[RFC v6][PATCH 2/4] intel_txt: Intel(R) TXT reboot/halt shutdown support

[RFC v6][PATCH 2/4] intel_txt: Intel(R) TXT reboot/halt shutdown support

[Joseph Cihula]

Support for graceful handling of kernel reboots after an Intel(R) TXT launch.

Without this patch, attempting to reboot or halt the system will cause the
TXT hardware to lock memory upon system restart because the secrets-in-memory
flag that was set on launch was never cleared.  This will in turn cause BIOS
to execute a TXT Authenticated Code Module (ACM) that will scrub all of memory
and then unlock it.  Depending on the amount of memory in the system and its type,
this may take some time.

This patch creates a 1:1 address mapping to the tboot module and then calls back
into tboot so that it may properly and securely clean up system state and clear
the secrets-in-memory flag.  When it has completed these steps, the tboot module
will reboot or halt the system.


 arch/x86/kernel/reboot.c |    8 ++++++++
 init/main.c              |    3 +++
 2 files changed, 11 insertions(+)

Signed-off-by: Joseph Cihula <joseph.cihula@intel.com>
Signed-off-by: Shane Wang <shane.wang@intel.com>

---

diff -uprN -X linus-2.6.git-0629/Documentation/dontdiff linus-2.6.git-0629/arch/x86/kernel/reboot.c linus-2.6.git-0629-txt/arch/x86/kernel/reboot.c
--- linus-2.6.git-0629/arch/x86/kernel/reboot.c	2009-06-29 21:57:17.000000000 -0700
+++ linus-2.6.git-0629-txt/arch/x86/kernel/reboot.c	2009-06-30 16:00:28.000000000 -0700
@@ -24,6 +24,8 @@
 # include <asm/iommu.h>
 #endif
 
+#include <asm/tboot.h>
+
 /*
  * Power off function, if any
  */
@@ -460,6 +462,8 @@ static void native_machine_emergency_res
 	if (reboot_emergency)
 		emergency_vmx_disable_all();
 
+	tboot_shutdown(TB_SHUTDOWN_REBOOT);
+
 	/* Tell the BIOS if we want cold or warm reboot */
 	*((unsigned short *)__va(0x472)) = reboot_mode;
 
@@ -586,6 +590,8 @@ static void native_machine_halt(void)
 	/* stop other cpus and apics */
 	machine_shutdown();
 
+	tboot_shutdown(TB_SHUTDOWN_HALT);
+
 	/* stop this cpu */
 	stop_this_cpu(NULL);
 }
@@ -597,6 +603,8 @@ static void native_machine_power_off(voi
 			machine_shutdown();
 		pm_power_off();
 	}
+	/* a fallback in case there is no PM info available */
+	tboot_shutdown(TB_SHUTDOWN_HALT);
 }
 
 struct machine_ops machine_ops = {
diff -uprN -X linus-2.6.git-0629/Documentation/dontdiff linus-2.6.git-0629/init/main.c linus-2.6.git-0629-txt/init/main.c
--- linus-2.6.git-0629/init/main.c	2009-06-29 21:57:26.000000000 -0700
+++ linus-2.6.git-0629-txt/init/main.c	2009-06-29 22:23:07.000000000 -0700
@@ -73,6 +73,7 @@
 #include <asm/io.h>
 #include <asm/bugs.h>
 #include <asm/setup.h>
+#include <asm/tboot.h>
 #include <asm/sections.h>
 #include <asm/cacheflush.h>
 
@@ -715,6 +716,8 @@ asmlinkage void __init start_kernel(void
 
 	ftrace_init();
 
+	tboot_create_trampoline();
+
 	/* Do the rest non-__init'ed, we're now alive */
 	rest_init();
 }

Re: [RFC v6][PATCH 2/4] intel_txt: Intel(R) TXT reboot/halt shutdown support

[Ingo Molnar]

* Joseph Cihula <joseph.cihula@intel.com> wrote:

> diff -uprN -X linus-2.6.git-0629/Documentation/dontdiff linus-2.6.git-0629/init/main.c linus-2.6.git-0629-txt/init/main.c
> --- linus-2.6.git-0629/init/main.c	2009-06-29 21:57:26.000000000 -0700
> +++ linus-2.6.git-0629-txt/init/main.c	2009-06-29 22:23:07.000000000 -0700
> @@ -73,6 +73,7 @@
>  #include <asm/io.h>
>  #include <asm/bugs.h>
>  #include <asm/setup.h>
> +#include <asm/tboot.h>
>  #include <asm/sections.h>
>  #include <asm/cacheflush.h>
>  
> @@ -715,6 +716,8 @@ asmlinkage void __init start_kernel(void
>  
>  	ftrace_init();
>  
> +	tboot_create_trampoline();
> +
>  	/* Do the rest non-__init'ed, we're now alive */
>  	rest_init();
>  }

hm, this breaks the kernel build on every non-x86 architecture - 
none of which has asm/tboot.h.

	Ingo

Re: [RFC v6][PATCH 2/4] intel_txt: Intel(R) TXT reboot/halt shutdown support

[Ingo Molnar]

* Ingo Molnar <mingo@elte.hu> wrote:

> > +	tboot_create_trampoline();
> > +
> >  	/* Do the rest non-__init'ed, we're now alive */
> >  	rest_init();
> >  }
> 
> hm, this breaks the kernel build on every non-x86 architecture - 
> none of which has asm/tboot.h.

also, tboot modifies kernel/cpu.c (and that too breaks the build) - 
why? I've excluded x86/txt from tip:master for now.

	Ingo

RE: [RFC v6][PATCH 2/4] intel_txt: Intel(R) TXT reboot/halt shutdown support

[Wang, Shane]

[-- Attachment #1: Type: text/plain, Size: 576 bytes --]

Hi Ingo & hpa,

I have made some change on the previous tboot patch to fix the build errors.
Please comment.

Thanks.
Shane

Ingo Molnar wrote:
> * Ingo Molnar <mingo@elte.hu> wrote:
> 
>>> +	tboot_create_trampoline();
>>> +
>>>  	/* Do the rest non-__init'ed, we're now alive */
>>>  	rest_init();
>>>  }
>> 
>> hm, this breaks the kernel build on every non-x86 architecture -
>> none of which has asm/tboot.h.
> 
> also, tboot modifies kernel/cpu.c (and that too breaks the build) -
> why? I've excluded x86/txt from tip:master for now.
> 
> 	Ingo


[-- Attachment #2: tboot_fix.patch --]
[-- Type: application/octet-stream, Size: 2319 bytes --]

diff -r 04f249f00303 drivers/acpi/acpica/hwsleep.c
--- a/drivers/acpi/acpica/hwsleep.c	Tue Aug 18 12:06:57 2009 -0700
+++ b/drivers/acpi/acpica/hwsleep.c	Wed Aug 19 15:23:44 2009 -0700
@@ -45,7 +45,12 @@
 #include <acpi/acpi.h>
 #include "accommon.h"
 #include "actables.h"
+
+#ifdef CONFIG_X86
 #include <asm/tboot.h>
+#else
+#define tboot_sleep(sleep_state, pm1a_control, pm1b_control) do { } while (0)
+#endif
 
 #define _COMPONENT          ACPI_HARDWARE
 ACPI_MODULE_NAME("hwsleep")
diff -r 04f249f00303 drivers/pci/dmar.c
--- a/drivers/pci/dmar.c	Tue Aug 18 12:06:57 2009 -0700
+++ b/drivers/pci/dmar.c	Wed Aug 19 15:23:44 2009 -0700
@@ -33,7 +33,12 @@
 #include <linux/timer.h>
 #include <linux/irq.h>
 #include <linux/interrupt.h>
+
+#ifdef CONFIG_X86
 #include <asm/tboot.h>
+#else
+#define tboot_get_dmar_table(x) (x)
+#endif
 
 #undef PREFIX
 #define PREFIX "DMAR:"
diff -r 04f249f00303 drivers/pci/intel-iommu.c
--- a/drivers/pci/intel-iommu.c	Tue Aug 18 12:06:57 2009 -0700
+++ b/drivers/pci/intel-iommu.c	Wed Aug 19 15:23:44 2009 -0700
@@ -38,9 +38,14 @@
 #include <linux/intel-iommu.h>
 #include <linux/sysdev.h>
 #include <asm/cacheflush.h>
-#include <asm/tboot.h>
 #include <asm/iommu.h>
 #include "pci.h"
+
+#ifdef CONFIG_X86
+#include <asm/tboot.h>
+#else
+#define tboot_force_iommu() 0
+#endif
 
 #define ROOT_SIZE		VTD_PAGE_SIZE
 #define CONTEXT_SIZE		VTD_PAGE_SIZE
diff -r 04f249f00303 init/main.c
--- a/init/main.c	Tue Aug 18 12:06:57 2009 -0700
+++ b/init/main.c	Wed Aug 19 15:23:44 2009 -0700
@@ -73,13 +73,19 @@
 #include <asm/io.h>
 #include <asm/bugs.h>
 #include <asm/setup.h>
-#include <asm/tboot.h>
 #include <asm/sections.h>
 #include <asm/cacheflush.h>
 
 #ifdef CONFIG_X86_LOCAL_APIC
 #include <asm/smp.h>
 #endif
+
+#ifdef CONFIG_X86
+#include <asm/tboot.h>
+#else
+#define tboot_create_trampoline() do { } while (0)
+#endif
+
 
 static int kernel_init(void *);
 
diff -r 04f249f00303 kernel/cpu.c
--- a/kernel/cpu.c	Tue Aug 18 12:06:57 2009 -0700
+++ b/kernel/cpu.c	Wed Aug 19 15:23:44 2009 -0700
@@ -14,7 +14,12 @@
 #include <linux/kthread.h>
 #include <linux/stop_machine.h>
 #include <linux/mutex.h>
+
+#ifdef CONFIG_X86
 #include <asm/tboot.h>
+#else
+#define tboot_wait_for_aps(x) 0
+#endif
 
 #ifdef CONFIG_SMP
 /* Serializes the updates to cpu_online_mask, cpu_present_mask */

Re: [RFC v6][PATCH 2/4] intel_txt: Intel(R) TXT reboot/halt shutdown support

[H. Peter Anvin]

On 08/20/2009 02:33 AM, Wang, Shane wrote:
> Hi Ingo & hpa,
> 
> I have made some change on the previous tboot patch to fix the build errors.
> Please comment.
> 
> Thanks.
> Shane
> 

This code addresses the build errors, but not in the right manner.

We should not have to have tboot-specific #ifdefs in tons and tons of
arch-generic files; we need to figure out how to move them into code
flow already in arch-specific code, or we need to very carefully figure
out what additional arch-specific operations are needed at a higher level.

	-hpa

-- 
H. Peter Anvin, Intel Open Source Technology Center
I work for Intel.  I don't speak on their behalf.

Re: [RFC v6][PATCH 2/4] intel_txt: Intel(R) TXT reboot/halt shutdown support

[Andi Kleen]

On Thu, Aug 20, 2009 at 05:33:50PM +0800, Wang, Shane wrote:
> Hi Ingo & hpa,
> 
> I have made some change on the previous tboot patch to fix the build errors.
> Please comment.

The standard way to do this would be to define a linux/tboot.h
that does the ifdef and in the else path define dummy inlines
for these functions.

-Andi

[PATCH] txt: fix the build errors on non-X86 platforms

[Shane Wang]

This patch moves tboot.h from asm to linux to fix the build errors on non-X86 
platforms.

Signed-off-by: Shane Wang <shane.wang@intel.com>


diff -r 04f249f00303 arch/x86/include/asm/tboot.h
--- a/arch/x86/include/asm/tboot.h	Tue Aug 18 12:06:57 2009 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,197 +0,0 @@
-/*
- * tboot.h: shared data structure with tboot and kernel and functions
- *          used by kernel for runtime support of Intel(R) Trusted
- *          Execution Technology
- *
- * Copyright (c) 2006-2009, Intel Corporation
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms and conditions of the GNU General Public License,
- * version 2, as published by the Free Software Foundation.
- *
- * This program is distributed in the hope it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
- *
- */
-
-#ifndef _ASM_TBOOT_H
-#define _ASM_TBOOT_H
-
-#include <acpi/acpi.h>
-
-/* these must have the values from 0-5 in this order */
-enum {
-	TB_SHUTDOWN_REBOOT = 0,
-	TB_SHUTDOWN_S5,
-	TB_SHUTDOWN_S4,
-	TB_SHUTDOWN_S3,
-	TB_SHUTDOWN_HALT,
-	TB_SHUTDOWN_WFS
-};
-
-#ifdef CONFIG_INTEL_TXT
-
-/* used to communicate between tboot and the launched kernel */
-
-#define TB_KEY_SIZE             64   /* 512 bits */
-
-#define MAX_TB_MAC_REGIONS      32
-
-struct tboot_mac_region {
-	u64  start;         /* must be 64 byte -aligned */
-	u32  size;          /* must be 64 byte -granular */
-} __packed;
-
-/* GAS - Generic Address Structure (ACPI 2.0+) */
-struct tboot_acpi_generic_address {
-	u8  space_id;
-	u8  bit_width;
-	u8  bit_offset;
-	u8  access_width;
-	u64 address;
-} __packed;
-
-/*
- * combines Sx info from FADT and FACS tables per ACPI 2.0+ spec
- * (http://www.acpi.info/)
- */
-struct tboot_acpi_sleep_info {
-	struct tboot_acpi_generic_address pm1a_cnt_blk;
-	struct tboot_acpi_generic_address pm1b_cnt_blk;
-	struct tboot_acpi_generic_address pm1a_evt_blk;
-	struct tboot_acpi_generic_address pm1b_evt_blk;
-	u16 pm1a_cnt_val;
-	u16 pm1b_cnt_val;
-	u64 wakeup_vector;
-	u32 vector_width;
-	u64 kernel_s3_resume_vector;
-} __packed;
-
-/*
- * shared memory page used for communication between tboot and kernel
- */
-struct tboot {
-	/*
-	 * version 3+ fields:
-	 */
-
-	/* TBOOT_UUID */
-	u8 uuid[16];
-
-	/* version number: 5 is current */
-	u32 version;
-
-	/* physical addr of tb_log_t log */
-	u32 log_addr;
-
-	/*
-	 * physical addr of entry point for tboot shutdown and
-	 * type of shutdown (TB_SHUTDOWN_*) being requested
-	 */
-	u32 shutdown_entry;
-	u32 shutdown_type;
-
-	/* kernel-specified ACPI info for Sx shutdown */
-	struct tboot_acpi_sleep_info acpi_sinfo;
-
-	/* tboot location in memory (physical) */
-	u32 tboot_base;
-	u32 tboot_size;
-
-	/* memory regions (phys addrs) for tboot to MAC on S3 */
-	u8 num_mac_regions;
-	struct tboot_mac_region mac_regions[MAX_TB_MAC_REGIONS];
-
-
-	/*
-	 * version 4+ fields:
-	 */
-
-	/* symmetric key for use by kernel; will be encrypted on S3 */
-	u8 s3_key[TB_KEY_SIZE];
-
-
-	/*
-	 * version 5+ fields:
-	 */
-
-	/* used to 4byte-align num_in_wfs */
-	u8 reserved_align[3];
-
-	/* number of processors in wait-for-SIPI */
-	u32 num_in_wfs;
-} __packed;
-
-/*
- * UUID for tboot data struct to facilitate matching
- * defined as {663C8DFF-E8B3-4b82-AABF-19EA4D057A08} by tboot, which is
- * represented as {} in the char array used here
- */
-#define TBOOT_UUID	{0xff, 0x8d, 0x3c, 0x66, 0xb3, 0xe8, 0x82, 0x4b, 0xbf,\
-			 0xaa, 0x19, 0xea, 0x4d, 0x5, 0x7a, 0x8}
-
-extern struct tboot *tboot;
-
-static inline int tboot_enabled(void)
-{
-	return tboot != NULL;
-}
-
-extern void tboot_probe(void);
-extern void tboot_create_trampoline(void);
-extern void tboot_shutdown(u32 shutdown_type);
-extern void tboot_sleep(u8 sleep_state, u32 pm1a_control, u32 pm1b_control);
-extern int tboot_wait_for_aps(int num_aps);
-extern struct acpi_table_header *tboot_get_dmar_table(
-				      struct acpi_table_header *dmar_tbl);
-extern int tboot_force_iommu(void);
-
-#else     /* CONFIG_INTEL_TXT */
-
-static inline int tboot_enabled(void)
-{
-	return 0;
-}
-
-static inline void tboot_probe(void)
-{
-}
-
-static inline void tboot_create_trampoline(void)
-{
-}
-
-static inline void tboot_shutdown(u32 shutdown_type)
-{
-}
-
-static inline void tboot_sleep(u8 sleep_state, u32 pm1a_control,
-			       u32 pm1b_control)
-{
-}
-
-static inline int tboot_wait_for_aps(int num_aps)
-{
-	return 0;
-}
-
-static inline struct acpi_table_header *tboot_get_dmar_table(
-					struct acpi_table_header *dmar_tbl)
-{
-	return dmar_tbl;
-}
-
-static inline int tboot_force_iommu(void)
-{
-	return 0;
-}
-
-#endif /* !CONFIG_INTEL_TXT */
-
-#endif /* _ASM_TBOOT_H */
diff -r 04f249f00303 arch/x86/kernel/reboot.c
--- a/arch/x86/kernel/reboot.c	Tue Aug 18 12:06:57 2009 -0700
+++ b/arch/x86/kernel/reboot.c	Thu Aug 20 19:22:30 2009 -0700
@@ -4,6 +4,7 @@
  #include <linux/pm.h>
  #include <linux/efi.h>
  #include <linux/dmi.h>
+#include <linux/tboot.h>
  #include <acpi/reboot.h>
  #include <asm/io.h>
  #include <asm/apic.h>
@@ -23,8 +24,6 @@
  #else
  # include <asm/iommu.h>
  #endif
-
-#include <asm/tboot.h>

  /*
   * Power off function, if any
diff -r 04f249f00303 arch/x86/kernel/setup.c
--- a/arch/x86/kernel/setup.c	Tue Aug 18 12:06:57 2009 -0700
+++ b/arch/x86/kernel/setup.c	Thu Aug 20 19:22:30 2009 -0700
@@ -66,6 +66,7 @@

  #include <linux/percpu.h>
  #include <linux/crash_dump.h>
+#include <linux/tboot.h>

  #include <video/edid.h>

@@ -144,8 +145,6 @@ struct boot_params __initdata boot_param
  #else
  struct boot_params boot_params;
  #endif
-
-#include <asm/tboot.h>

  /*
   * Machine setup..
diff -r 04f249f00303 arch/x86/kernel/smpboot.c
--- a/arch/x86/kernel/smpboot.c	Tue Aug 18 12:06:57 2009 -0700
+++ b/arch/x86/kernel/smpboot.c	Thu Aug 20 19:22:30 2009 -0700
@@ -47,6 +47,7 @@
  #include <linux/bootmem.h>
  #include <linux/err.h>
  #include <linux/nmi.h>
+#include <linux/tboot.h>

  #include <asm/acpi.h>
  #include <asm/desc.h>
@@ -62,7 +63,6 @@
  #include <asm/vmi.h>
  #include <asm/apic.h>
  #include <asm/setup.h>
-#include <asm/tboot.h>
  #include <asm/uv/uv.h>
  #include <asm/debugreg.h>
  #include <linux/mc146818rtc.h>
diff -r 04f249f00303 arch/x86/kernel/tboot.c
--- a/arch/x86/kernel/tboot.c	Tue Aug 18 12:06:57 2009 -0700
+++ b/arch/x86/kernel/tboot.c	Thu Aug 20 19:22:30 2009 -0700
@@ -27,6 +27,7 @@
  #include <linux/dmar.h>
  #include <linux/pfn.h>
  #include <linux/mm.h>
+#include <linux/tboot.h>

  #include <asm/trampoline.h>
  #include <asm/processor.h>
@@ -36,7 +37,6 @@
  #include <asm/fixmap.h>
  #include <asm/proto.h>
  #include <asm/setup.h>
-#include <asm/tboot.h>
  #include <asm/e820.h>
  #include <asm/io.h>

diff -r 04f249f00303 drivers/acpi/acpica/hwsleep.c
--- a/drivers/acpi/acpica/hwsleep.c	Tue Aug 18 12:06:57 2009 -0700
+++ b/drivers/acpi/acpica/hwsleep.c	Thu Aug 20 19:22:30 2009 -0700
@@ -45,7 +45,7 @@
  #include <acpi/acpi.h>
  #include "accommon.h"
  #include "actables.h"
-#include <asm/tboot.h>
+#include <linux/tboot.h>

  #define _COMPONENT          ACPI_HARDWARE
  ACPI_MODULE_NAME("hwsleep")
diff -r 04f249f00303 drivers/pci/dmar.c
--- a/drivers/pci/dmar.c	Tue Aug 18 12:06:57 2009 -0700
+++ b/drivers/pci/dmar.c	Thu Aug 20 19:22:30 2009 -0700
@@ -33,7 +33,7 @@
  #include <linux/timer.h>
  #include <linux/irq.h>
  #include <linux/interrupt.h>
-#include <asm/tboot.h>
+#include <linux/tboot.h>

  #undef PREFIX
  #define PREFIX "DMAR:"
diff -r 04f249f00303 drivers/pci/intel-iommu.c
--- a/drivers/pci/intel-iommu.c	Tue Aug 18 12:06:57 2009 -0700
+++ b/drivers/pci/intel-iommu.c	Thu Aug 20 19:22:31 2009 -0700
@@ -37,8 +37,8 @@
  #include <linux/iommu.h>
  #include <linux/intel-iommu.h>
  #include <linux/sysdev.h>
+#include <linux/tboot.h>
  #include <asm/cacheflush.h>
-#include <asm/tboot.h>
  #include <asm/iommu.h>
  #include "pci.h"

diff -r 04f249f00303 include/linux/tboot.h
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/include/linux/tboot.h	Thu Aug 20 19:22:31 2009 -0700
@@ -0,0 +1,169 @@
+/*
+ * tboot.h: shared data structure with tboot and kernel and functions
+ *          used by kernel for runtime support of Intel(R) Trusted
+ *          Execution Technology
+ *
+ * Copyright (c) 2006-2009, Intel Corporation
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#ifndef _LINUX_TBOOT_H
+#define _LINUX_TBOOT_H
+
+#ifdef CONFIG_X86
+/* these must have the values from 0-5 in this order */
+enum {
+	TB_SHUTDOWN_REBOOT = 0,
+	TB_SHUTDOWN_S5,
+	TB_SHUTDOWN_S4,
+	TB_SHUTDOWN_S3,
+	TB_SHUTDOWN_HALT,
+	TB_SHUTDOWN_WFS
+};
+#endif
+
+#if defined(CONFIG_X86) && defined(CONFIG_INTEL_TXT)
+#include <acpi/acpi.h>
+/* used to communicate between tboot and the launched kernel */
+
+#define TB_KEY_SIZE             64   /* 512 bits */
+
+#define MAX_TB_MAC_REGIONS      32
+
+struct tboot_mac_region {
+	u64  start;         /* must be 64 byte -aligned */
+	u32  size;          /* must be 64 byte -granular */
+} __packed;
+
+/* GAS - Generic Address Structure (ACPI 2.0+) */
+struct tboot_acpi_generic_address {
+	u8  space_id;
+	u8  bit_width;
+	u8  bit_offset;
+	u8  access_width;
+	u64 address;
+} __packed;
+
+/*
+ * combines Sx info from FADT and FACS tables per ACPI 2.0+ spec
+ * (http://www.acpi.info/)
+ */
+struct tboot_acpi_sleep_info {
+	struct tboot_acpi_generic_address pm1a_cnt_blk;
+	struct tboot_acpi_generic_address pm1b_cnt_blk;
+	struct tboot_acpi_generic_address pm1a_evt_blk;
+	struct tboot_acpi_generic_address pm1b_evt_blk;
+	u16 pm1a_cnt_val;
+	u16 pm1b_cnt_val;
+	u64 wakeup_vector;
+	u32 vector_width;
+	u64 kernel_s3_resume_vector;
+} __packed;
+
+/*
+ * shared memory page used for communication between tboot and kernel
+ */
+struct tboot {
+	/*
+	 * version 3+ fields:
+	 */
+
+	/* TBOOT_UUID */
+	u8 uuid[16];
+
+	/* version number: 5 is current */
+	u32 version;
+
+	/* physical addr of tb_log_t log */
+	u32 log_addr;
+
+	/*
+	 * physical addr of entry point for tboot shutdown and
+	 * type of shutdown (TB_SHUTDOWN_*) being requested
+	 */
+	u32 shutdown_entry;
+	u32 shutdown_type;
+
+	/* kernel-specified ACPI info for Sx shutdown */
+	struct tboot_acpi_sleep_info acpi_sinfo;
+
+	/* tboot location in memory (physical) */
+	u32 tboot_base;
+	u32 tboot_size;
+
+	/* memory regions (phys addrs) for tboot to MAC on S3 */
+	u8 num_mac_regions;
+	struct tboot_mac_region mac_regions[MAX_TB_MAC_REGIONS];
+
+
+	/*
+	 * version 4+ fields:
+	 */
+
+	/* symmetric key for use by kernel; will be encrypted on S3 */
+	u8 s3_key[TB_KEY_SIZE];
+
+
+	/*
+	 * version 5+ fields:
+	 */
+
+	/* used to 4byte-align num_in_wfs */
+	u8 reserved_align[3];
+
+	/* number of processors in wait-for-SIPI */
+	u32 num_in_wfs;
+} __packed;
+
+/*
+ * UUID for tboot data struct to facilitate matching
+ * defined as {663C8DFF-E8B3-4b82-AABF-19EA4D057A08} by tboot, which is
+ * represented as {} in the char array used here
+ */
+#define TBOOT_UUID	{0xff, 0x8d, 0x3c, 0x66, 0xb3, 0xe8, 0x82, 0x4b, 0xbf,\
+			 0xaa, 0x19, 0xea, 0x4d, 0x5, 0x7a, 0x8}
+
+extern struct tboot *tboot;
+
+static inline int tboot_enabled(void)
+{
+	return tboot != NULL;
+}
+
+extern void tboot_probe(void);
+extern void tboot_create_trampoline(void);
+extern void tboot_shutdown(u32 shutdown_type);
+extern void tboot_sleep(u8 sleep_state, u32 pm1a_control, u32 pm1b_control);
+extern int tboot_wait_for_aps(int num_aps);
+extern struct acpi_table_header *tboot_get_dmar_table(
+				      struct acpi_table_header *dmar_tbl);
+extern int tboot_force_iommu(void);
+
+#else	/* !CONFIG_X86 || !CONFIG_INTEL_TXT */
+
+#define tboot_enabled()			0
+#define tboot_probe()			do { } while (0)
+#define tboot_create_trampoline()	do { } while (0)
+#define tboot_shutdown(shutdown_type)	do { } while (0)
+#define tboot_sleep(sleep_state, pm1a_control, pm1b_control)	\
+					do { } while (0)
+#define tboot_wait_for_aps(num_aps)	0
+#define tboot_get_dmar_table(dmar_tbl)	(dmar_tbl)
+#define tboot_force_iommu()		0
+
+#endif /* !CONFIG_X86 || !CONFIG_INTEL_TXT */
+
+#endif /* _LINUX_TBOOT_H */
diff -r 04f249f00303 init/main.c
--- a/init/main.c	Tue Aug 18 12:06:57 2009 -0700
+++ b/init/main.c	Thu Aug 20 19:22:31 2009 -0700
@@ -68,12 +68,12 @@
  #include <linux/async.h>
  #include <linux/kmemcheck.h>
  #include <linux/kmemtrace.h>
+#include <linux/tboot.h>
  #include <trace/boot.h>

  #include <asm/io.h>
  #include <asm/bugs.h>
  #include <asm/setup.h>
-#include <asm/tboot.h>
  #include <asm/sections.h>
  #include <asm/cacheflush.h>

diff -r 04f249f00303 kernel/cpu.c
--- a/kernel/cpu.c	Tue Aug 18 12:06:57 2009 -0700
+++ b/kernel/cpu.c	Thu Aug 20 19:22:31 2009 -0700
@@ -14,7 +14,7 @@
  #include <linux/kthread.h>
  #include <linux/stop_machine.h>
  #include <linux/mutex.h>
-#include <asm/tboot.h>
+#include <linux/tboot.h>

  #ifdef CONFIG_SMP
  /* Serializes the updates to cpu_online_mask, cpu_present_mask */

Re: [PATCH] txt: fix the build errors on non-X86 platforms

[Ingo Molnar]

* Shane Wang <shane.wang@intel.com> wrote:

> This patch moves tboot.h from asm to linux to fix the build errors 
> on non-X86 platforms.
>
> Signed-off-by: Shane Wang <shane.wang@intel.com>
>
>
> diff -r 04f249f00303 arch/x86/include/asm/tboot.h

[ small nit: please always generate diffstat information for your 
  patches as well, so that one can see which files are changed and 
  by how much. ]

This patch looks better, but i have to question why tboot modifies 
generic code at all.

i've attached those generic-code changes below. The init/main.c one 
could sure be done in x86 arch init code, or via an initcall, right? 

Regarding kernel/cpu.c. Tthis code in tboot_wait_for_aps() looks 
suspicious:

int tboot_wait_for_aps(int num_aps)
{
        unsigned long timeout;

        if (!tboot_enabled())
                return 0;

        timeout = jiffies + AP_WAIT_TIMEOUT*HZ;
        while (atomic_read((atomic_t *)&tboot->num_in_wfs) != num_aps &&
               time_before(jiffies, timeout))
                cpu_relax();

        return time_before(jiffies, timeout) ? 0 : 1;
}

the return code looks a bit racy - what if an AP came back just in 
the final moment. It should return whether num_in_wfs == num_aps.

But more importantly, why does this have to be done in generic code 
in kernel/smp.c? Why doesnt the x86 arch level bit of _cpu_down() 
check whether the CPU goes down. (or, if there's no proper 
signalling for that one in the tboot protocol - the _cpu_down() code 
in x86 could call tboot_wait_for_aps() if num_online_cpus() == 1 - 
no need to change generic code here.

Also, as i pointed it out in prior review, this depends on line:

+config INTEL_TXT
+       bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)"
+       depends on EXPERIMENTAL && X86 && DMAR && ACPI

should be turned into the standard:

	depends on HAVE_INTEL_TXT 

line, where arch/x86/Kconfig selects HAVE_INTEL_TXT. As we do it for 
other options as well.

	Ingo

---------------->

 init/main.c  |    3 +++
 kernel/cpu.c |    7 ++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/init/main.c b/init/main.c
index 2d9d6bd..f8e9124 100644
--- a/init/main.c
+++ b/init/main.c
@@ -73,6 +73,7 @@
 #include <asm/io.h>
 #include <asm/bugs.h>
 #include <asm/setup.h>
+#include <asm/tboot.h>
 #include <asm/sections.h>
 #include <asm/cacheflush.h>
 
@@ -715,6 +716,8 @@ asmlinkage void __init start_kernel(void)
 
 	ftrace_init();
 
+	tboot_create_trampoline();
+
 	/* Do the rest non-__init'ed, we're now alive */
 	rest_init();
 }
diff --git a/kernel/cpu.c b/kernel/cpu.c
index 8ce1004..ff071e0 100644
--- a/kernel/cpu.c
+++ b/kernel/cpu.c
@@ -14,6 +14,7 @@
 #include <linux/kthread.h>
 #include <linux/stop_machine.h>
 #include <linux/mutex.h>
+#include <asm/tboot.h>
 
 #ifdef CONFIG_SMP
 /* Serializes the updates to cpu_online_mask, cpu_present_mask */
@@ -376,7 +377,7 @@ static cpumask_var_t frozen_cpus;
 
 int disable_nonboot_cpus(void)
 {
-	int cpu, first_cpu, error;
+	int cpu, first_cpu, error, num_cpus = 0;
 
 	error = stop_machine_create();
 	if (error)
@@ -391,6 +392,7 @@ int disable_nonboot_cpus(void)
 	for_each_online_cpu(cpu) {
 		if (cpu == first_cpu)
 			continue;
+		num_cpus++;
 		error = _cpu_down(cpu, 1);
 		if (!error) {
 			cpumask_set_cpu(cpu, frozen_cpus);
@@ -401,6 +403,9 @@ int disable_nonboot_cpus(void)
 			break;
 		}
 	}
+	/* ensure all CPUs have gone into wait-for-SIPI */
+	error |= tboot_wait_for_aps(num_cpus);
+
 	if (!error) {
 		BUG_ON(num_online_cpus() > 1);
 		/* Make sure the CPUs won't be enabled by someone else */

Re: [PATCH] intel_txt: fix the build errors of intel_txt patch on non-X86 platforms

[Shane Wang]

Hi

Forget the previous patch. I misundertood Andi's comments. It should be this 
one. Please comment.

Thanks.
Shane


---
  arch/x86/Kconfig              |    4 +++
  drivers/acpi/acpica/hwsleep.c |    2 -
  drivers/pci/dmar.c            |    2 -
  drivers/pci/intel-iommu.c     |    2 -
  include/linux/tboot.h         |   35 ++++++++++++++++++++++++++++++++
  init/main.c                   |    2 -
  kernel/cpu.c                  |    2 -
  security/Kconfig              |    2 -
  8 files changed, 45 insertions(+), 6 deletions(-)

Signed-off-by: Shane Wang <shane.wang@intel.com>


diff -r e5406357eaf2 arch/x86/Kconfig
--- a/arch/x86/Kconfig	Thu Aug 20 21:10:50 2009 -0700
+++ b/arch/x86/Kconfig	Thu Aug 20 21:15:32 2009 -0700
@@ -179,6 +179,10 @@ config ARCH_SUPPORTS_OPTIMIZED_INLINING

  config ARCH_SUPPORTS_DEBUG_PAGEALLOC
  	def_bool y
+
+config ARCH_HAS_INTEL_TXT
+	def_bool y
+	depends on EXPERIMENTAL && DMAR && ACPI

  # Use the generic interrupt handling code in kernel/irq/:
  config GENERIC_HARDIRQS
diff -r e5406357eaf2 drivers/acpi/acpica/hwsleep.c
--- a/drivers/acpi/acpica/hwsleep.c	Thu Aug 20 21:10:50 2009 -0700
+++ b/drivers/acpi/acpica/hwsleep.c	Thu Aug 20 21:15:32 2009 -0700
@@ -45,7 +45,7 @@
  #include <acpi/acpi.h>
  #include "accommon.h"
  #include "actables.h"
-#include <asm/tboot.h>
+#include <linux/tboot.h>

  #define _COMPONENT          ACPI_HARDWARE
  ACPI_MODULE_NAME("hwsleep")
diff -r e5406357eaf2 drivers/pci/dmar.c
--- a/drivers/pci/dmar.c	Thu Aug 20 21:10:50 2009 -0700
+++ b/drivers/pci/dmar.c	Thu Aug 20 21:15:32 2009 -0700
@@ -33,7 +33,7 @@
  #include <linux/timer.h>
  #include <linux/irq.h>
  #include <linux/interrupt.h>
-#include <asm/tboot.h>
+#include <linux/tboot.h>

  #undef PREFIX
  #define PREFIX "DMAR:"
diff -r e5406357eaf2 drivers/pci/intel-iommu.c
--- a/drivers/pci/intel-iommu.c	Thu Aug 20 21:10:50 2009 -0700
+++ b/drivers/pci/intel-iommu.c	Thu Aug 20 21:15:32 2009 -0700
@@ -37,8 +37,8 @@
  #include <linux/iommu.h>
  #include <linux/intel-iommu.h>
  #include <linux/sysdev.h>
+#include <linux/tboot.h>
  #include <asm/cacheflush.h>
-#include <asm/tboot.h>
  #include <asm/iommu.h>
  #include "pci.h"

diff -r e5406357eaf2 include/linux/tboot.h
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/include/linux/tboot.h	Thu Aug 20 21:15:32 2009 -0700
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2006-2009, Intel Corporation
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#ifndef _LINUX_TBOOT_H
+#define _LINUX_TBOOT_H
+
+#ifdef CONFIG_ARCH_HAS_INTEL_TXT
+#include <asm/tboot.h>
+#else
+
+#define tboot_sleep(sleep_state, pm1a_control, pm1b_control)	\
+					do { } while (0)
+#define tboot_get_dmar_table(dmar_tbl)	(dmar_tbl)
+#define tboot_force_iommu()		0
+#define tboot_create_trampoline()	do { } while (0)
+#define tboot_wait_for_aps(num_aps)	0
+
+#endif /* !CONFIG_ARCH_HAS_INTEL_TXT */
+
+#endif /* _LINUX_TBOOT_H */
diff -r e5406357eaf2 init/main.c
--- a/init/main.c	Thu Aug 20 21:10:50 2009 -0700
+++ b/init/main.c	Thu Aug 20 21:15:32 2009 -0700
@@ -68,12 +68,12 @@
  #include <linux/async.h>
  #include <linux/kmemcheck.h>
  #include <linux/kmemtrace.h>
+#include <linux/tboot.h>
  #include <trace/boot.h>

  #include <asm/io.h>
  #include <asm/bugs.h>
  #include <asm/setup.h>
-#include <asm/tboot.h>
  #include <asm/sections.h>
  #include <asm/cacheflush.h>

diff -r e5406357eaf2 kernel/cpu.c
--- a/kernel/cpu.c	Thu Aug 20 21:10:50 2009 -0700
+++ b/kernel/cpu.c	Thu Aug 20 21:15:32 2009 -0700
@@ -14,7 +14,7 @@
  #include <linux/kthread.h>
  #include <linux/stop_machine.h>
  #include <linux/mutex.h>
-#include <asm/tboot.h>
+#include <linux/tboot.h>

  #ifdef CONFIG_SMP
  /* Serializes the updates to cpu_online_mask, cpu_present_mask */
diff -r e5406357eaf2 security/Kconfig
--- a/security/Kconfig	Thu Aug 20 21:10:50 2009 -0700
+++ b/security/Kconfig	Thu Aug 20 21:15:32 2009 -0700
@@ -131,7 +131,7 @@ config LSM_MMAP_MIN_ADDR

  config INTEL_TXT
  	bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)"
-	depends on EXPERIMENTAL && X86 && DMAR && ACPI
+	depends on ARCH_HAS_INTEL_TXT
  	help
  	  This option enables support for booting the kernel with the
  	  Trusted Boot (tboot) module. This will utilize


> 
> This patch looks better, but i have to question why tboot modifies 
> generic code at all.
> 
> i've attached those generic-code changes below. The init/main.c one 
> could sure be done in x86 arch init code, or via an initcall, right? 
As long as the page table is set up and the memory is initialized, since the 
tboot code is only to set up 1:1 mapping page table for later use. Do you mean 
setup_arch() in setup.c? I will try.

> 
> Regarding kernel/cpu.c. Tthis code in tboot_wait_for_aps() looks 
> suspicious:
> 
> int tboot_wait_for_aps(int num_aps)
> {
>         unsigned long timeout;
> 
>         if (!tboot_enabled())
>                 return 0;
> 
>         timeout = jiffies + AP_WAIT_TIMEOUT*HZ;
>         while (atomic_read((atomic_t *)&tboot->num_in_wfs) != num_aps &&
>                time_before(jiffies, timeout))
>                 cpu_relax();
> 
>         return time_before(jiffies, timeout) ? 0 : 1;
> }
> 
> the return code looks a bit racy - what if an AP came back just in 
> the final moment. It should return whether num_in_wfs == num_aps.
Yes;-) "return num_in_wfs == num_aps ? 1 : 0" should be better, right?

> 
> But more importantly, why does this have to be done in generic code 
> in kernel/smp.c? Why doesnt the x86 arch level bit of _cpu_down() 
> check whether the CPU goes down. (or, if there's no proper 
> signalling for that one in the tboot protocol - the _cpu_down() code 
> in x86 could call tboot_wait_for_aps() if num_online_cpus() == 1 - 
> no need to change generic code here.
> 
Which c file do you mentioned about _cpu_down()? I only can find _cpu_down() in 
kernel/cpu.c.

Re: [PATCH] intel_txt: fix the build errors of intel_txt patch on non-X86 platforms

[Ingo Molnar]

* Shane Wang <shane.wang@intel.com> wrote:

> Hi
>
> Forget the previous patch. I misundertood Andi's comments. It should be 
> this one. Please comment.
>
> Thanks.
> Shane
>
>
> ---
>  arch/x86/Kconfig              |    4 +++
>  drivers/acpi/acpica/hwsleep.c |    2 -
>  drivers/pci/dmar.c            |    2 -
>  drivers/pci/intel-iommu.c     |    2 -
>  include/linux/tboot.h         |   35 ++++++++++++++++++++++++++++++++
>  init/main.c                   |    2 -
>  kernel/cpu.c                  |    2 -
>  security/Kconfig              |    2 -
>  8 files changed, 45 insertions(+), 6 deletions(-)
>
> Signed-off-by: Shane Wang <shane.wang@intel.com>
>
>
> diff -r e5406357eaf2 arch/x86/Kconfig
> --- a/arch/x86/Kconfig	Thu Aug 20 21:10:50 2009 -0700
> +++ b/arch/x86/Kconfig	Thu Aug 20 21:15:32 2009 -0700
> @@ -179,6 +179,10 @@ config ARCH_SUPPORTS_OPTIMIZED_INLINING
>
>  config ARCH_SUPPORTS_DEBUG_PAGEALLOC
>  	def_bool y
> +
> +config ARCH_HAS_INTEL_TXT
> +	def_bool y
> +	depends on EXPERIMENTAL && DMAR && ACPI
>
>  # Use the generic interrupt handling code in kernel/irq/:
>  config GENERIC_HARDIRQS
> diff -r e5406357eaf2 drivers/acpi/acpica/hwsleep.c
> --- a/drivers/acpi/acpica/hwsleep.c	Thu Aug 20 21:10:50 2009 -0700
> +++ b/drivers/acpi/acpica/hwsleep.c	Thu Aug 20 21:15:32 2009 -0700
> @@ -45,7 +45,7 @@
>  #include <acpi/acpi.h>
>  #include "accommon.h"
>  #include "actables.h"
> -#include <asm/tboot.h>
> +#include <linux/tboot.h>
>
>  #define _COMPONENT          ACPI_HARDWARE
>  ACPI_MODULE_NAME("hwsleep")
> diff -r e5406357eaf2 drivers/pci/dmar.c
> --- a/drivers/pci/dmar.c	Thu Aug 20 21:10:50 2009 -0700
> +++ b/drivers/pci/dmar.c	Thu Aug 20 21:15:32 2009 -0700
> @@ -33,7 +33,7 @@
>  #include <linux/timer.h>
>  #include <linux/irq.h>
>  #include <linux/interrupt.h>
> -#include <asm/tboot.h>
> +#include <linux/tboot.h>
>
>  #undef PREFIX
>  #define PREFIX "DMAR:"
> diff -r e5406357eaf2 drivers/pci/intel-iommu.c
> --- a/drivers/pci/intel-iommu.c	Thu Aug 20 21:10:50 2009 -0700
> +++ b/drivers/pci/intel-iommu.c	Thu Aug 20 21:15:32 2009 -0700
> @@ -37,8 +37,8 @@
>  #include <linux/iommu.h>
>  #include <linux/intel-iommu.h>
>  #include <linux/sysdev.h>
> +#include <linux/tboot.h>
>  #include <asm/cacheflush.h>
> -#include <asm/tboot.h>
>  #include <asm/iommu.h>
>  #include "pci.h"
>
> diff -r e5406357eaf2 include/linux/tboot.h
> --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
> +++ b/include/linux/tboot.h	Thu Aug 20 21:15:32 2009 -0700
> @@ -0,0 +1,35 @@
> +/*
> + * Copyright (c) 2006-2009, Intel Corporation
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms and conditions of the GNU General Public License,
> + * version 2, as published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope it will be useful, but WITHOUT
> + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> + * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
> + * more details.
> + *
> + * You should have received a copy of the GNU General Public License along with
> + * this program; if not, write to the Free Software Foundation, Inc.,
> + * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
> + *
> + */
> +
> +#ifndef _LINUX_TBOOT_H
> +#define _LINUX_TBOOT_H
> +
> +#ifdef CONFIG_ARCH_HAS_INTEL_TXT
> +#include <asm/tboot.h>
> +#else
> +
> +#define tboot_sleep(sleep_state, pm1a_control, pm1b_control)	\
> +					do { } while (0)
> +#define tboot_get_dmar_table(dmar_tbl)	(dmar_tbl)
> +#define tboot_force_iommu()		0
> +#define tboot_create_trampoline()	do { } while (0)
> +#define tboot_wait_for_aps(num_aps)	0
> +
> +#endif /* !CONFIG_ARCH_HAS_INTEL_TXT */

If then these should be dummy inlines - but in any case, do you 
expect tboot to be used by non-x86 too?

> +#endif /* _LINUX_TBOOT_H */
> diff -r e5406357eaf2 init/main.c
> --- a/init/main.c	Thu Aug 20 21:10:50 2009 -0700
> +++ b/init/main.c	Thu Aug 20 21:15:32 2009 -0700
> @@ -68,12 +68,12 @@
>  #include <linux/async.h>
>  #include <linux/kmemcheck.h>
>  #include <linux/kmemtrace.h>
> +#include <linux/tboot.h>
>  #include <trace/boot.h>
>
>  #include <asm/io.h>
>  #include <asm/bugs.h>
>  #include <asm/setup.h>
> -#include <asm/tboot.h>
>  #include <asm/sections.h>
>  #include <asm/cacheflush.h>
>
> diff -r e5406357eaf2 kernel/cpu.c
> --- a/kernel/cpu.c	Thu Aug 20 21:10:50 2009 -0700
> +++ b/kernel/cpu.c	Thu Aug 20 21:15:32 2009 -0700
> @@ -14,7 +14,7 @@
>  #include <linux/kthread.h>
>  #include <linux/stop_machine.h>
>  #include <linux/mutex.h>
> -#include <asm/tboot.h>
> +#include <linux/tboot.h>
>
>  #ifdef CONFIG_SMP
>  /* Serializes the updates to cpu_online_mask, cpu_present_mask */
> diff -r e5406357eaf2 security/Kconfig
> --- a/security/Kconfig	Thu Aug 20 21:10:50 2009 -0700
> +++ b/security/Kconfig	Thu Aug 20 21:15:32 2009 -0700
> @@ -131,7 +131,7 @@ config LSM_MMAP_MIN_ADDR
>
>  config INTEL_TXT
>  	bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)"
> -	depends on EXPERIMENTAL && X86 && DMAR && ACPI
> +	depends on ARCH_HAS_INTEL_TXT

Nit: what i suggested was HAVE_INTEL_TXT - that is the standard 
kbuild solution these days. (ARCH_HAS_* is legacy-ish)

>> This patch looks better, but i have to question why tboot 
>> modifies generic code at all.
>>
>> i've attached those generic-code changes below. The init/main.c 
>> one could sure be done in x86 arch init code, or via an initcall, 
>> right?
>
> As long as the page table is set up and the memory is initialized, 
> since the tboot code is only to set up 1:1 mapping page table for 
> later use. Do you mean setup_arch() in setup.c? I will try.

yes, something like that. (i have not checked the init dependencies, 
so other places might be more suitable - but setup_arch() definitely 
sounds good. You obviously want to unlock your hardware ASAP.)

>> Regarding kernel/cpu.c. Tthis code in tboot_wait_for_aps() looks  
>> suspicious:
>>
>> int tboot_wait_for_aps(int num_aps)
>> {
>>         unsigned long timeout;
>>
>>         if (!tboot_enabled())
>>                 return 0;
>>
>>         timeout = jiffies + AP_WAIT_TIMEOUT*HZ;
>>         while (atomic_read((atomic_t *)&tboot->num_in_wfs) != num_aps &&
>>                time_before(jiffies, timeout))
>>                 cpu_relax();
>>
>>         return time_before(jiffies, timeout) ? 0 : 1;
>> }
>>
>> the return code looks a bit racy - what if an AP came back just in the 
>> final moment. It should return whether num_in_wfs == num_aps.
>
> Yes;-) "return num_in_wfs == num_aps ? 1 : 0" should be better, right?

better yes - cleaner, not ;-)

jiffies loops are dubious anyway - what if this code ever gets 
called from an irqs-off section? If you want to break out then 
please use mdelay based loops and print a warning message if the 
code has to break out after the timeout and the APs have not 
hand-shaken with us properly.

>> But more importantly, why does this have to be done in generic code in 
>> kernel/smp.c? Why doesnt the x86 arch level bit of _cpu_down() check 
>> whether the CPU goes down. (or, if there's no proper signalling for 
>> that one in the tboot protocol - the _cpu_down() code in x86 could call 
>> tboot_wait_for_aps() if num_online_cpus() == 1 - no need to change 
>> generic code here.
>>
> Which c file do you mentioned about _cpu_down()? I only can find 
> _cpu_down() in kernel/cpu.c.

_cpu_down() is a thin wrapper and there's architecture code that 
does the real thing: __cpu_disable() / smp_ops.cpu_disable() on x86. 

Plus there's a CPU notifier chain action as well you can register to 
via the kernel/cpu.c APIs, and provide a CPU_DYING handler.

(I'd argue for the latter in this case, it's more generic and can 
stay local to the tboot code.)

