Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Changes/fixes on top of v11 AMD patches for non-PSP case #26

Draft
wants to merge 26 commits into
base: grub-sl-2.12-v11-amd
Choose a base branch
from

Conversation

SergiiDmytruk
Copy link
Member

Significant number commits are meant to be squashed into other commits on the base branch later on.

Just use grub_divmod64() explicitly like all other code does.

Signed-off-by: Sergii Dmytruk <[email protected]>
Signed-off-by: Sergii Dmytruk <[email protected]>
@@ -148,9 +167,57 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld)

mld->load_base_addr = get_physical_target_address (ch);
source = get_virtual_current_address (ch);

#ifdef GRUB_USE_MULTIBOOT2
grub_memset (get_virtual_current_address (ch), 0, load_size);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
grub_memset (get_virtual_current_address (ch), 0, load_size);
grub_memset (source, 0, load_size);

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doing this unconditionally also has performance implication for non-slaunch case, but lets leave it up for upstream to decide whether it should be moved to if below or not.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/TrenchBoot/grub/compare/fdf1960e4eb74f88dd1c6d5a9ef375a5805dfec6..805d4f39d323ab39d5794195a75efb1dcdcf170c#diff-32e991c56790cec87f55280083791c5f9af329a33f9b67cc8998ac8da765c5d4

I'm actually not even sure if this makes any difference for measurements, but it seems to take extra time. I'd rather made loading code zero unused memory if it doesn't do it already

/* It's OK to call this for AMD SKINIT because SKL erases the log before use. */
if (slparams->platform_type == SLP_INTEL_TXT || slparams->platform_type == SLP_AMD_SKINIT)
grub_txt_init_tpm_event_log (get_virtual_current_address (ch),
slparams->tpm_evt_log_size);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This needs one more space of indentation.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comment on lines 1238 to 1242
/*
* AMD SKL final setup may relocate the SKL module. It is also what sets the SLRT and DCE
* values in slparams so this must be done before final setup and launch below.
*/
err = grub_skl_setup_module (slparams);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But it could be moved to else if (slparams->platform_type == SLP_AMD_SKINIT) below, or am I missing something?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tmr_count = tmr_end / drtm_capability.tmr_alignment;
if (tmr_end % drtm_capability.tmr_alignment == 1)
tmr_count = grub_divmod64 (tmr_end, drtm_capability.tmr_alignment, &rem);
if (rem == 1)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand this part. Shouldn't it be != 0? Having a memory range that ends on 1 byte shouldn't be possible.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

info = (struct grub_skl_info *) ((grub_uint8_t *) skl_module + skl_module->skl_info_offset);
if (module->bootloader_data_offset > max_size)
{
grub_dprintf ("slaunch", "Possible SKL module has a gap before data: %u > %u\n",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This message doesn't convey the reason for failure. Offset to that data must be <= max_size because this is where SLRT is located. If it isn't, there is not enough space reserved for SLRT, and this is what the message should say.

It would be worth to also check if module->bootloader_data_offset < module->length. Bootloader data shouldn't be measured as part of SL by SKINIT.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

{
struct grub_txt_event_log_container *elog;

if (buf == NULL || size == 0)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if (buf == NULL || size == 0)
if (buf == NULL || size < sizeof (*elog))

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@@ -67,6 +71,14 @@ struct grub_slaunch_params
grub_uint32_t dce_size;
grub_uint64_t tpm_evt_log_base;
grub_uint32_t tpm_evt_log_size;

/*
* Can be NULL. Called before at before starting and after adding standard
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Can be NULL. Called before at before starting and after adding standard
* Can be NULL. Called before starting and after adding standard

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SergiiDmytruk and others added 24 commits November 29, 2024 19:48
The behaviour is implementation specific and in case of GCC 32-bit
pointers are **sign-extended** on conversions to a larger integer type,
thus producing invalid values.

The opposite isn't dangerous, but still generates compiler warnings.

Go through `grub_addr_t` in both cases.

https://gcc.gnu.org/onlinedocs/gcc/Arrays-and-pointers-implementation.html

Signed-off-by: Sergii Dmytruk <[email protected]>
Signed-off-by: Michał Żygowski <[email protected]>
Signed-off-by: Krystian Hebel <[email protected]>
Signed-off-by: Sergii Dmytruk <[email protected]>
Only the case of legacy boot has slparams->mle_start and
slparams->mle_mem different.  Other places are updated for consistency.

Signed-off-by: Sergii Dmytruk <[email protected]>
Make them more comprehensive and remove the `skl_size <
(8*GRUB_PAGE_SIZE)` one which doesn't make much sense.

Signed-off-by: Sergii Dmytruk <[email protected]>
Not all boot methods are Linux EFI boot methods.

Signed-off-by: Sergii Dmytruk <[email protected]>
GRUB_MULTIBOOT(get_mbi_size) returns an upper bound on MBI's size
instead of the actual size.  It could also be used for measurements
after zeroing unused parts of the buffer, but using an actual size seems
like a better option as the same MBI will always have the same hash
regardless of the amount of extra memory that follows it.

Signed-off-by: Sergii Dmytruk <[email protected]>
The code makes sure that MBI entry goes first in DRTM, so the payload
can measure it first on launch.  Then goes SLRT and other typical
entries, while MB2 modules are added at the end.

Signed-off-by: Michał Żygowski <[email protected]>
Signed-off-by: Tomasz Żyjewski <[email protected]>
Signed-off-by: Krystian Hebel <[email protected]>
Signed-off-by: Sergii Dmytruk <[email protected]>
Just return bool.

Signed-off-by: Sergii Dmytruk <[email protected]>
Copy link
Member Author

@SergiiDmytruk SergiiDmytruk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GitHub: You need to leave a comment indicating the requested changes.
Me: Shut up and post my replies to outdated conversations.

P.S. Private browsing suggests that it did post them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants