Angel Pons has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/46055 )
Change subject: security/intel/txt: Use `smm_region()` to get TSEG base ......................................................................
security/intel/txt: Use `smm_region()` to get TSEG base
This function is available for all TXT-capable platforms. Use it.
Change-Id: I4b3dcbc61854fbdd42275bf9456eaa5ce783e8aa Signed-off-by: Angel Pons th3fanbus@gmail.com --- M src/security/intel/txt/logging.c M src/security/intel/txt/ramstage.c 2 files changed, 14 insertions(+), 5 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/55/46055/1
diff --git a/src/security/intel/txt/logging.c b/src/security/intel/txt/logging.c index 9fe53c5..f2814a9 100644 --- a/src/security/intel/txt/logging.c +++ b/src/security/intel/txt/logging.c @@ -2,6 +2,7 @@
#include <arch/mmio.h> #include <console/console.h> +#include <cpu/x86/smm.h> #include <string.h> #include <types.h>
@@ -211,7 +212,11 @@ void txt_dump_regions(void) { struct txt_biosdataregion *bdr = NULL; - uintptr_t tseg = 0; + + uintptr_t tseg_base, tseg_size; + + smm_region(&tseg_base, &tseg_size); + uint64_t reg64;
reg64 = read64((void *)TXT_HEAP_BASE); @@ -219,7 +224,7 @@ (read64((void *)(uintptr_t)reg64) >= (sizeof(*bdr) + sizeof(uint64_t)))) bdr = (void *)((uintptr_t)reg64 + sizeof(uint64_t));
- printk(BIOS_DEBUG, "TEE-TXT: TSEG 0x%lx\n", tseg * MiB); + printk(BIOS_DEBUG, "TEE-TXT: TSEG 0x%lx\n", tseg_base * MiB); printk(BIOS_DEBUG, "TEE-TXT: TXT.HEAP.BASE 0x%llx\n", read64((void *)TXT_HEAP_BASE)); printk(BIOS_DEBUG, "TEE-TXT: TXT.HEAP.SIZE 0x%llx\n", read64((void *)TXT_HEAP_SIZE)); printk(BIOS_DEBUG, "TEE-TXT: TXT.SINIT.BASE 0x%llx\n", read64((void *)TXT_SINIT_BASE)); diff --git a/src/security/intel/txt/ramstage.c b/src/security/intel/txt/ramstage.c index bc30da5..2e13ad2 100644 --- a/src/security/intel/txt/ramstage.c +++ b/src/security/intel/txt/ramstage.c @@ -8,6 +8,7 @@ #include <console/console.h> #include <cpu/intel/common/common.h> #include <cpu/x86/msr.h> +#include <cpu/x86/smm.h> #include <device/pci_ops.h> #include <types.h>
@@ -204,7 +205,10 @@ static void lockdown_intel_txt(void *unused) { const uint64_t status = read64((void *)TXT_SPAD); - uintptr_t tseg = 0; + + uintptr_t tseg_base, tseg_size; + + smm_region(&tseg_base, &tseg_size);
if (status & ACMSTS_TXT_DISABLED) return; @@ -232,7 +236,7 @@ union dpr_register dpr = { .lock = 1, .size = 3, - .top = tseg, + .top = tseg_base, }; write64((void *)TXT_DPR, dpr.raw);
@@ -248,7 +252,7 @@ */ write64((void *)TXT_HEAP_SIZE, 0xE0000); write64((void *)TXT_HEAP_BASE, - ALIGN_DOWN((tseg * MiB) - read64((void *)TXT_HEAP_SIZE), 4096)); + ALIGN_DOWN((tseg_base * MiB) - read64((void *)TXT_HEAP_SIZE), 4096));
/* * Document Number: 558294
Patrick Rudolph has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46055 )
Change subject: security/intel/txt: Use `smm_region()` to get TSEG base ......................................................................
Patch Set 1:
I don't see the code removed that read TSEG base register.
Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46055 )
Change subject: security/intel/txt: Use `smm_region()` to get TSEG base ......................................................................
Patch Set 1:
Patch Set 1:
I don't see the code removed that read TSEG base register.
This code was only added in 4.11_branch: https://review.coreboot.org/c/coreboot/+/42712/9/src/security/intel/txt/rams...
Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46055 )
Change subject: security/intel/txt: Use `smm_region()` to get TSEG base ......................................................................
Patch Set 1: Code-Review-1
(2 comments)
Thanks for reminding me this has a weirdness.
https://review.coreboot.org/c/coreboot/+/46055/1/src/security/intel/txt/rams... File src/security/intel/txt/ramstage.c:
https://review.coreboot.org/c/coreboot/+/46055/1/src/security/intel/txt/rams... PS1, Line 239: tseg_base Code assumes this is specified in MiB units, and this will overflow unless shifted accordingly.
https://review.coreboot.org/c/coreboot/+/46055/1/src/security/intel/txt/rams... PS1, Line 255: (tseg_base * MiB) just `tseg_base`
Hello build bot (Jenkins),
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/46055
to look at the new patch set (#2).
