SeaBIOS March 2015

seabios@seabios.org

29 participants
51 discussions

[PATCH v9 0/6] Add TPM support to SeaBIOS
by Stefan Berger 08 May '15

08 May '15

This is a repost of a series of patches providing TPM support to SeaBIOS. As an addition, this patch series now works on the Acer C720 Chromebook with limitations (S3 not getting invoked; no logging into TCPA table). The patch series cleanly applies to a checkout of a1ac8861. The following set of patches add TPM and Trusted Computing support to SeaBIOS. In particular the patches add: - a TPM driver for the Qemu's TPM TIS emulation - Support for initialzation of the TPM - init of TCPA … [View More]logging table - Support for the TCG BIOS extensions (1ah handler [ah = 0xbb]) (used by trusted grub; http://trousers.sourceforge.net/grub.html) - Static Root of Trusted for Measurement (SRTM) support - Support for S3 resume (sends command to TPM upon resume) - Support for sending control messages from the OS to the BIOS and have the BIOS control certain life-cycle aspects of the TPM following those messages - TPM-specific menu for controlling aspects of the TPM All implementations necessarily follow specifications. When all patches are applied the following services are available - SSDT ACPI table for TPM support - initialization of the TPM upon VM start and S3 resume - Static root of trust for measurements (SRTM) that measures (some) data of SeaBIOS in TCPA ACPI table - 1ah interrupt handler offering APIs for measuring and sending commands to the TPM (trusted grub uses them) - With an extensions to QEMU's TPM SSDT: The root user in Linux (for example) can send the above mentioned control messages to the BIOS and have the BIOS act upon them - User menu for controlling aspects of the state of the TPM Stefan Berger (6): Add an implementation of a TPM TIS driver Implementation of the TCG BIOS extensions Support for BIOS interrupt handler Add 'measurement' code to the BIOS Support for TPM Physical Presence Interface Add a menu for TPM control Makefile | 5 +- src/Kconfig | 7 + src/boot.c | 28 +- src/cdrom.c | 11 + src/clock.c | 12 + src/config.h | 1 + src/hw/tpm_drivers.c | 291 +++++++ src/hw/tpm_drivers.h | 90 +++ src/optionroms.c | 4 + src/post.c | 12 + src/resume.c | 2 + src/sha1.c | 145 ++++ src/sha1.h | 8 + src/std/acpi.h | 20 + src/tcgbios.c | 2181 ++++++++++++++++++++++++++++++++++++++++++++++++++ src/tcgbios.h | 456 +++++++++++ src/util.h | 2 + src/x86.h | 7 + 18 files changed, 3277 insertions(+), 5 deletions(-) create mode 100644 src/hw/tpm_drivers.c create mode 100644 src/hw/tpm_drivers.h create mode 100644 src/sha1.c create mode 100644 src/sha1.h create mode 100644 src/tcgbios.c create mode 100644 src/tcgbios.h -- 1.9.3 [View Less]

