WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xense-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] [PATCH v2] txt: 4/5 - hypervisor integrity on S3

from [Cihula, Joseph] [Permanent Link][Original]
To: "'xen-devel@xxxxxxxxxxxxxxxxxxx'" <xen-devel@xxxxxxxxxxxxxxxxxxx>, "xense-devel@xxxxxxxxxxxxxxxxxxx" <xense-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] [PATCH v2] txt: 4/5 - hypervisor integrity on S3
From: "Cihula, Joseph" <joseph.cihula@xxxxxxxxx>
Date: Thu, 29 Jan 2009 00:55:48 -0800
Accept-language: en-US
Acceptlanguage: en-US
Cc: "Wang, Shane" <shane.wang@xxxxxxxxx>, Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
Delivery-date: Thu, 29 Jan 2009 01:01:37 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Acl6wwDVeGb+gD7oQVWBnioT1hmixwHKzkRQ
Thread-topic: [PATCH v2] txt: 4/5 - hypervisor integrity on S3 
When launched from tboot, utilise tboot interface to provide integrity 
protection to the hypervisor during S3

Signed-off-by: Joseph Cihula <joseph.cihula@xxxxxxxxx>
ACKed-by: Shane Wang <shane.wang@xxxxxxxxx>

diff -r 196ed4d1e316 -r 664c5cd3827b xen/arch/x86/tboot.c
--- a/xen/arch/x86/tboot.c      Wed Jan 28 22:12:49 2009 -0800
+++ b/xen/arch/x86/tboot.c      Wed Jan 28 22:32:25 2009 -0800
@@ -17,6 +17,8 @@ tboot_shared_t *g_tboot_shared;
 tboot_shared_t *g_tboot_shared;

 static const uuid_t tboot_shared_uuid = TBOOT_SHARED_UUID;
+
+extern char __init_begin[], __per_cpu_start[], __per_cpu_end[], __bss_start[];

 /*
  * TXT configuration registers (offsets from TXT_{PUB, PRIV}_CONFIG_REGS_BASE)
@@ -76,6 +78,25 @@ void tboot_shutdown(uint32_t shutdown_ty
     g_tboot_shared->shutdown_type = shutdown_type;

     local_irq_disable();
+
+    /* if this is S3 then set regions to MAC */
+    if ( shutdown_type == TB_SHUTDOWN_S3 ) {
+        g_tboot_shared->num_mac_regions = 4;
+        /* S3 resume code (and other real mode trampoline code) */
+        g_tboot_shared->mac_regions[0].start =
+            (uint64_t)bootsym_phys(trampoline_start);
+        g_tboot_shared->mac_regions[0].end =
+            (uint64_t)bootsym_phys(trampoline_end);
+        /* hypervisor code + data */
+        g_tboot_shared->mac_regions[1].start = (uint64_t)__pa(&_stext);
+        g_tboot_shared->mac_regions[1].end = (uint64_t)__pa(&__init_begin);
+        /* per-cpu data */
+        g_tboot_shared->mac_regions[2].start = 
(uint64_t)__pa(&__per_cpu_start);
+        g_tboot_shared->mac_regions[2].end = (uint64_t)__pa(&__per_cpu_end);
+        /* bss */
+        g_tboot_shared->mac_regions[3].start = (uint64_t)__pa(&__bss_start);
+        g_tboot_shared->mac_regions[3].end = (uint64_t)__pa(&_end);
+    }

     /* Create identity map for tboot shutdown code. */
     map_base = PFN_DOWN(g_tboot_shared->tboot_base);
diff -r 196ed4d1e316 -r 664c5cd3827b xen/include/asm-x86/tboot.h
--- a/xen/include/asm-x86/tboot.h       Wed Jan 28 22:12:49 2009 -0800
+++ b/xen/include/asm-x86/tboot.h       Wed Jan 28 22:32:25 2009 -0800
@@ -51,6 +51,12 @@ typedef struct __packed {

 /* used to communicate between tboot and the launched kernel (i.e. Xen) */

+#define MAX_TB_MAC_REGIONS      32
+typedef struct __packed {
+    uint64_t  start;
+    uint64_t  end;
+} tboot_mac_region_t;
+
 /* GAS - Generic Address Structure (ACPI 2.0+) */
 typedef struct __packed {
        uint8_t  space_id;
@@ -83,6 +89,9 @@ typedef struct __packed {
               acpi_sinfo;        /* where kernel put acpi sleep info in Sx */
     uint32_t  tboot_base;        /* starting addr for tboot */
     uint32_t  tboot_size;        /* size of tboot */
+    uint8_t   num_mac_regions;   /* number mem regions to MAC on S3 */
+                                 /* contig regions memory to MAC on S3 */
+    tboot_mac_region_t mac_regions[MAX_TB_MAC_REGIONS];
 } tboot_shared_t;

 #define TB_SHUTDOWN_REBOOT      0

Attachment: xen-txt-04c-hypervisor_s3_integrity.patch
Description: xen-txt-04c-hypervisor_s3_integrity.patch

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] [PATCH v2] txt: 4/5 - hypervisor integrity on S3, Cihula, Joseph <=
Previous by Date:  [Xense-devel] [PATCH v2] txt: 3/5 - explicitly protect TXT addr ranges from dom0, Cihula, Joseph
Next by Date:  [Xense-devel] [PATCH v2] txt: 5/5 - use TXT's DMA-protected DMAR table to setup VT-d, Cihula, Joseph
Previous by Thread:  [Xense-devel] [PATCH v2] txt: 3/5 - explicitly protect TXT addr ranges from dom0, Cihula, Joseph
Next by Thread:  [Xense-devel] [PATCH v2] txt: 5/5 - use TXT's DMA-protected DMAR table to setup VT-d, Cihula, Joseph
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy