| |
|
 |
|
 |
|
|
|
| |
|
|
xen-changelog
[Xen-changelog] [xen-unstable] tboot: hypervisor integrity on S3
# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1233228969 0
# Node ID 378a85ff1260684af3cb7420e2a15b6034d0812c
# Parent b86df1139133a703f0f252c79d209fd24c6e7fa2
tboot: hypervisor integrity on S3
When launched from tboot, utilise tboot interface to provide integrity
protection to the hypervisor during S3
Signed-off-by: Joseph Cihula <joseph.cihula@xxxxxxxxx>
ACKed-by: Shane Wang <shane.wang@xxxxxxxxx>
---
xen/arch/x86/tboot.c | 21 +++++++++++++++++++++
xen/include/asm-x86/tboot.h | 9 +++++++++
2 files changed, 30 insertions(+)
diff -r b86df1139133 -r 378a85ff1260 xen/arch/x86/tboot.c
--- a/xen/arch/x86/tboot.c Thu Jan 29 11:35:19 2009 +0000
+++ b/xen/arch/x86/tboot.c Thu Jan 29 11:36:09 2009 +0000
@@ -16,6 +16,8 @@ tboot_shared_t *g_tboot_shared;
tboot_shared_t *g_tboot_shared;
static const uuid_t tboot_shared_uuid = TBOOT_SHARED_UUID;
+
+extern char __init_begin[], __per_cpu_start[], __per_cpu_end[], __bss_start[];
void __init tboot_probe(void)
{
@@ -59,6 +61,25 @@ void tboot_shutdown(uint32_t shutdown_ty
local_irq_disable();
+ /* if this is S3 then set regions to MAC */
+ if ( shutdown_type == TB_SHUTDOWN_S3 ) {
+ g_tboot_shared->num_mac_regions = 4;
+ /* S3 resume code (and other real mode trampoline code) */
+ g_tboot_shared->mac_regions[0].start =
+ (uint64_t)bootsym_phys(trampoline_start);
+ g_tboot_shared->mac_regions[0].end =
+ (uint64_t)bootsym_phys(trampoline_end);
+ /* hypervisor code + data */
+ g_tboot_shared->mac_regions[1].start = (uint64_t)__pa(&_stext);
+ g_tboot_shared->mac_regions[1].end = (uint64_t)__pa(&__init_begin);
+ /* per-cpu data */
+ g_tboot_shared->mac_regions[2].start =
(uint64_t)__pa(&__per_cpu_start);
+ g_tboot_shared->mac_regions[2].end = (uint64_t)__pa(&__per_cpu_end);
+ /* bss */
+ g_tboot_shared->mac_regions[3].start = (uint64_t)__pa(&__bss_start);
+ g_tboot_shared->mac_regions[3].end = (uint64_t)__pa(&_end);
+ }
+
/* Create identity map for tboot shutdown code. */
map_base = PFN_DOWN(g_tboot_shared->tboot_base);
map_size = PFN_UP(g_tboot_shared->tboot_size);
diff -r b86df1139133 -r 378a85ff1260 xen/include/asm-x86/tboot.h
--- a/xen/include/asm-x86/tboot.h Thu Jan 29 11:35:19 2009 +0000
+++ b/xen/include/asm-x86/tboot.h Thu Jan 29 11:36:09 2009 +0000
@@ -51,6 +51,12 @@ typedef struct __packed {
/* used to communicate between tboot and the launched kernel (i.e. Xen) */
+#define MAX_TB_MAC_REGIONS 32
+typedef struct __packed {
+ uint64_t start;
+ uint64_t end;
+} tboot_mac_region_t;
+
/* GAS - Generic Address Structure (ACPI 2.0+) */
typedef struct __packed {
uint8_t space_id;
@@ -83,6 +89,9 @@ typedef struct __packed {
acpi_sinfo; /* where kernel put acpi sleep info in Sx */
uint32_t tboot_base; /* starting addr for tboot */
uint32_t tboot_size; /* size of tboot */
+ uint8_t num_mac_regions; /* number mem regions to MAC on S3 */
+ /* contig regions memory to MAC on S3 */
+ tboot_mac_region_t mac_regions[MAX_TB_MAC_REGIONS];
} tboot_shared_t;
#define TB_SHUTDOWN_REBOOT 0
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
| <Prev in Thread] |
Current Thread |
[Next in Thread> |
- [Xen-changelog] [xen-unstable] tboot: hypervisor integrity on S3,
Xen patchbot-unstable <=
|
|
|
| |
|
Home