	Ingo

Re: [PATCH] intel_txt: fix the build errors of intel_txt patch on non-X86 platforms

[H. Peter Anvin]

On 08/21/2009 09:12 AM, Ingo Molnar wrote:
> 
> * Shane Wang <shane.wang@intel.com> wrote:
> 
>> Hi
>>
>> Forget the previous patch. I misundertood Andi's comments. It should be 
>> this one. Please comment.
>>
>> Thanks.
>> Shane
>>
>>
>> ---
>>  arch/x86/Kconfig              |    4 +++
>>  drivers/acpi/acpica/hwsleep.c |    2 -
>>  drivers/pci/dmar.c            |    2 -
>>  drivers/pci/intel-iommu.c     |    2 -
>>  include/linux/tboot.h         |   35 ++++++++++++++++++++++++++++++++
>>  init/main.c                   |    2 -
>>  kernel/cpu.c                  |    2 -
>>  security/Kconfig              |    2 -
>>  8 files changed, 45 insertions(+), 6 deletions(-)
>>
>> Signed-off-by: Shane Wang <shane.wang@intel.com>
>>
>>
>> diff -r e5406357eaf2 arch/x86/Kconfig
>> --- a/arch/x86/Kconfig	Thu Aug 20 21:10:50 2009 -0700
>> +++ b/arch/x86/Kconfig	Thu Aug 20 21:15:32 2009 -0700
>> @@ -179,6 +179,10 @@ config ARCH_SUPPORTS_OPTIMIZED_INLINING
>>
>>  config ARCH_SUPPORTS_DEBUG_PAGEALLOC
>>  	def_bool y
>> +
>> +config ARCH_HAS_INTEL_TXT
>> +	def_bool y
>> +	depends on EXPERIMENTAL && DMAR && ACPI
>>
>>  # Use the generic interrupt handling code in kernel/irq/:
>>  config GENERIC_HARDIRQS
>> diff -r e5406357eaf2 drivers/acpi/acpica/hwsleep.c
>> --- a/drivers/acpi/acpica/hwsleep.c	Thu Aug 20 21:10:50 2009 -0700
>> +++ b/drivers/acpi/acpica/hwsleep.c	Thu Aug 20 21:15:32 2009 -0700
>> @@ -45,7 +45,7 @@
>>  #include <acpi/acpi.h>
>>  #include "accommon.h"
>>  #include "actables.h"
>> -#include <asm/tboot.h>
>> +#include <linux/tboot.h>
>>
>>  #define _COMPONENT          ACPI_HARDWARE
>>  ACPI_MODULE_NAME("hwsleep")
>> diff -r e5406357eaf2 drivers/pci/dmar.c
>> --- a/drivers/pci/dmar.c	Thu Aug 20 21:10:50 2009 -0700
>> +++ b/drivers/pci/dmar.c	Thu Aug 20 21:15:32 2009 -0700
>> @@ -33,7 +33,7 @@
>>  #include <linux/timer.h>
>>  #include <linux/irq.h>
>>  #include <linux/interrupt.h>
>> -#include <asm/tboot.h>
>> +#include <linux/tboot.h>
>>
>>  #undef PREFIX
>>  #define PREFIX "DMAR:"
>> diff -r e5406357eaf2 drivers/pci/intel-iommu.c
>> --- a/drivers/pci/intel-iommu.c	Thu Aug 20 21:10:50 2009 -0700
>> +++ b/drivers/pci/intel-iommu.c	Thu Aug 20 21:15:32 2009 -0700
>> @@ -37,8 +37,8 @@
>>  #include <linux/iommu.h>
>>  #include <linux/intel-iommu.h>
>>  #include <linux/sysdev.h>
>> +#include <linux/tboot.h>
>>  #include <asm/cacheflush.h>
>> -#include <asm/tboot.h>
>>  #include <asm/iommu.h>
>>  #include "pci.h"
>>
>> diff -r e5406357eaf2 include/linux/tboot.h
>> --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
>> +++ b/include/linux/tboot.h	Thu Aug 20 21:15:32 2009 -0700
>> @@ -0,0 +1,35 @@
>> +/*
>> + * Copyright (c) 2006-2009, Intel Corporation
>> + *
>> + * This program is free software; you can redistribute it and/or modify it
>> + * under the terms and conditions of the GNU General Public License,
>> + * version 2, as published by the Free Software Foundation.
>> + *
>> + * This program is distributed in the hope it will be useful, but WITHOUT
>> + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
>> + * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
>> + * more details.
>> + *
>> + * You should have received a copy of the GNU General Public License along with
>> + * this program; if not, write to the Free Software Foundation, Inc.,
>> + * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
>> + *
>> + */
>> +
>> +#ifndef _LINUX_TBOOT_H
>> +#define _LINUX_TBOOT_H
>> +
>> +#ifdef CONFIG_ARCH_HAS_INTEL_TXT
>> +#include <asm/tboot.h>
>> +#else
>> +
>> +#define tboot_sleep(sleep_state, pm1a_control, pm1b_control)	\
>> +					do { } while (0)
>> +#define tboot_get_dmar_table(dmar_tbl)	(dmar_tbl)
>> +#define tboot_force_iommu()		0
>> +#define tboot_create_trampoline()	do { } while (0)
>> +#define tboot_wait_for_aps(num_aps)	0
>> +
>> +#endif /* !CONFIG_ARCH_HAS_INTEL_TXT */
> 
> If then these should be dummy inlines - but in any case, do you 
> expect tboot to be used by non-x86 too?
> 

It would have to be IA64 ... I can't ask Tony since he's out, but I
would assume it is x86-specific at this point.

	-hpa

RE: [PATCH] intel_txt: fix the build errors of intel_txt patch on non-X86 platforms

[Wang, Shane]

>> 
>> If then these should be dummy inlines - but in any case, do you
>> expect tboot to be used by non-x86 too?
>> 
> 
> It would have to be IA64 ... I can't ask Tony since he's out, but I
> would assume it is x86-specific at this point.
> 
> 	-hpa

Yes, to my knowledge, it is x86 at this point. TXT-SX is the server extension also for ia32 only.

Shane

Re: [PATCH] intel_txt: fix the build errors of intel_txt patch on non-X86 platforms

[Ingo Molnar]

* Wang, Shane <shane.wang@intel.com> wrote:

> >> 
> >> If then these should be dummy inlines - but in any case, do you
> >> expect tboot to be used by non-x86 too?
> >> 
> > 
> > It would have to be IA64 ... I can't ask Tony since he's out, but I
> > would assume it is x86-specific at this point.
> > 
> > 	-hpa
> 
> Yes, to my knowledge, it is x86 at this point. TXT-SX is the 
> server extension also for ia32 only.

Then i'd suggest to keep it simple and clean for now and move those 
very few lines to arch/x86 files only. It will be easy to generalize 
it later on, should the need arise.

	Ingo

Re: [PATCH] intel_txt: fix the build errors of intel_txt patch on non-X86 platforms

[Shane Wang]

This patch moves tboot.h from asm to linux to fix the build errors of intel_txt 
patch on non-X86 platforms, and removes the tboot code from generic code 
init/main.c and kernel/cpu.c.

--
  arch/x86/Kconfig              |    4
  arch/x86/include/asm/tboot.h  |  197 --------------------------------
  arch/x86/kernel/reboot.c      |    3
  arch/x86/kernel/setup.c       |    3
  arch/x86/kernel/smpboot.c     |    2
  arch/x86/kernel/tboot.c       |   58 +++++++--
  drivers/acpi/acpica/hwsleep.c |    2
  drivers/pci/dmar.c            |    2
  drivers/pci/intel-iommu.c     |    2
  include/linux/tboot.h         |  164 ++++++++++++++++++++++++++
  init/main.c                   |    3
  kernel/cpu.c                  |    6
  security/Kconfig              |    2
  13 files changed, 223 insertions(+), 225 deletions(-)


Signed-off-by: Shane Wang <shane.wang@intel.com>

diff -r e5406357eaf2 arch/x86/Kconfig
--- a/arch/x86/Kconfig	Thu Aug 20 21:10:50 2009 -0700
+++ b/arch/x86/Kconfig	Tue Aug 25 11:49:19 2009 -0700
@@ -179,6 +179,10 @@ config ARCH_SUPPORTS_OPTIMIZED_INLINING

  config ARCH_SUPPORTS_DEBUG_PAGEALLOC
  	def_bool y
+
+config HAVE_INTEL_TXT
+	def_bool y
+	depends on EXPERIMENTAL && DMAR && ACPI

