On Wednesday 10 March 2010, Shane Wang wrote: > <compared with v2, this patch adds a check of array size in tboot.c, and a note > to specify which c/s of tboot supports this kind of MACing in intel_txt.txt> > > v3: Based on a complexity analysis and tradeoff, we moved all MAC'ing into > tboot. > > This patch adds support for S3 memory integrity protection within an Intel(R) > TXT launched kernel, for all kernel and userspace memory. All RAM used by the > kernel and userspace, as indicated by memory ranges of type E820_RAM and > E820_RESERVED_KERN in the e820 table, will be integrity protected. > > The MAINTAINERS file is also updated to reflect the maintainers of the > TXT-related code. > > Signed-off-by: Shane Wang <shane.wang@xxxxxxxxx> > Signed-off-by: Joseph Cihula <joseph.cihula@xxxxxxxxx> Acked-by: Rafael J. Wysocki <rjw@xxxxxxx> > Documentation/intel_txt.txt | 16 +++++++++------- > MAINTAINERS | 11 +++++++++++ > arch/x86/include/asm/e820.h | 7 ++++++- > arch/x86/kernel/tboot.c | 20 +++++++++++--------- > 4 files changed, 37 insertions(+), 17 deletions(-) > > diff -r d2911aa1461d Documentation/intel_txt.txt > --- a/Documentation/intel_txt.txt Thu Mar 04 09:37:53 2010 -0500 > +++ b/Documentation/intel_txt.txt Wed Mar 10 08:18:48 2010 -0500 > @@ -161,13 +161,15 @@ o In order to put a system into any of > has been restored, it will restore the TPM PCRs and then > transfer control back to the kernel's S3 resume vector. > In order to preserve system integrity across S3, the kernel > - provides tboot with a set of memory ranges (kernel > - code/data/bss, S3 resume code, and AP trampoline) that tboot > - will calculate a MAC (message authentication code) over and then > - seal with the TPM. On resume and once the measured environment > - has been re-established, tboot will re-calculate the MAC and > - verify it against the sealed value. Tboot's policy determines > - what happens if the verification fails. > + provides tboot with a set of memory ranges (RAM and RESERVED_KERN > + in the e820 table, but not any memory that BIOS might alter over > + the S3 transition) that tboot will calculate a MAC (message > + authentication code) over and then seal with the TPM. On resume > + and once the measured environment has been re-established, tboot > + will re-calculate the MAC and verify it against the sealed value. > + Tboot's policy determines what happens if the verification fails. > + Note that the c/s 194 of tboot which has the new MAC code supports > + this. > > That's pretty much it for TXT support. > > diff -r d2911aa1461d MAINTAINERS > --- a/MAINTAINERS Thu Mar 04 09:37:53 2010 -0500 > +++ b/MAINTAINERS Wed Mar 10 08:18:48 2010 -0500 > @@ -2891,6 +2891,17 @@ F: Documentation/networking/README.ipw22 > F: Documentation/networking/README.ipw2200 > F: drivers/net/wireless/ipw2x00/ipw2200.* > > +INTEL(R) TRUSTED EXECUTION TECHNOLOGY (TXT) > +M: Joseph Cihula <joseph.cihula@xxxxxxxxx> > +M: Shane Wang <shane.wang@xxxxxxxxx> > +L: tboot-devel@xxxxxxxxxxxxxxxxxxxxx > +W: http://tboot.sourceforge.net > +T: Mercurial http://www.bughost.org/repos.hg/tboot.hg > +S: Supported > +F: Documentation/intel_txt.txt > +F: include/linux/tboot.h > +F: arch/x86/kernel/tboot.c > + > INTEL WIRELESS WIMAX CONNECTION 2400 > M: Inaky Perez-Gonzalez <inaky.perez-gonzalez@xxxxxxxxx> > M: linux-wimax@xxxxxxxxx > diff -r d2911aa1461d arch/x86/include/asm/e820.h > --- a/arch/x86/include/asm/e820.h Thu Mar 04 09:37:53 2010 -0500 > +++ b/arch/x86/include/asm/e820.h Wed Mar 10 08:18:48 2010 -0500 > @@ -45,7 +45,12 @@ > #define E820_NVS 4 > #define E820_UNUSABLE 5 > > -/* reserved RAM used by kernel itself */ > +/* > + * reserved RAM used by kernel itself > + * if CONFIG_INTEL_TXT is enabled, memory of this type will be > + * included in the S3 integrity calculation and so should not include > + * any memory that BIOS might alter over the S3 transition > + */ > #define E820_RESERVED_KERN 128 > > #ifndef __ASSEMBLY__ > diff -r d2911aa1461d arch/x86/kernel/tboot.c > --- a/arch/x86/kernel/tboot.c Thu Mar 04 09:37:53 2010 -0500 > +++ b/arch/x86/kernel/tboot.c Wed Mar 10 08:18:48 2010 -0500 > @@ -130,6 +130,9 @@ static void add_mac_region(phys_addr_t s > struct tboot_mac_region *mr; > phys_addr_t end = start + size; > > + if (tboot->num_mac_regions >= MAX_TB_MAC_REGIONS) > + panic("tboot: Too many MAC regions\n"); > + > if (start && size) { > mr = &tboot->mac_regions[tboot->num_mac_regions++]; > mr->start = round_down(start, PAGE_SIZE); > @@ -139,18 +142,17 @@ static void add_mac_region(phys_addr_t s > > static void __init tboot_setup_sleep(void) > { > + int i; > + > tboot->num_mac_regions = 0; > > - /* S3 resume code */ > - add_mac_region(acpi_wakeup_address, WAKEUP_SIZE); > + for (i = 0; i < e820.nr_map; i++) { > + if ((e820.map[i].type != E820_RAM) > + && (e820.map[i].type != E820_RESERVED_KERN)) > + continue; > > -#ifdef CONFIG_X86_TRAMPOLINE > - /* AP trampoline code */ > - add_mac_region(virt_to_phys(trampoline_base), TRAMPOLINE_SIZE); > -#endif > - > - /* kernel code + data + bss */ > - add_mac_region(virt_to_phys(_text), _end - _text); > + add_mac_region(e820.map[i].addr, e820.map[i].size); > + } > > tboot->acpi_sinfo.kernel_s3_resume_vector = acpi_wakeup_address; > } > > _______________________________________________ linux-pm mailing list linux-pm@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/linux-pm