Change subject: security/intel/txt: Use `smm_region()` to get TSEG base ......................................................................
security/intel/txt: Use `smm_region()` to get TSEG base
This function is available for all TXT-capable platforms. Use it.
Change-Id: I4b3dcbc61854fbdd42275bf9456eaa5ce783e8aa Signed-off-by: Angel Pons th3fanbus@gmail.com --- M src/security/intel/txt/logging.c M src/security/intel/txt/ramstage.c 2 files changed, 14 insertions(+), 5 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/55/46055/2
Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46055 )
Change subject: security/intel/txt: Use `smm_region()` to get TSEG base ......................................................................
Patch Set 2:
(2 comments)
https://review.coreboot.org/c/coreboot/+/46055/1/src/security/intel/txt/rams... File src/security/intel/txt/ramstage.c:
https://review.coreboot.org/c/coreboot/+/46055/1/src/security/intel/txt/rams... PS1, Line 239: tseg_base
Code assumes this is specified in MiB units, and this will overflow unless shifted accordingly.
Ack
https://review.coreboot.org/c/coreboot/+/46055/1/src/security/intel/txt/rams... PS1, Line 255: (tseg_base * MiB)
just `tseg_base`
Ack
Arthur Heymans has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46055 )
Change subject: security/intel/txt: Use `smm_region()` to get TSEG base ......................................................................
Patch Set 2: Code-Review+2
(2 comments)
https://review.coreboot.org/c/coreboot/+/46055/2/src/security/intel/txt/logg... File src/security/intel/txt/logging.c:
https://review.coreboot.org/c/coreboot/+/46055/2/src/security/intel/txt/logg... PS2, Line 216: tseg_size size_t
https://review.coreboot.org/c/coreboot/+/46055/2/src/security/intel/txt/rams... File src/security/intel/txt/ramstage.c:
https://review.coreboot.org/c/coreboot/+/46055/2/src/security/intel/txt/rams... PS2, Line 239: >> 20 nit: / MiB?
Arthur Heymans has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46055 )
Change subject: security/intel/txt: Use `smm_region()` to get TSEG base ......................................................................
Patch Set 2: Code-Review+1
(1 comment)
https://review.coreboot.org/c/coreboot/+/46055/2/src/security/intel/txt/logg... File src/security/intel/txt/logging.c:
https://review.coreboot.org/c/coreboot/+/46055/2/src/security/intel/txt/logg... PS2, Line 227: * MiB This is probably not needed anymore.
Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46055 )
Change subject: security/intel/txt: Use `smm_region()` to get TSEG base ......................................................................
Patch Set 2:
(1 comment)
https://review.coreboot.org/c/coreboot/+/46055/2/src/security/intel/txt/rams... File src/security/intel/txt/ramstage.c:
https://review.coreboot.org/c/coreboot/+/46055/2/src/security/intel/txt/rams... PS2, Line 239: >> 20
nit: / MiB?
I chose to use a shift because I'm copying the field over, but I can use MiB too.
Hello build bot (Jenkins), Arthur Heymans,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/46055
to look at the new patch set (#3).
Change subject: security/intel/txt: Use `smm_region()` to get TSEG base ......................................................................
security/intel/txt: Use `smm_region()` to get TSEG base
This function is available for all TXT-capable platforms. Use it. As it also provides the size of TSEG, display it when logging is on.
Change-Id: I4b3dcbc61854fbdd42275bf9456eaa5ce783e8aa Signed-off-by: Angel Pons th3fanbus@gmail.com --- M src/security/intel/txt/logging.c M src/security/intel/txt/ramstage.c 2 files changed, 16 insertions(+), 5 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/55/46055/3
Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46055 )
Change subject: security/intel/txt: Use `smm_region()` to get TSEG base ......................................................................
Patch Set 3:
(3 comments)
https://review.coreboot.org/c/coreboot/+/46055/2/src/security/intel/txt/logg... File src/security/intel/txt/logging.c:
https://review.coreboot.org/c/coreboot/+/46055/2/src/security/intel/txt/logg... PS2, Line 216: tseg_size
size_t
Done here and in ramstage.c
https://review.coreboot.org/c/coreboot/+/46055/2/src/security/intel/txt/logg... PS2, Line 227: * MiB
This is probably not needed anymore.
