specified by users that really want the added > security.Here''s a followup which collects all the iommu parameters into a single parameter. Makes things more intuitive from a users perspective. eSk --- iommu: Make the iommu boot parameters more generic and flexible Make the ''iommu'' boot parameter take a comma separated value indicating wheter iommu is required to boot and whether to enable iommu for pv domains. Signed-off-by: Espen Skoglund <espen.skoglund@netronome.com> diff -r 152ba12fc55c xen/drivers/passthrough/iommu.c --- a/xen/drivers/passthrough/iommu.c Wed Aug 06 13:07:34 2008 +0100 +++ b/xen/drivers/passthrough/iommu.c Wed Aug 06 13:55:46 2008 +0100 @@ -20,18 +20,48 @@ extern struct iommu_ops intel_iommu_ops; extern struct iommu_ops amd_iommu_ops; +static void parse_iommu_param(char *s); static int iommu_populate_page_table(struct domain *d); int intel_vtd_setup(void); int amd_iov_detect(void); +/* + * The ''iommu'' parameter enables the IOMMU. Optional comma separated + * value may contain: + * + * off|no|false|disable Disable IOMMU (default) + * pv Enable IOMMU for PV domains + * no-pv Disable IOMMU for PV domains (default) + * force|required Don''t boot unless IOMMU is enabled + */ +custom_param("iommu", parse_iommu_param); int iommu_enabled = 0; -boolean_param("iommu", iommu_enabled); +int iommu_pv_enabled = 0; +int force_iommu = 0; -int iommu_pv_enabled = 0; -boolean_param("iommu_pv", iommu_pv_enabled); +static void __init parse_iommu_param(char *s) +{ + char *ss; + iommu_enabled = 1; -int force_iommu = 0; -boolean_param("force_iommu", force_iommu); + do { + ss = strchr(s, '',''); + if ( ss ) + *ss = ''\0''; + + if ( !strcmp(s, "off") || !strcmp(s, "no") || !strcmp(s, "false") || + !strcmp(s, "0") || !strcmp(s, "disable") ) + iommu_enabled = 0; + else if ( !strcmp(s, "pv") ) + iommu_pv_enabled = 1; + else if ( !strcmp(s, "no-pv") ) + iommu_pv_enabled = 0; + else if ( !strcmp(s, "force") || !strcmp(s, "required") ) + force_iommu = 1; + + s = ss + 1; + } while ( ss ); +} int iommu_domain_init(struct domain *domain) { _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Cihula, Joseph
2008-Aug-06 16:09 UTC
RE: [Xen-devel] [PATCH] [VTD] Add ''force_iommu'' option
I''d like to petition this patch to be included in 3.3, so that the official releases continue to fully support the TXT/tboot trust model. Joe -----Original Message----- From: xen-devel-bounces@lists.xensource.com [mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of Espen Skoglund Sent: Wednesday, August 06, 2008 6:02 AM To: Han, Weidong Cc: xen-devel@lists.xensource.com Subject: Re: [Xen-devel] [PATCH] [VTD] Add ''force_iommu'' option [Weidong Han]> For security reasons, add ''force_iommu'' option to ensure that itshould> not be possible under any conditions to boot Xen w/o VT-d beingenabled.> This would only be specified by users that really want the added > security.Here''s a followup which collects all the iommu parameters into a single parameter. Makes things more intuitive from a users perspective. eSk --- iommu: Make the iommu boot parameters more generic and flexible Make the ''iommu'' boot parameter take a comma separated value indicating wheter iommu is required to boot and whether to enable iommu for pv domains. Signed-off-by: Espen Skoglund <espen.skoglund@netronome.com> diff -r 152ba12fc55c xen/drivers/passthrough/iommu.c --- a/xen/drivers/passthrough/iommu.c Wed Aug 06 13:07:34 2008 +0100 +++ b/xen/drivers/passthrough/iommu.c Wed Aug 06 13:55:46 2008 +0100 @@ -20,18 +20,48 @@ extern struct iommu_ops intel_iommu_ops; extern struct iommu_ops amd_iommu_ops; +static void parse_iommu_param(char *s); static int iommu_populate_page_table(struct domain *d); int intel_vtd_setup(void); int amd_iov_detect(void); +/* + * The ''iommu'' parameter enables the IOMMU. Optional comma separated + * value may contain: + * + * off|no|false|disable Disable IOMMU (default) + * pv Enable IOMMU for PV domains + * no-pv Disable IOMMU for PV domains (default) + * force|required Don''t boot unless IOMMU is enabled + */ +custom_param("iommu", parse_iommu_param); int iommu_enabled = 0; -boolean_param("iommu", iommu_enabled); +int iommu_pv_enabled = 0; +int force_iommu = 0; -int iommu_pv_enabled = 0; -boolean_param("iommu_pv", iommu_pv_enabled); +static void __init parse_iommu_param(char *s) +{ + char *ss; + iommu_enabled = 1; -int force_iommu = 0; -boolean_param("force_iommu", force_iommu); + do { + ss = strchr(s, '',''); + if ( ss ) + *ss = ''\0''; + + if ( !strcmp(s, "off") || !strcmp(s, "no") || !strcmp(s, "false") || + !strcmp(s, "0") || !strcmp(s, "disable") ) + iommu_enabled = 0; + else if ( !strcmp(s, "pv") ) + iommu_pv_enabled = 1; + else if ( !strcmp(s, "no-pv") ) + iommu_pv_enabled = 0; + else if ( !strcmp(s, "force") || !strcmp(s, "required") ) + force_iommu = 1; + + s = ss + 1; + } while ( ss ); +} int iommu_domain_init(struct domain *domain) { _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel