This support allows the DRTM launch to be initiated after and EFI stub launch of the Linux kernel is done. This is accomplished by providing a handler to jump to when a Secure Launch is in progress. Signed-off-by: Ross Philipson <ross.philipson@xxxxxxxxxx> --- drivers/firmware/efi/libstub/x86-stub.c | 55 +++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index a0bfd31..66ff922 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -9,6 +9,7 @@ #include <linux/efi.h> #include <linux/pci.h> #include <linux/stddef.h> +#include <linux/slr_table.h> #include <asm/efi.h> #include <asm/e820/types.h> @@ -760,6 +761,57 @@ static efi_status_t exit_boot(struct boot_params *boot_params, void *handle) return EFI_SUCCESS; } +static void efi_secure_launch(struct boot_params *boot_params) +{ + struct slr_entry_uefi_config *uefi_config; + struct slr_uefi_cfg_entry *uefi_entry; + struct slr_entry_dl_info *dlinfo; + efi_guid_t guid = SLR_TABLE_GUID; + struct slr_table *slrt; + u64 memmap_hi; + void *table; + u8 buf[64] = {0}; + + table = get_efi_config_table(guid); + + /* + * The presence of this table indicated a Secure Launch + * is being requested. + */ + if (!table) + return; + + slrt = (struct slr_table *)table; + + if (slrt->magic != SLR_TABLE_MAGIC) + return; + + /* Add config information to measure the UEFI memory map */ + uefi_config = (struct slr_entry_uefi_config *)buf; + uefi_config->hdr.tag = SLR_ENTRY_UEFI_CONFIG; + uefi_config->hdr.size = sizeof(*uefi_config) + sizeof(*uefi_entry); + uefi_config->revision = SLR_UEFI_CONFIG_REVISION; + uefi_config->nr_entries = 1; + uefi_entry = (struct slr_uefi_cfg_entry *)(buf + sizeof(*uefi_config)); + uefi_entry->pcr = 18; + uefi_entry->cfg = boot_params->efi_info.efi_memmap; + memmap_hi = boot_params->efi_info.efi_memmap_hi; + uefi_entry->cfg |= memmap_hi << 32; + uefi_entry->size = boot_params->efi_info.efi_memmap_size; + memcpy(&uefi_entry->evt_info[0], "Measured UEFI memory map", + strlen("Measured UEFI memory map")); + + if (slr_add_entry(slrt, (struct slr_entry_hdr *)uefi_config)) + return; + + /* Jump through DL stub to initiate Secure Launch */ + dlinfo = (struct slr_entry_dl_info *) + slr_next_entry_by_tag(slrt, NULL, SLR_ENTRY_DL_INFO); + + asm volatile ("jmp *%%rax" + : : "a" (dlinfo->dl_handler), "D" (&dlinfo->bl_context)); +} + /* * On success, we return the address of startup_32, which has potentially been * relocated by efi_relocate_kernel. @@ -905,6 +957,9 @@ asmlinkage unsigned long efi_main(efi_handle_t handle, goto fail; } + /* If a secure launch is in progress, this never returns */ + efi_secure_launch(boot_params); + return bzimage_addr; fail: efi_err("efi_main() failed!\n"); -- 1.8.3.1