Nope, dropped. I changed this to also show the size of TSEG in MiB
https://review.coreboot.org/c/coreboot/+/46055/2/src/security/intel/txt/rams... File src/security/intel/txt/ramstage.c:
https://review.coreboot.org/c/coreboot/+/46055/2/src/security/intel/txt/rams... PS2, Line 239: >> 20
I chose to use a shift because I'm copying the field over, but I can use MiB too.
Done
Arthur Heymans has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/46055 )
Change subject: security/intel/txt: Use `smm_region()` to get TSEG base ......................................................................
Patch Set 3: Code-Review+2
Philipp Deppenwiese has submitted this change. ( https://review.coreboot.org/c/coreboot/+/46055 )
Change subject: security/intel/txt: Use `smm_region()` to get TSEG base ......................................................................
security/intel/txt: Use `smm_region()` to get TSEG base
This function is available for all TXT-capable platforms. Use it. As it also provides the size of TSEG, display it when logging is on.
Change-Id: I4b3dcbc61854fbdd42275bf9456eaa5ce783e8aa Signed-off-by: Angel Pons th3fanbus@gmail.com Reviewed-on: https://review.coreboot.org/c/coreboot/+/46055 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Arthur Heymans arthur@aheymans.xyz --- M src/security/intel/txt/logging.c M src/security/intel/txt/ramstage.c 2 files changed, 16 insertions(+), 5 deletions(-)
Approvals: build bot (Jenkins): Verified Arthur Heymans: Looks good to me, approved
diff --git a/src/security/intel/txt/logging.c b/src/security/intel/txt/logging.c index 24def33..7d8dcf7 100644 --- a/src/security/intel/txt/logging.c +++ b/src/security/intel/txt/logging.c @@ -2,6 +2,7 @@
#include <arch/mmio.h> #include <console/console.h> +#include <cpu/x86/smm.h> #include <string.h> #include <types.h>
@@ -211,7 +212,12 @@ void txt_dump_regions(void) { struct txt_biosdataregion *bdr = NULL; - uintptr_t tseg = 0; + + uintptr_t tseg_base; + size_t tseg_size; + + smm_region(&tseg_base, &tseg_size); + uint64_t reg64;
reg64 = read64((void *)TXT_HEAP_BASE); @@ -219,7 +225,7 @@ (read64((void *)(uintptr_t)reg64) >= (sizeof(*bdr) + sizeof(uint64_t)))) bdr = (void *)((uintptr_t)reg64 + sizeof(uint64_t));
- printk(BIOS_DEBUG, "TEE-TXT: TSEG 0x%lx\n", tseg * MiB); + printk(BIOS_DEBUG, "TEE-TXT: TSEG 0x%lx, size %zu MiB\n", tseg_base, tseg_size / MiB); printk(BIOS_DEBUG, "TEE-TXT: TXT.HEAP.BASE 0x%llx\n", read64((void *)TXT_HEAP_BASE)); printk(BIOS_DEBUG, "TEE-TXT: TXT.HEAP.SIZE 0x%llx\n", read64((void *)TXT_HEAP_SIZE)); printk(BIOS_DEBUG, "TEE-TXT: TXT.SINIT.BASE 0x%llx\n", read64((void *)TXT_SINIT_BASE)); diff --git a/src/security/intel/txt/ramstage.c b/src/security/intel/txt/ramstage.c index bc30da5..263bc9d 100644 --- a/src/security/intel/txt/ramstage.c +++ b/src/security/intel/txt/ramstage.c @@ -8,6 +8,7 @@ #include <console/console.h> #include <cpu/intel/common/common.h> #include <cpu/x86/msr.h> +#include <cpu/x86/smm.h> #include <device/pci_ops.h> #include <types.h>
@@ -204,7 +205,11 @@ static void lockdown_intel_txt(void *unused) { const uint64_t status = read64((void *)TXT_SPAD); - uintptr_t tseg = 0; + + uintptr_t tseg_base; + size_t tseg_size; + + smm_region(&tseg_base, &tseg_size);
if (status & ACMSTS_TXT_DISABLED) return; @@ -232,7 +237,7 @@ union dpr_register dpr = { .lock = 1, .size = 3, - .top = tseg, + .top = tseg_base / MiB, }; write64((void *)TXT_DPR, dpr.raw);
@@ -248,7 +253,7 @@ */ write64((void *)TXT_HEAP_SIZE, 0xE0000); write64((void *)TXT_HEAP_BASE, - ALIGN_DOWN((tseg * MiB) - read64((void *)TXT_HEAP_SIZE), 4096)); + ALIGN_DOWN(tseg_base - read64((void *)TXT_HEAP_SIZE), 4096));
/* * Document Number: 558294
-
Angel Pons (Code Review) -
Arthur Heymans (Code Review)
-
Patrick Rudolph (Code Review)
-
Philipp Deppenwiese (Code Review)