  # Use the generic interrupt handling code in kernel/irq/:
  config GENERIC_HARDIRQS
diff -r e5406357eaf2 arch/x86/include/asm/tboot.h
--- a/arch/x86/include/asm/tboot.h	Thu Aug 20 21:10:50 2009 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,197 +0,0 @@
-/*
- * tboot.h: shared data structure with tboot and kernel and functions
- *          used by kernel for runtime support of Intel(R) Trusted
- *          Execution Technology
- *
- * Copyright (c) 2006-2009, Intel Corporation
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms and conditions of the GNU General Public License,
- * version 2, as published by the Free Software Foundation.
- *
- * This program is distributed in the hope it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
- *
- */
-
-#ifndef _ASM_TBOOT_H
-#define _ASM_TBOOT_H
-
-#include <acpi/acpi.h>
-
-/* these must have the values from 0-5 in this order */
-enum {
-	TB_SHUTDOWN_REBOOT = 0,
-	TB_SHUTDOWN_S5,
-	TB_SHUTDOWN_S4,
-	TB_SHUTDOWN_S3,
-	TB_SHUTDOWN_HALT,
-	TB_SHUTDOWN_WFS
-};
-
-#ifdef CONFIG_INTEL_TXT
-
-/* used to communicate between tboot and the launched kernel */
-
-#define TB_KEY_SIZE             64   /* 512 bits */
-
-#define MAX_TB_MAC_REGIONS      32
-
-struct tboot_mac_region {
-	u64  start;         /* must be 64 byte -aligned */
-	u32  size;          /* must be 64 byte -granular */
-} __packed;
-
-/* GAS - Generic Address Structure (ACPI 2.0+) */
-struct tboot_acpi_generic_address {
-	u8  space_id;
-	u8  bit_width;
-	u8  bit_offset;
-	u8  access_width;
-	u64 address;
-} __packed;
-
-/*
- * combines Sx info from FADT and FACS tables per ACPI 2.0+ spec
- * (http://www.acpi.info/)
- */
-struct tboot_acpi_sleep_info {
-	struct tboot_acpi_generic_address pm1a_cnt_blk;
-	struct tboot_acpi_generic_address pm1b_cnt_blk;
-	struct tboot_acpi_generic_address pm1a_evt_blk;
-	struct tboot_acpi_generic_address pm1b_evt_blk;
-	u16 pm1a_cnt_val;
-	u16 pm1b_cnt_val;
-	u64 wakeup_vector;
-	u32 vector_width;
-	u64 kernel_s3_resume_vector;
-} __packed;
-
-/*
- * shared memory page used for communication between tboot and kernel
- */
-struct tboot {
-	/*
-	 * version 3+ fields:
-	 */
-
-	/* TBOOT_UUID */
-	u8 uuid[16];
-
-	/* version number: 5 is current */
-	u32 version;
-
-	/* physical addr of tb_log_t log */
-	u32 log_addr;
-
-	/*
-	 * physical addr of entry point for tboot shutdown and
-	 * type of shutdown (TB_SHUTDOWN_*) being requested
-	 */
-	u32 shutdown_entry;
-	u32 shutdown_type;
-
-	/* kernel-specified ACPI info for Sx shutdown */
-	struct tboot_acpi_sleep_info acpi_sinfo;
-
-	/* tboot location in memory (physical) */
-	u32 tboot_base;
-	u32 tboot_size;
-
-	/* memory regions (phys addrs) for tboot to MAC on S3 */
-	u8 num_mac_regions;
-	struct tboot_mac_region mac_regions[MAX_TB_MAC_REGIONS];
-
-
-	/*
-	 * version 4+ fields:
-	 */
-
-	/* symmetric key for use by kernel; will be encrypted on S3 */
-	u8 s3_key[TB_KEY_SIZE];
-
-
-	/*
-	 * version 5+ fields:
-	 */
-
-	/* used to 4byte-align num_in_wfs */
-	u8 reserved_align[3];
-
-	/* number of processors in wait-for-SIPI */
-	u32 num_in_wfs;
-} __packed;
-
-/*
- * UUID for tboot data struct to facilitate matching
- * defined as {663C8DFF-E8B3-4b82-AABF-19EA4D057A08} by tboot, which is
- * represented as {} in the char array used here
- */
-#define TBOOT_UUID	{0xff, 0x8d, 0x3c, 0x66, 0xb3, 0xe8, 0x82, 0x4b, 0xbf,\
-			 0xaa, 0x19, 0xea, 0x4d, 0x5, 0x7a, 0x8}
-
-extern struct tboot *tboot;
-
-static inline int tboot_enabled(void)
-{
-	return tboot != NULL;
-}
-
-extern void tboot_probe(void);
-extern void tboot_create_trampoline(void);
-extern void tboot_shutdown(u32 shutdown_type);
-extern void tboot_sleep(u8 sleep_state, u32 pm1a_control, u32 pm1b_control);
-extern int tboot_wait_for_aps(int num_aps);
-extern struct acpi_table_header *tboot_get_dmar_table(
-				      struct acpi_table_header *dmar_tbl);
-extern int tboot_force_iommu(void);
-
-#else     /* CONFIG_INTEL_TXT */
-
-static inline int tboot_enabled(void)
-{
-	return 0;
-}
-
-static inline void tboot_probe(void)
-{
-}
-
-static inline void tboot_create_trampoline(void)
-{
-}
-
-static inline void tboot_shutdown(u32 shutdown_type)
-{
-}
-
-static inline void tboot_sleep(u8 sleep_state, u32 pm1a_control,
-			       u32 pm1b_control)
-{
-}
-
-static inline int tboot_wait_for_aps(int num_aps)
-{
-	return 0;
-}
-
-static inline struct acpi_table_header *tboot_get_dmar_table(
-					struct acpi_table_header *dmar_tbl)
-{
-	return dmar_tbl;
-}
-
-static inline int tboot_force_iommu(void)
-{
-	return 0;
-}
-
-#endif /* !CONFIG_INTEL_TXT */
-
-#endif /* _ASM_TBOOT_H */
diff -r e5406357eaf2 arch/x86/kernel/reboot.c
--- a/arch/x86/kernel/reboot.c	Thu Aug 20 21:10:50 2009 -0700
+++ b/arch/x86/kernel/reboot.c	Tue Aug 25 11:49:19 2009 -0700
@@ -4,6 +4,7 @@
  #include <linux/pm.h>
  #include <linux/efi.h>
  #include <linux/dmi.h>
+#include <linux/tboot.h>
  #include <acpi/reboot.h>
  #include <asm/io.h>
  #include <asm/apic.h>
@@ -23,8 +24,6 @@
  #else
  # include <asm/iommu.h>
  #endif
-
-#include <asm/tboot.h>

  /*
   * Power off function, if any
diff -r e5406357eaf2 arch/x86/kernel/setup.c
--- a/arch/x86/kernel/setup.c	Thu Aug 20 21:10:50 2009 -0700
+++ b/arch/x86/kernel/setup.c	Tue Aug 25 11:49:19 2009 -0700
@@ -66,6 +66,7 @@

  #include <linux/percpu.h>
  #include <linux/crash_dump.h>
+#include <linux/tboot.h>

  #include <video/edid.h>

@@ -144,8 +145,6 @@ struct boot_params __initdata boot_param
  #else
  struct boot_params boot_params;
  #endif
-
-#include <asm/tboot.h>

  /*
   * Machine setup..
diff -r e5406357eaf2 arch/x86/kernel/smpboot.c
--- a/arch/x86/kernel/smpboot.c	Thu Aug 20 21:10:50 2009 -0700
+++ b/arch/x86/kernel/smpboot.c	Tue Aug 25 11:49:19 2009 -0700
@@ -47,6 +47,7 @@
  #include <linux/bootmem.h>
  #include <linux/err.h>
  #include <linux/nmi.h>
+#include <linux/tboot.h>

  #include <asm/acpi.h>
  #include <asm/desc.h>
@@ -62,7 +63,6 @@
  #include <asm/vmi.h>
  #include <asm/apic.h>
  #include <asm/setup.h>
-#include <asm/tboot.h>
  #include <asm/uv/uv.h>
  #include <asm/debugreg.h>
  #include <linux/mc146818rtc.h>
diff -r e5406357eaf2 arch/x86/kernel/tboot.c
--- a/arch/x86/kernel/tboot.c	Thu Aug 20 21:10:50 2009 -0700
+++ b/arch/x86/kernel/tboot.c	Tue Aug 25 11:49:19 2009 -0700
@@ -22,11 +22,14 @@
  #include <linux/dma_remapping.h>
  #include <linux/init_task.h>
  #include <linux/spinlock.h>
+#include <linux/delay.h>
  #include <linux/sched.h>
  #include <linux/init.h>
  #include <linux/dmar.h>
+#include <linux/cpu.h>
  #include <linux/pfn.h>
  #include <linux/mm.h>
+#include <linux/tboot.h>

  #include <asm/trampoline.h>
  #include <asm/processor.h>
@@ -36,7 +39,6 @@
  #include <asm/fixmap.h>
  #include <asm/proto.h>
  #include <asm/setup.h>
-#include <asm/tboot.h>
  #include <asm/e820.h>
  #include <asm/io.h>

@@ -154,12 +156,9 @@ static int map_tboot_pages(unsigned long
  	return 0;
  }

-void tboot_create_trampoline(void)
+static void tboot_create_trampoline(void)
  {
  	u32 map_base, map_size;
-
-	if (!tboot_enabled())
-		return;

  	/* Create identity map for tboot shutdown code. */
  	map_base = PFN_DOWN(tboot->tboot_base);
@@ -295,20 +294,57 @@ void tboot_sleep(u8 sleep_state, u32 pm1
  	tboot_shutdown(acpi_shutdown_map[sleep_state]);
  }

-int tboot_wait_for_aps(int num_aps)
+static atomic_t ap_wfs_count;
+
+static int tboot_wait_for_aps(int num_aps)
  {
  	unsigned long timeout;

+	timeout = AP_WAIT_TIMEOUT*HZ;
+	while (atomic_read((atomic_t *)&tboot->num_in_wfs) != num_aps &&
+	       timeout) {
+		mdelay(1);
+		timeout--;
+	}
+
+	if (timeout)
+		pr_warning("tboot wait for APs timeout\n");
+
+	return !(atomic_read((atomic_t *)&tboot->num_in_wfs) == num_aps);
+}
+
+static int __cpuinit tboot_cpu_callback(struct notifier_block *nfb,
+			unsigned long action, void *hcpu)
+{
+	switch (action) {
+	case CPU_DYING:
+		atomic_inc(&ap_wfs_count);
+		if (num_online_cpus() == 1)
+			if (tboot_wait_for_aps(atomic_read(&ap_wfs_count)))
+				return NOTIFY_BAD;
+		break;
+	}
+	return NOTIFY_OK;
+}
+
+static struct notifier_block tboot_cpu_notifier __cpuinitdata =
+{
+	.notifier_call = tboot_cpu_callback,
+};
+
+static __init int tboot_late_init(void)
+{
  	if (!tboot_enabled())
  		return 0;

-	timeout = jiffies + AP_WAIT_TIMEOUT*HZ;
-	while (atomic_read((atomic_t *)&tboot->num_in_wfs) != num_aps &&
-	       time_before(jiffies, timeout))
-		cpu_relax();
+	tboot_create_trampoline();

-	return time_before(jiffies, timeout) ? 0 : 1;
+	atomic_set(&ap_wfs_count, 0);
+	register_hotcpu_notifier(&tboot_cpu_notifier);
+	return 0;
  }
+
+late_initcall(tboot_late_init);

  /*
   * TXT configuration registers (offsets from TXT_{PUB, PRIV}_CONFIG_REGS_BASE)
diff -r e5406357eaf2 drivers/acpi/acpica/hwsleep.c
--- a/drivers/acpi/acpica/hwsleep.c	Thu Aug 20 21:10:50 2009 -0700
+++ b/drivers/acpi/acpica/hwsleep.c	Tue Aug 25 11:49:19 2009 -0700
@@ -45,7 +45,7 @@
  #include <acpi/acpi.h>
  #include "accommon.h"
  #include "actables.h"
-#include <asm/tboot.h>
+#include <linux/tboot.h>

