From: Ross Philipson <ross.philipson@oracle.com> To: Arvind Sankar <nivedita@alum.mit.edu> Cc: linux-kernel@vger.kernel.org, x86@kernel.org, iommu@lists.linux-foundation.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, dpsmith@apertussolutions.com, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, luto@amacapital.net, trenchboot-devel@googlegroups.com Subject: Re: [PATCH 07/13] x86: Secure Launch kernel early boot stub Date: Tue, 29 Sep 2020 10:03:47 -0400 [thread overview] Message-ID: <d34c189c-4528-0458-0b84-cfd36dc068b3@oracle.com> (raw) In-Reply-To: <20200925191842.GA643740@rani.riverdale.lan> On 9/25/20 3:18 PM, Arvind Sankar wrote: > On Fri, Sep 25, 2020 at 10:56:43AM -0400, Ross Philipson wrote: >> On 9/24/20 1:38 PM, Arvind Sankar wrote: >>> On Thu, Sep 24, 2020 at 10:58:35AM -0400, Ross Philipson wrote: >>> >>>> diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S >>>> index 97d37f0..42043bf 100644 >>>> --- a/arch/x86/boot/compressed/head_64.S >>>> +++ b/arch/x86/boot/compressed/head_64.S >>>> @@ -279,6 +279,21 @@ SYM_INNER_LABEL(efi32_pe_stub_entry, SYM_L_LOCAL) >>>> SYM_FUNC_END(efi32_stub_entry) >>>> #endif >>>> >>>> +#ifdef CONFIG_SECURE_LAUNCH >>>> +SYM_FUNC_START(sl_stub_entry) >>>> + /* >>>> + * On entry, %ebx has the entry abs offset to sl_stub_entry. To >>>> + * find the beginning of where we are loaded, sub off from the >>>> + * beginning. >>>> + */ >>> >>> This requirement should be added to the documentation. Is it necessary >>> or can this stub just figure out the address the same way as the other >>> 32-bit entry points, using the scratch space in bootparams as a little >>> stack? >> >> It is based on the state of the BSP when TXT vectors to the measured >> launch environment. It is documented in the TXT spec and the SDMs. >> > > I think it would be useful to add to the x86 boot documentation how > exactly this new entry point is called, even if it's just adding a link > to some section of those specs. The doc should also say that an > mle_header_offset of 0 means the kernel isn't secure launch enabled. Ok will do. > >>> >>> For the 32-bit assembler code that's being added, tip/master now has >>> changes that prevent the compressed kernel from having any runtime >>> relocations. You'll need to revise some of the code and the data >>> structures initial values to avoid creating relocations. >> >> Could you elaborate on this some more? I am not sure I see places in the >> secure launch asm that would be creating relocations like this. >> >> Thank you, >> Ross >> > > You should see them if you do > readelf -r arch/x86/boot/compressed/vmlinux > > In terms of the code, things like: > > addl %ebx, (sl_gdt_desc + 2)(%ebx) > > will create a relocation, because the linker interprets this as wanting > the runtime address of sl_gdt_desc, rather than just the offset from > startup_32. > > https://urldefense.com/v3/__https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/tree/arch/x86/boot/compressed/head_64.S*n48__;Iw!!GqivPVa7Brio!JpZWv1cCPZdjD2jbCCGT7P9UIVl_lhX7YjckAnUcvi927jwZI7X3nX0MpIAZOyktJds$ > > has a comment with some explanation and a macro that the 32-bit code in > startup_32 uses to avoid creating relocations. > > Since the SL code is in a different assembler file (and a different > section), you can't directly use the same macro. I would suggest getting > rid of sl_stub_entry and entering directly at sl_stub, and then the code > in sl_stub.S can use