[PATCH] txt: 6/6 - hypervisor integrity on S3

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[PATCH] txt: 6/6 - hypervisor integrity on S3

Cihula, Joseph
When launched from tboot, utilise tboot interface to provide integrity protection to the hypervisor during S3

Signed-off-by: Joseph Cihula <[hidden email]>
ACKed-by: Shane Wang <[hidden email]>

diff -r bc2e19b70b3d -r 6b9033a1e376 xen/arch/x86/tboot.c
--- a/xen/arch/x86/tboot.c      Fri Jan 16 13:45:37 2009 -0800
+++ b/xen/arch/x86/tboot.c      Fri Jan 16 13:46:44 2009 -0800
@@ -99,6 +99,19 @@ void tboot_shutdown(uint32_t shutdown_ty

     local_irq_disable();

+    /* if this is S3 then set regions to MAC */
+    if ( shutdown_type == TB_SHUTDOWN_S3 ) {
+        g_tboot_shared->num_mac_regions = 2;
+        /* S3 resume code (and other real mode trampoline code) */
+        g_tboot_shared->mac_regions[0].start =
+            (uint64_t)bootsym_phys(trampoline_start);
+        g_tboot_shared->mac_regions[0].end =
+            (uint64_t)bootsym_phys(trampoline_end);
+        /* hypervisor code + data */
+        g_tboot_shared->mac_regions[1].start = (uint64_t)xen_phys_start;
+        g_tboot_shared->mac_regions[1].end = (uint64_t)xenheap_phys_end;
+    }
+
     /* Create identity map for tboot shutdown code. */
     map_base = PFN_DOWN(g_tboot_shared->tboot_base);
     map_size = PFN_UP(g_tboot_shared->tboot_size);
diff -r bc2e19b70b3d -r 6b9033a1e376 xen/include/asm-x86/tboot.h
--- a/xen/include/asm-x86/tboot.h       Fri Jan 16 13:45:37 2009 -0800
+++ b/xen/include/asm-x86/tboot.h       Fri Jan 16 13:46:44 2009 -0800
@@ -53,6 +53,12 @@ typedef struct __packed {

 /* used to communicate between tboot and the launched kernel (i.e. Xen) */

+#define MAX_TB_MAC_REGIONS      32
+typedef struct __packed {
+    uint64_t  start;
+    uint64_t  end;
+} tboot_mac_region_t;
+
 typedef struct acpi_generic_address tboot_acpi_generic_address_t;

 typedef struct __packed {
@@ -77,6 +83,9 @@ typedef struct __packed {
               acpi_sinfo;        /* where kernel put acpi sleep info in Sx */
     uint32_t  tboot_base;        /* starting addr for tboot */
     uint32_t  tboot_size;        /* size of tboot */
+    uint8_t   num_mac_regions;   /* number mem regions to MAC on S3 */
+                                 /* contig regions memory to MAC on S3 */
+    tboot_mac_region_t mac_regions[MAX_TB_MAC_REGIONS];
 } tboot_shared_t;

 #define TB_SHUTDOWN_REBOOT      0

_______________________________________________
Xense-devel mailing list
[hidden email]
http://lists.xensource.com/xense-devel

xen-txt-06-hypervisor_s3_integrity.patch (3K) Download Attachment