arch/x86: switch to using SLRT interface

`struct txt_os_mle_data` now contains pointer to Secure Launch Resource Table which stores various information about slaunch in an extensible way. Saved MTRRs and event log were moved there. Signed-off-by: Sergii Dmytruk <[email protected]>
TrenchBoot · Oct 28, 2023 · 91788d2 · 91788d2
1 parent 7a6d154
commit 91788d2
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 44 deletions.
diff --git a/xen/arch/x86/include/asm/intel_txt.h b/xen/arch/x86/include/asm/intel_txt.h
@@ -70,8 +70,6 @@
 #define SL_ERROR_TPM_UNKNOWN_DIGEST	0xc0008020
 #define SL_ERROR_TPM_INVALID_EVENT	0xc0008021
 
-#define TXT_OS_MLE_MAX_VARIABLE_MTRRS	32
-
 #define SLAUNCH_BOOTLOADER_MAGIC	0x4c534254
 
 #define TXT_AP_BOOT_CS			0x0030
@@ -93,6 +91,8 @@ extern uint32_t trampoline_gdt[];
 #define _txt(x) __va(x)
 #endif
 
+#include <xen/slr_table.h>
+
 /*
  * Always use private space as some of registers are either read-only or not
  * present in public space.
@@ -120,32 +120,16 @@ static inline void txt_reset(uint32_t error)
 	while (1);
 }
 
-/*
- * Secure Launch defined MTRR saving structures
- */
-struct txt_mtrr_pair {
-	uint64_t mtrr_physbase;
-	uint64_t mtrr_physmask;
-} __packed;
-
-struct txt_mtrr_state {
-	uint64_t default_mem_type;
-	uint64_t mtrr_vcnt;
-	struct txt_mtrr_pair mtrr_pair[TXT_OS_MLE_MAX_VARIABLE_MTRRS];
-} __packed;
-
 /*
  * Secure Launch defined OS/MLE TXT Heap table
  */
 struct txt_os_mle_data {
 	uint32_t version;
 	uint32_t boot_params_addr;
-	uint64_t saved_misc_enable_msr;
-	struct txt_mtrr_state saved_bsp_mtrrs;
+    uint32_t slrt;
+    uint32_t txt_info;
 	uint32_t ap_wake_block;
 	uint32_t ap_wake_block_size;
-	uint64_t evtlog_addr;
-	uint32_t evtlog_size;
 	uint8_t mle_scratch[64];
 } __packed;
 
@@ -341,6 +325,26 @@ static inline int is_in_pmr(struct txt_os_sinit_data *os_sinit, uint64_t base,
 	return 0;
 }
 
+static inline void find_evt_log(void **evt_log, uint32_t *evt_log_size)
+{
+    struct txt_os_mle_data *os_mle;
+    struct slr_table *slrt;
+    struct slr_entry_log_info *log_info;
+
+    os_mle = txt_os_mle_data_start(_txt(read_txt_reg(TXTCR_HEAP_BASE)));
+    slrt = _txt(os_mle->slrt);
+
+    log_info = (struct slr_entry_log_info *)
+        slr_next_entry_by_tag(slrt, NULL, SLR_ENTRY_LOG_INFO);
+    if ( log_info != NULL ) {
+        *evt_log = _p(log_info->addr);
+        *evt_log_size = log_info->size;
+    } else {
+        *evt_log = NULL;
+        *evt_log_size = 0;
+    }
+}
+
 extern void protect_txt_mem_regions(void);
 extern void txt_restore_mtrrs(bool e820_verbose);
 

diff --git a/xen/arch/x86/intel_txt.c b/xen/arch/x86/intel_txt.c
@@ -5,6 +5,7 @@
 #include <asm/intel_txt.h>
 #include <xen/init.h>
 #include <xen/mm.h>
+#include <xen/slr_table.h>
 
 static uint64_t __initdata txt_heap_base, txt_heap_size;
 
@@ -82,7 +83,8 @@ void __init protect_txt_mem_regions(void)
 
     /* TXT Heap */
     if ( txt_heap_base != 0 ) {
-        struct txt_os_mle_data *os_mle;
+        void *evt_log_addr;
+        uint32_t evt_log_size;
 
         printk("SLAUNCH: reserving TXT heap (%#lx - %#lx)\n", txt_heap_base,
                txt_heap_base + txt_heap_size);
@@ -92,13 +94,14 @@ void __init protect_txt_mem_regions(void)
 
