WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-changelog

[Xen-changelog] [xen-unstable] tboot: hypervisor integrity on S3

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] tboot: hypervisor integrity on S3
From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 29 Jan 2009 18:55:12 -0800
Delivery-date: Thu, 29 Jan 2009 18:55:10 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1233228969 0
# Node ID 378a85ff1260684af3cb7420e2a15b6034d0812c
# Parent  b86df1139133a703f0f252c79d209fd24c6e7fa2
tboot: hypervisor integrity on S3

When launched from tboot, utilise tboot interface to provide integrity
protection to the hypervisor during S3

Signed-off-by: Joseph Cihula <joseph.cihula@xxxxxxxxx>
ACKed-by: Shane Wang <shane.wang@xxxxxxxxx>
---
 xen/arch/x86/tboot.c        |   21 +++++++++++++++++++++
 xen/include/asm-x86/tboot.h |    9 +++++++++
 2 files changed, 30 insertions(+)

diff -r b86df1139133 -r 378a85ff1260 xen/arch/x86/tboot.c
--- a/xen/arch/x86/tboot.c      Thu Jan 29 11:35:19 2009 +0000
+++ b/xen/arch/x86/tboot.c      Thu Jan 29 11:36:09 2009 +0000
@@ -16,6 +16,8 @@ tboot_shared_t *g_tboot_shared;
 tboot_shared_t *g_tboot_shared;
 
 static const uuid_t tboot_shared_uuid = TBOOT_SHARED_UUID;
+
+extern char __init_begin[], __per_cpu_start[], __per_cpu_end[], __bss_start[];
 
 void __init tboot_probe(void)
 {
@@ -59,6 +61,25 @@ void tboot_shutdown(uint32_t shutdown_ty
 
     local_irq_disable();
 
+    /* if this is S3 then set regions to MAC */
+    if ( shutdown_type == TB_SHUTDOWN_S3 ) {
+        g_tboot_shared->num_mac_regions = 4;
+        /* S3 resume code (and other real mode trampoline code) */
+        g_tboot_shared->mac_regions[0].start =
+            (uint64_t)bootsym_phys(trampoline_start);
+        g_tboot_shared->mac_regions[0].end =
+            (uint64_t)bootsym_phys(trampoline_end);
+        /* hypervisor code + data */
+        g_tboot_shared->mac_regions[1].start = (uint64_t)__pa(&_stext);
+        g_tboot_shared->mac_regions[1].end = (uint64_t)__pa(&__init_begin);
+        /* per-cpu data */
+        g_tboot_shared->mac_regions[2].start = 
(uint64_t)__pa(&__per_cpu_start);
+        g_tboot_shared->mac_regions[2].end = (uint64_t)__pa(&__per_cpu_end);
+        /* bss */
+        g_tboot_shared->mac_regions[3].start = (uint64_t)__pa(&__bss_start);
+        g_tboot_shared->mac_regions[3].end = (uint64_t)__pa(&_end);
+    }
+
     /* Create identity map for tboot shutdown code. */
     map_base = PFN_DOWN(g_tboot_shared->tboot_base);
     map_size = PFN_UP(g_tboot_shared->tboot_size);
diff -r b86df1139133 -r 378a85ff1260 xen/include/asm-x86/tboot.h
--- a/xen/include/asm-x86/tboot.h       Thu Jan 29 11:35:19 2009 +0000
+++ b/xen/include/asm-x86/tboot.h       Thu Jan 29 11:36:09 2009 +0000
@@ -51,6 +51,12 @@ typedef struct __packed {
 
 /* used to communicate between tboot and the launched kernel (i.e. Xen) */
 
+#define MAX_TB_MAC_REGIONS      32
+typedef struct __packed {
+    uint64_t  start;
+    uint64_t  end;
+} tboot_mac_region_t;
+
 /* GAS - Generic Address Structure (ACPI 2.0+) */
 typedef struct __packed {
        uint8_t  space_id;
@@ -83,6 +89,9 @@ typedef struct __packed {
               acpi_sinfo;        /* where kernel put acpi sleep info in Sx */
     uint32_t  tboot_base;        /* starting addr for tboot */
     uint32_t  tboot_size;        /* size of tboot */
+    uint8_t   num_mac_regions;   /* number mem regions to MAC on S3 */
+                                 /* contig regions memory to MAC on S3 */
+    tboot_mac_region_t mac_regions[MAX_TB_MAC_REGIONS];
 } tboot_shared_t;
 
 #define TB_SHUTDOWN_REBOOT      0

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] tboot: hypervisor integrity on S3, Xen patchbot-unstable <=