  #define _COMPONENT          ACPI_HARDWARE
  ACPI_MODULE_NAME("hwsleep")
diff -r e5406357eaf2 drivers/pci/dmar.c
--- a/drivers/pci/dmar.c	Thu Aug 20 21:10:50 2009 -0700
+++ b/drivers/pci/dmar.c	Tue Aug 25 11:49:19 2009 -0700
@@ -33,7 +33,7 @@
  #include <linux/timer.h>
  #include <linux/irq.h>
  #include <linux/interrupt.h>
-#include <asm/tboot.h>
+#include <linux/tboot.h>

  #undef PREFIX
  #define PREFIX "DMAR:"
diff -r e5406357eaf2 drivers/pci/intel-iommu.c
--- a/drivers/pci/intel-iommu.c	Thu Aug 20 21:10:50 2009 -0700
+++ b/drivers/pci/intel-iommu.c	Tue Aug 25 11:49:19 2009 -0700
@@ -37,8 +37,8 @@
  #include <linux/iommu.h>
  #include <linux/intel-iommu.h>
  #include <linux/sysdev.h>
+#include <linux/tboot.h>
  #include <asm/cacheflush.h>
-#include <asm/tboot.h>
  #include <asm/iommu.h>
  #include "pci.h"

diff -r e5406357eaf2 include/linux/tboot.h
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/include/linux/tboot.h	Tue Aug 25 11:49:19 2009 -0700
@@ -0,0 +1,164 @@
+/*
+ * tboot.h: shared data structure with tboot and kernel and functions
+ *          used by kernel for runtime support of Intel(R) Trusted
+ *          Execution Technology
+ *
+ * Copyright (c) 2006-2009, Intel Corporation
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#ifndef _LINUX_TBOOT_H
+#define _LINUX_TBOOT_H
+
+#ifdef CONFIG_HAVE_INTEL_TXT
+/* these must have the values from 0-5 in this order */
+enum {
+	TB_SHUTDOWN_REBOOT = 0,
+	TB_SHUTDOWN_S5,
+	TB_SHUTDOWN_S4,
+	TB_SHUTDOWN_S3,
+	TB_SHUTDOWN_HALT,
+	TB_SHUTDOWN_WFS
+};
+#endif /* CONFIG_HAVE_INTEL_TXT */
+
+#ifdef CONFIG_INTEL_TXT
+#include <acpi/acpi.h>
+/* used to communicate between tboot and the launched kernel */
+
+#define TB_KEY_SIZE             64   /* 512 bits */
+
+#define MAX_TB_MAC_REGIONS      32
+
+struct tboot_mac_region {
+	u64  start;         /* must be 64 byte -aligned */
+	u32  size;          /* must be 64 byte -granular */
+} __packed;
+
+/* GAS - Generic Address Structure (ACPI 2.0+) */
+struct tboot_acpi_generic_address {
+	u8  space_id;
+	u8  bit_width;
+	u8  bit_offset;
+	u8  access_width;
+	u64 address;
+} __packed;
+
+/*
+ * combines Sx info from FADT and FACS tables per ACPI 2.0+ spec
+ * (http://www.acpi.info/)
+ */
+struct tboot_acpi_sleep_info {
+	struct tboot_acpi_generic_address pm1a_cnt_blk;
+	struct tboot_acpi_generic_address pm1b_cnt_blk;
+	struct tboot_acpi_generic_address pm1a_evt_blk;
+	struct tboot_acpi_generic_address pm1b_evt_blk;
+	u16 pm1a_cnt_val;
+	u16 pm1b_cnt_val;
+	u64 wakeup_vector;
+	u32 vector_width;
+	u64 kernel_s3_resume_vector;
+} __packed;
+
+/*
+ * shared memory page used for communication between tboot and kernel
+ */
+struct tboot {
+	/*
+	 * version 3+ fields:
+	 */
+
+	/* TBOOT_UUID */
+	u8 uuid[16];
+
+	/* version number: 5 is current */
+	u32 version;
+
+	/* physical addr of tb_log_t log */
+	u32 log_addr;
+
+	/*
+	 * physical addr of entry point for tboot shutdown and
+	 * type of shutdown (TB_SHUTDOWN_*) being requested
+	 */
+	u32 shutdown_entry;
+	u32 shutdown_type;
+
+	/* kernel-specified ACPI info for Sx shutdown */
+	struct tboot_acpi_sleep_info acpi_sinfo;
+
+	/* tboot location in memory (physical) */
+	u32 tboot_base;
+	u32 tboot_size;
+
+	/* memory regions (phys addrs) for tboot to MAC on S3 */
+	u8 num_mac_regions;
+	struct tboot_mac_region mac_regions[MAX_TB_MAC_REGIONS];
+
+
+	/*
+	 * version 4+ fields:
+	 */
+
+	/* symmetric key for use by kernel; will be encrypted on S3 */
+	u8 s3_key[TB_KEY_SIZE];
+
+
+	/*
+	 * version 5+ fields:
+	 */
+
+	/* used to 4byte-align num_in_wfs */
+	u8 reserved_align[3];
+
+	/* number of processors in wait-for-SIPI */
+	u32 num_in_wfs;
+} __packed;
+
+/*
+ * UUID for tboot data struct to facilitate matching
+ * defined as {663C8DFF-E8B3-4b82-AABF-19EA4D057A08} by tboot, which is
+ * represented as {} in the char array used here
+ */
+#define TBOOT_UUID	{0xff, 0x8d, 0x3c, 0x66, 0xb3, 0xe8, 0x82, 0x4b, 0xbf,\
+			 0xaa, 0x19, 0xea, 0x4d, 0x5, 0x7a, 0x8}
+
+extern struct tboot *tboot;
+
+static inline int tboot_enabled(void)
+{
+	return tboot != NULL;
+}
+
+extern void tboot_probe(void);
+extern void tboot_shutdown(u32 shutdown_type);
+extern void tboot_sleep(u8 sleep_state, u32 pm1a_control, u32 pm1b_control);
+extern struct acpi_table_header *tboot_get_dmar_table(
+				      struct acpi_table_header *dmar_tbl);
+extern int tboot_force_iommu(void);
+
+#else
+
+#define tboot_probe()			do { } while (0)
+#define tboot_shutdown(shutdown_type)	do { } while (0)
+#define tboot_sleep(sleep_state, pm1a_control, pm1b_control)	\
+					do { } while (0)
+#define tboot_get_dmar_table(dmar_tbl)	(dmar_tbl)
+#define tboot_force_iommu()		0
+
+#endif /* !CONFIG_INTEL_TXT */
+
+#endif /* _LINUX_TBOOT_H */
diff -r e5406357eaf2 init/main.c
--- a/init/main.c	Thu Aug 20 21:10:50 2009 -0700
+++ b/init/main.c	Tue Aug 25 11:49:19 2009 -0700
@@ -73,7 +73,6 @@
  #include <asm/io.h>
  #include <asm/bugs.h>
  #include <asm/setup.h>
-#include <asm/tboot.h>
  #include <asm/sections.h>
  #include <asm/cacheflush.h>

@@ -716,8 +715,6 @@ asmlinkage void __init start_kernel(void

  	ftrace_init();

-	tboot_create_trampoline();
-
  	/* Do the rest non-__init'ed, we're now alive */
  	rest_init();
  }
diff -r e5406357eaf2 kernel/cpu.c
--- a/kernel/cpu.c	Thu Aug 20 21:10:50 2009 -0700
+++ b/kernel/cpu.c	Tue Aug 25 11:49:19 2009 -0700
@@ -14,7 +14,6 @@
  #include <linux/kthread.h>
  #include <linux/stop_machine.h>
  #include <linux/mutex.h>
-#include <asm/tboot.h>

  #ifdef CONFIG_SMP
  /* Serializes the updates to cpu_online_mask, cpu_present_mask */
@@ -377,7 +376,7 @@ static cpumask_var_t frozen_cpus;

  int disable_nonboot_cpus(void)
  {
-	int cpu, first_cpu, error, num_cpus = 0;
+	int cpu, first_cpu, error;

  	error = stop_machine_create();
  	if (error)
@@ -392,7 +391,6 @@ int disable_nonboot_cpus(void)
  	for_each_online_cpu(cpu) {
  		if (cpu == first_cpu)
  			continue;
-		num_cpus++;
  		error = _cpu_down(cpu, 1);
  		if (!error) {
  			cpumask_set_cpu(cpu, frozen_cpus);
@@ -403,8 +401,6 @@ int disable_nonboot_cpus(void)
  			break;
  		}
  	}
-	/* ensure all CPUs have gone into wait-for-SIPI */
-	error |= tboot_wait_for_aps(num_cpus);

  	if (!error) {
  		BUG_ON(num_online_cpus() > 1);
diff -r e5406357eaf2 security/Kconfig
--- a/security/Kconfig	Thu Aug 20 21:10:50 2009 -0700
+++ b/security/Kconfig	Tue Aug 25 11:49:19 2009 -0700
@@ -131,7 +131,7 @@ config LSM_MMAP_MIN_ADDR

  config INTEL_TXT
  	bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)"
-	depends on EXPERIMENTAL && X86 && DMAR && ACPI
+	depends on HAVE_INTEL_TXT
  	help
  	  This option enables support for booting the kernel with the
  	  Trusted Boot (tboot) module. This will utilize




Ingo Molnar wrote:
> * Wang, Shane <shane.wang@intel.com> wrote:
> 
>>>> If then these should be dummy inlines - but in any case, do you
>>>> expect tboot to be used by non-x86 too?
>>>>
>>> It would have to be IA64 ... I can't ask Tony since he's out, but I
>>> would assume it is x86-specific at this point.
>>>
>>> 	-hpa
>> Yes, to my knowledge, it is x86 at this point. TXT-SX is the 
>> server extension also for ia32 only.
> 
> Then i'd suggest to keep it simple and clean for now and move those 
> very few lines to arch/x86 files only. It will be easy to generalize 
> it later on, should the need arise.
> 
> 	Ingo