         /* TXT TPM Event Log */
         map_l2(txt_heap_base, txt_heap_size);
-        os_mle = txt_os_mle_data_start(__va(txt_heap_base));
-
-        if ( os_mle->evtlog_addr != 0 ) {
-            printk("SLAUNCH: reserving event log (%#lx - %#lx)\n", os_mle->evtlog_addr,
-                   os_mle->evtlog_addr + os_mle->evtlog_size);
-            e820_change_range_type(&e820_raw, os_mle->evtlog_addr,
-                                   os_mle->evtlog_addr + os_mle->evtlog_size,
+        find_evt_log(&evt_log_addr, &evt_log_size);
+
+        if ( evt_log_addr != 0 ) {
+            printk("SLAUNCH: reserving event log (%#lx - %#lx)\n",
+                   (uint64_t)evt_log_addr,
+                   (uint64_t)evt_log_addr + evt_log_size);
+            e820_change_range_type(&e820_raw, (uint64_t)evt_log_addr,
+                                   (uint64_t)evt_log_addr + evt_log_size,
                                    E820_RAM, E820_RESERVED);
         }
 
@@ -123,6 +126,8 @@ void __init protect_txt_mem_regions(void)
 void __init txt_restore_mtrrs(bool e820_verbose)
 {
     struct txt_os_mle_data *os_mle;
+    struct slr_table *slrt;
+    struct slr_entry_intel_info *intel_info;
     int os_mle_size;
     uint64_t mtrr_cap, mtrr_def, base, mask;
     unsigned int i;
@@ -152,21 +157,25 @@ void __init txt_restore_mtrrs(bool e820_verbose)
         }
     }
 
-    if ( (mtrr_cap & 0xFF) != os_mle->saved_bsp_mtrrs.mtrr_vcnt ) {
+    slrt = __va(os_mle->slrt);
+    intel_info = (struct slr_entry_intel_info *)
+        slr_next_entry_by_tag(slrt, NULL, SLR_ENTRY_INTEL_INFO);
+
+    if ( (mtrr_cap & 0xFF) != intel_info->saved_bsp_mtrrs.mtrr_vcnt ) {
         printk("Bootloader saved %ld MTRR values, but there should be %ld\n",
-               os_mle->saved_bsp_mtrrs.mtrr_vcnt, mtrr_cap & 0xFF);
+               intel_info->saved_bsp_mtrrs.mtrr_vcnt, mtrr_cap & 0xFF);
         /* Choose the smaller one to be on the safe side. */
-        mtrr_cap = (mtrr_cap & 0xFF) > os_mle->saved_bsp_mtrrs.mtrr_vcnt ?
-                   os_mle->saved_bsp_mtrrs.mtrr_vcnt : mtrr_cap;
+        mtrr_cap = (mtrr_cap & 0xFF) > intel_info->saved_bsp_mtrrs.mtrr_vcnt ?
+                   intel_info->saved_bsp_mtrrs.mtrr_vcnt : mtrr_cap;
     }
 
     /* Restore MTRRs saved by bootloader. */
-    wrmsrl(MSR_MTRRdefType, os_mle->saved_bsp_mtrrs.default_mem_type);
+    wrmsrl(MSR_MTRRdefType, intel_info->saved_bsp_mtrrs.default_mem_type);
 
     for ( i = 0; i < (uint8_t)mtrr_cap; i++ )
     {
-        base = os_mle->saved_bsp_mtrrs.mtrr_pair[i].mtrr_physbase;
-        mask = os_mle->saved_bsp_mtrrs.mtrr_pair[i].mtrr_physmask;
+        base = intel_info->saved_bsp_mtrrs.mtrr_pair[i].mtrr_physbase;
+        mask = intel_info->saved_bsp_mtrrs.mtrr_pair[i].mtrr_physmask;
         wrmsrl(MSR_IA32_MTRR_PHYSBASE(i), base);
         wrmsrl(MSR_IA32_MTRR_PHYSMASK(i), mask);
     }

diff --git a/xen/arch/x86/tpm.c b/xen/arch/x86/tpm.c
@@ -29,6 +29,7 @@ asm (
 
 #include "boot/defs.h"
 #include "include/asm/intel_txt.h"
+#include <xen/slr_table.h>
 #ifdef __va
 #error "__va defined in non-paged mode!"
 #endif
@@ -167,15 +168,6 @@ static inline bool is_tpm12(void)
             (tis_read32(TPM_STS_(0)) & TPM_FAMILY_MASK) == 0);
 }
 
-static inline void find_evt_log(void **evt_log, uint32_t *evt_log_size)
-{
-    struct txt_os_mle_data *os_mle;
-    os_mle = txt_os_mle_data_start(__va(read_txt_reg(TXTCR_HEAP_BASE)));
-
-    *evt_log = __va(os_mle->evtlog_addr);
-    *evt_log_size = os_mle->evtlog_size;
-}
-
 /****************************** TPM1.2 & TPM2.0 *******************************/
 
 /*
@@ -933,6 +925,7 @@ void tpm_hash_extend(unsigned loc, unsigned pcr, uint8_t *buf, unsigned size,
     uint32_t evt_log_size;
 
     find_evt_log(&evt_log_addr, &evt_log_size);
+    evt_log_addr = __va(evt_log_addr);
 
 #ifndef __EARLY_TPM__
     /*