sl_stub for the base address, defining the rva() > macro there as > > #define rva(X) ((X) - sl_stub) > > You will also need to avoid initializing data with symbol addresses. > > .long mle_header > .long sl_stub_entry > .long sl_gdt > > will create relocations. The third one is easy, just replace it with > sl_gdt - sl_gdt_desc and initialize it at runtime with > > leal rva(sl_gdt_desc)(%ebx), %eax > addl %eax, 2(%eax) > lgdt (%eax) > > The other two are more messy, unfortunately there is no easy way to tell > the linker what we want here. The other entry point addresses (for the > EFI stub) are populated in a post-processing step after the compressed > kernel has been linked, we could teach it to also update kernel_info. > > Without that, for kernel_info, you could change it to store the offset > of the MLE header from kernel_info, instead of from the start of the > image. > > For the MLE header, it could be moved to .head.text in head_64.S, and > initialized with > .long rva(sl_stub) > This will also let it be placed at a fixed offset from startup_32, so > that kernel_info can just be populated with a constant. Thank you for the detailed reply. I am going to start digging into this now. Ross >
WARNING: multiple messages have this Message-ID (diff)
From: Ross Philipson <ross.philipson@oracle.com> To: Arvind Sankar <nivedita@alum.mit.edu> Cc: linux-doc@vger.kernel.org, dpsmith@apertussolutions.com, x86@kernel.org, linux-kernel@vger.kernel.org, luto@amacapital.net, iommu@lists.linux-foundation.org, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, linux-integrity@vger.kernel.org, trenchboot-devel@googlegroups.com, tglx@linutronix.de Subject: Re: [PATCH 07/13] x86: Secure Launch kernel early boot stub Date: Tue, 29 Sep 2020 10:03:47 -0400 [thread overview] Message-ID: <d34c189c-4528-0458-0b84-cfd36dc068b3@oracle.com> (raw) In-Reply-To: <20200925191842.GA643740@rani.riverdale.lan> On 9/25/20 3:18 PM, Arvind Sankar wrote: > On Fri, Sep 25, 2020 at 10:56:43AM -0400, Ross Philipson wrote: >> On 9/24/20 1:38 PM, Arvind Sankar wrote: >>> On Thu, Sep 24, 2020 at 10:58:35AM -0400, Ross Philipson wrote: >>> >>>> diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S >>>> index 97d37f0..42043bf 100644 >>>> --- a/arch/x86/boot/compressed/head_64.S >>>> +++ b/arch/x86/boot/compressed/head_64.S >>>> @@ -279,6 +279,21 @@ SYM_INNER_LABEL(efi32_pe_stub_entry, SYM_L_LOCAL) >>>> SYM_FUNC_END(efi32_stub_entry) >>>> #endif >>>> >>>> +#ifdef CONFIG_SECURE_LAUNCH >>>> +SYM_FUNC_START(sl_stub_entry) >>>> + /* >>>> + * On entry, %ebx has the entry abs offset to sl_stub_entry. To >>>> + * find the beginning of where we are loaded, sub off from the >>>> + * beginning. >>>> + */ >>> >>> This requirement should be added to the documentation. Is it necessary >>> or can this stub just figure out the address the same way as the other >>> 32-bit entry points, using the scratch space in bootparams as a little >>> stack? >> >> It is based on the state of the BSP when TXT vectors to the measured >> launch environment. It is documented in the TXT spec and the SDMs. >> > > I think it would be useful to add to the x86 boot documentation how > exactly this new entry point is called, even if it's just adding a link > to some section of those specs. The doc should also say that an > mle_header_offset of 0 means the kernel isn't secure launch enabled. Ok will do. > >>> >>> For the 32-bit assembler code that's being added, tip/master now has >>> changes that prevent the compressed kernel from having any runtime >>> relocations. You'll need to revise some of the code and the data >>> structures initial values to avoid creating relocations. >> >> Could you elaborate on this some more? I am not sure I see places in the >> secure launch asm that would be creating relocations like this. >> >> Thank you, >> Ross >> > > You should see them if you do > readelf -r arch/x86/boot/compressed/vmlinux > > In terms of the code, things like: > > addl %ebx, (sl_gdt_desc + 2)(%ebx) > > will create a relocation, because the linker interprets this as wanting > the runtime address of sl_gdt_desc, rather than just the offset from > startup_32. > > https://urldefense.com/v3/__https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/tree/arch/x86/boot/compressed/head_64.S*n48__;Iw!!GqivPVa7Brio!JpZWv1cCPZdjD2jbCCGT7P9UIVl_lhX7YjckAnUcvi927jwZI7X3nX0MpIAZOyktJds$ > > has a comment with some explanation and a macro that the 32-bit code in > startup_32 uses to avoid creating relocations. > > Since the SL code is in a different assembler file (and a different > section), you can't directly use the same macro. I would suggest getting > rid of sl_stub_entry and entering directly at sl_stub, and then the code > in sl_stub.S can use sl_stub for the base address, defining the rva() > macro there as > > #define rva(X) ((X) - sl_stub) > > You will also need to avoid initializing data with symbol addresses. > > .long mle_header > .long sl_stub_entry > .long sl_gdt > > will create relocations. The third one is easy, just replace it with > sl_gdt - sl_gdt_desc and initialize it at runtime with > > leal rva(sl_gdt_desc)(%ebx), %eax > addl %eax, 2(%eax) > lgdt (%eax) > > The other two are more messy, unfortunately there is no easy way to tell > the linker what we want here. The other entry point addresses (for the > EFI stub) are populated in a post-processing step after the compressed > kernel has been linked, we could teach it to also update kernel_info. > > Without that, for kernel_info, you could change it to store the offset > of the MLE header from kernel_info, instead of from the start of the > image. > > For the MLE header, it could be moved to .head.text in head_64.S, and > initialized with > .long rva(sl_stub) > This will also let it be placed at a fixed offset from startup_32, so > that kernel_info can just be populated with a constant. Thank you for the detailed reply. I am going to start digging into this now. Ross > _______________________________________________ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
next prev parent reply other threads:[~2020-09-29 14:04 UTC|newest] Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-09-24 14:58 [PATCH 00/13] x86: Trenchboot secure dynamic launch Linux kernel support Ross Philipson 2020-09-24 14:58 ` Ross Philipson 2020-09-24 14:58 ` [PATCH 01/13] x86: Secure Launch Kconfig Ross Philipson 2020-09-24 14:58 ` Ross Philipson 2020-09-25 2:08 ` Randy Dunlap 2020-09-25 2:08 ` Randy Dunlap 2020-09-25 14:59 ` Ross Philipson 2020-09-25 14:59 ` Ross Philipson 2020-09-24 14:58 ` [PATCH 02/13] x86: Secure Launch main header file Ross Philipson 2020-09-24 14:58 ` Ross Philipson 2020-09-24 14:58 ` [PATCH 03/13] x86: Add early SHA support for Secure Launch early measurements Ross Philipson 2020-09-24 14:58 ` Ross Philipson 2020-09-29 17:26 ` Jason Andryuk 2020-09-29 17:26 ` Jason Andryuk 2020-09-24 14:58 ` [PATCH 04/13] x86: Add early TPM TIS/CRB interface support for Secure Launch Ross Philipson 2020-09-24 14:58 ` Ross Philipson 2020-09-24 14:58 ` [PATCH 05/13] x86: Add early TPM1.2/TPM2.0 " Ross Philipson 2020-09-24 14:58 ` Ross Philipson 2020-09-25 5:43 ` Jarkko Sakkinen 2020-09-25 5:43 ` Jarkko Sakkinen 2020-09-29 23:47 ` Daniel P. Smith 2020-09-29 23:47 ` Daniel P. Smith 2020-09-30 3:19 ` Jarkko Sakkinen 2020-09-30 3:19 ` Jarkko Sakkinen 2020-09-30 3:24 ` Jarkko Sakkinen 2020-09-30 3:24 ` Jarkko Sakkinen 2021-01-20 0:33 ` Daniel P. Smith 2021-01-20 0:33 ` Daniel P. Smith 2020-09-24 14:58 ` [PATCH 06/13] x86: Add early general TPM " Ross Philipson 2020-09-24 14:58 ` Ross Philipson 2020-09-24 14:58 ` [PATCH 07/13] x86: Secure Launch kernel early boot stub Ross Philipson 2020-09-24 14:58 ` Ross Philipson 2020-09-24 17:38 ` Arvind Sankar 2020-09-24 17:38 ` Arvind Sankar 2020-09-25 14:56 ` Ross Philipson 2020-09-25 14:56 ` Ross Philipson 2020-09-25 19:18 ` Arvind Sankar 2020-09-25 19:18 ` Arvind Sankar 2020-09-29 14:03 ` Ross Philipson [this message] 2020-09-29 14:03 ` Ross Philipson 2020-09-29 14:53 ` Arvind Sankar 2020-09-29 14:53 ` Arvind Sankar 2020-10-15 18:26 ` Daniel Kiper 2020-10-15 18:26 ` Daniel Kiper 2020-10-16 20:51 ` Arvind Sankar 2020-10-16 20:51 ` Arvind Sankar 2020-10-19 14:38 ` Ross Philipson 2020-10-19 14:38 ` Ross Philipson 2020-10-19 17:06 ` Arvind Sankar 2020-10-19 17:06 ` Arvind Sankar 2020-10-19 19:00 ` Ross Philipson 2020-10-19 19:00 ` Ross Philipson 2020-10-19 14:51 ` Daniel Kiper 2020-10-19 14:51 ` Daniel Kiper 2020-10-19 17:18 ` Arvind Sankar 2020-10-19 17:18 ` Arvind Sankar 2020-10-21 15:28 ` Daniel Kiper 2020-10-21 15:28 ` Daniel Kiper 2020-10-21 16:18 ` Arvind Sankar 2020-10-21 16:18 ` Arvind Sankar 2020-10-21 20:36 ` Ross Philipson 2020-10-21 20:36 ` Ross Philipson 2020-09-24 14:58 ` [PATCH 08/13] x86: Secure Launch kernel late " Ross Philipson 2020-09-24 14:58 ` Ross Philipson 2020-09-24 14:58 ` [PATCH 09/13] x86: Secure Launch SMP bringup support Ross Philipson 2020-09-24 14:58 ` Ross Philipson 2020-09-24 14:58 ` [PATCH 10/13] x86: Secure Launch adding event log securityfs Ross Philipson 2020-09-24 14:58 ` Ross Philipson 2020-09-24 14:58 ` [PATCH 11/13] kexec: Secure Launch kexec SEXIT support Ross Philipson 2020-09-24 14:58 ` Ross Philipson 2020-09-24 14:58 ` [PATCH 12/13] reboot: Secure Launch SEXIT support on reboot paths Ross Philipson 2020-09-24 14:58 ` Ross Philipson 2020-09-24 14:58 ` [PATCH 13/13] tpm: Allow locality 2 to be set when initializing the TPM for Secure Launch Ross Philipson 2020-09-24 14:58 ` Ross Philipson 2020-09-25 5:30 ` [PATCH 00/13] x86: Trenchboot secure dynamic launch Linux kernel support Jarkko Sakkinen 2020-09-25 5:30 ` Jarkko Sakkinen 2020-09-25 21:32 ` Daniel P. Smith 2020-09-25 21:32 ` Daniel P. Smith 2020-09-27 23:59 ` Jarkko Sakkinen 2020-09-27 23:59 ` Jarkko Sakkinen
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=d34c189c-4528-0458-0b84-cfd36dc068b3@oracle.com \ --to=ross.philipson@oracle.com \ --cc=bp@alien8.de \ --cc=dpsmith@apertussolutions.com \ --cc=hpa@zytor.com \ --cc=iommu@lists.linux-foundation.org \ --cc=linux-doc@vger.kernel.org \ --cc=linux-integrity@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=luto@amacapital.net \ --cc=mingo@redhat.com \ --cc=nivedita@alum.mit.edu \ --cc=tglx@linutronix.de \ --cc=trenchboot-devel@googlegroups.com \ --cc=x86@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.