-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch to using SLRT interface and process DRTM policy #7
Conversation
5ed262b
to
39a1478
Compare
39a1478
to
bab60f9
Compare
CI seems to fail because of recent changes in https://github.com/QubesOS/qubes-vmm-xen. I think |
I'm not sure what would be the best approach to deal with it. We could:
|
Could apply only those patches which cause conflicts if that's possible.
I think |
bab60f9
to
d820e3d
Compare
@krystian-hebel So, to move this and GRUB changes forward, measuring only MBI and measuring SLRT as described in the specification? If this turns out to be problematic, it's unlikely to be the only thing that wasn't done properly right away, so might be unwise to get stuck on it. It's not even large amount of code either way. |
I'd say MBI, modules and SLRT as in
Patch 05/13 of that series also has different definitions for |
There is this comment in /* TXT-defined use 0x4xx, TrenchBoot in Linux uses 0x5xx, use 0x6xx here. */ |
The file provides constants, structures and several helper functions for parsing SLRT. slr_add_entry() and slr_init_table() were omitted to not have issues with memcpy() usage (it comes from different places for different translation units). Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
`struct txt_os_mle_data` now contains pointer to Secure Launch Resource Table which stores various information about slaunch in an extensible way. Saved MTRRs and event log were moved there. Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
…nstructed" This reverts commit 7962cb8.
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
d820e3d
to
6ec1f7b
Compare
I think that check for As for 3rd link, the code should test if entries that are already measured are first entries in the table. Order of measurements matters, it should reflect the order of policy entries. So if an entry that is not yet measured is found, no further entry may have
I know, I wrote it 🙂 This was before any specification was even planned and design decisions were still being made, so I wanted to avoid any potential conflicts. Now those types are somewhat defined, and most entries use the same type, which is different to what I planned back then. Having fewer types will make it easier to add support for other payloads/OSes/hypervisors without having to add new types, propagate them and potentially resolve any conflicts. |
6ec1f7b
to
c8f93f2
Compare
Updated constants and flags handling in https://github.com/TrenchBoot/xen/compare/6ec1f7b7ae9af57ca6abbb7729255aaf14fbcfa7..c8f93f26c569ab37177393c2ceedb0cd012da4d1# |
I've tried booting this + GRUB on hardware and it seems to reboot somewhere in Xen, before anything is printed on the screen. I don't have a way of connecting to serial at the moment, so I can't debug any further. |
What about GRUB changes + first two commits of this PR? That should work if bug doesn't show up without the last commit. If it works and deployment of new code isn't too hard, it's possible to bisect changes by adding |
Same. I ended up adding infinite loop as the first Xen instruction and it still reboots, so the issue is most likely in GRUB. Unfortunately, it seems that either BIOS clears TXT.ERRORCODE on boot or reboot happens before SINIT. In any case, I'm moving the review to GRUB PR. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These should be all of the changes required to boot successfully.
Extract mapping of TXT registers, heap and TPM log into new map_txt_mem_regions() function that should be called before those which need those mappings. They will all be gone when Xen rebuilds memory maps. Also make map_l2() function externally visible so that code external relative to x86/intel_txt.c unit can add more temporary mappings. Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
cdd3d07
to
cc6e675
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There were lots of changes in various places, but hopefully they agree on each other.
I think verify_drtm_mbi_consistency()
now needs to be called separately earlier (where tpm_take_measurements()
was called before), but other than that changes should address the review. Will do this change tomorrow.
cc6e675
to
f74bb7a
Compare
That turned out to be unnecessary, modules are updated after DRTM is processed. I however turned |
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
…nch" This reverts commit 8a496be. Proper handling of DRTM obsoletes these changes.
f74bb7a
to
3dc5991
Compare
No description provided.