3 22

KVM Forum 2015 Call for Participation
by Paolo Bonzini 27 Apr '15

27 Apr '15

================================================================= KVM Forum 2015: Call For Participation August 19-21, 2015 - Sheraton Seattle - Seattle, WA (All submissions must be received before midnight May 1, 2015) ================================================================= KVM is an industry leading open source hypervisor that provides an ideal platform for datacenter virtualization, virtual desktop infrastructure, and cloud computing. Once again, it's time to bring together the … [View More]community of developers and users that define the KVM ecosystem for our annual technical conference. We will discuss the current state of affairs and plan for the future of KVM, its surrounding infrastructure, and management tools. Mark your calendar and join us in advancing KVM. http://events.linuxfoundation.org/events/kvm-forum/ This year, the KVM Forum is moving back to North America. We will be colocated with the Linux Foundation's LinuxCon North America, CloudOpen North America, ContainerCon and Linux Plumbers Conference events. Attendees of KVM Forum will also be able to attend a shared hackathon event with Xen Project Developer Summit on August 18, 2015. We invite you to lead part of the discussion by submitting a speaking proposal for KVM Forum 2015. http://events.linuxfoundation.org/cfp Suggested topics: KVM/Kernel * Scaling and optimizations * Nested virtualization * Linux kernel performance improvements * Resource management (CPU, I/O, memory) * Hardening and security * VFIO: SR-IOV, GPU, platform device assignment * Architecture ports QEMU * Management interfaces: QOM and QMP * New devices, new boards, new architectures * Scaling and optimizations * Desktop virtualization and SPICE * Virtual GPU * virtio and vhost, including non-Linux or non-virtualized uses * Hardening and security * New storage features * Live migration and fault tolerance * High availability and continuous backup * Real-time guest support * Emulation and TCG * Firmware: ACPI, UEFI, coreboot, u-Boot, etc. * Testing Management and infrastructure * Managing KVM: Libvirt, OpenStack, oVirt, etc. * Storage: glusterfs, Ceph, etc. * Software defined networking: Open vSwitch, OpenDaylight, etc. * Network Function Virtualization * Security * Provisioning * Performance tuning =============== SUBMITTING YOUR PROPOSAL =============== Abstracts due: May 1, 2015 Please submit a short abstract (~150 words) describing your presentation proposal. Slots vary in length up to 45 minutes. Also include in your proposal the proposal type -- one of: - technical talk - end-user talk Submit your proposal here: http://events.linuxfoundation.org/cfp Please only use the categories "presentation" and "panel discussion" You will receive a notification whether or not your presentation proposal was accepted by May 29, 2015. Speakers will receive a complimentary pass for the event. In the instance that your submission has multiple presenters, only the primary speaker for a proposal will receive a complementary event pass. For panel discussions, all panelists will receive a complimentary event pass. TECHNICAL TALKS A good technical talk should not just report on what has happened over the last year; it should present a concrete problem and how it impacts the user and/or developer community. Whenever applicable, focus on work that needs to be done, difficulties that haven't yet been solved, and on decisions that other developers should be aware of. Summarizing recent developments is okay but it should not be more than a small portion of the overall talk. END-USER TALKS One of the big challenges as developers is to know what, where and how people actually use our software. We will reserve a few slots for end users talking about their deployment challenges and achievements. If you are using KVM in production you are encouraged submit a speaking proposal. Simply mark it as an end-user talk. As an end user, this is a unique opportunity to get your input to developers. HANDS-ON / BOF SESSIONS We will reserve some time for people to get together and discuss strategic decisions as well as other topics that are best solved within smaller groups. These sessions will be announced during the event. If you are interested in organizing such a session, please add it to the list at http://www.linux-kvm.org/page/KVM_Forum_2015_BOF Let people you think might be interested know about it, and encourage them to add their names to the wiki page as well. Please try to add your ideas to the list before KVM Forum starts. PANEL DISCUSSIONS If you are proposing a panel discussion, please make sure that you list all of your potential panelists in your abstract. We will request full biographies if a panel is accepted. =============== HOTEL / TRAVEL =============== KVM Forum 2015 will be taking place at the Sheraton Seattle Hotel. We are pleased to offer attendees a discounted room rate of US$199/night (plus applicable taxes) which includes wifi in your guest room. http://events.linuxfoundation.org/events/kvm-forum/attend/hotel-and-travel includes further information on the Sheraton Seattle and the discounted room rate, as well as on transportation and parking options for the hotel. =============== IMPORTANT DATES =============== Notification: May 29, 2015 Schedule announced: June 3, 2015 Event dates: August 19-21, 2015 Thank you for your interest in KVM. We're looking forward to your submissions and seeing you at the KVM Forum 2015 in August! -your KVM Forum 2015 Program Committee Please contact us with any questions or comments. [View Less]

2 1

[PATCH] bios-tables-test: handle false-positive smbios signature matches
by Gabriel L. Somlo 31 Mar '15

31 Mar '15

Rather than stopping at the first match for the SMBIOS signature ("_SM_") in the f-segment (0xF0000-0xFFFFF), continue scanning until either a valid entry point table is found, or the f-segment has been exhausted. Signed-off-by: Gabriel Somlo <somlo(a)cmu.edu> --- tests/bios-tables-test.c | 76 ++++++++++++++++++++++++++++-------------------- 1 file changed, 44 insertions(+), 32 deletions(-) diff --git a/tests/bios-tables-test.c b/tests/bios-tables-test.c index 735ac61..f79d89a 100644 -… [View More]-- a/tests/bios-tables-test.c +++ b/tests/bios-tables-test.c @@ -599,35 +599,15 @@ static void test_acpi_asl(test_data *data) free_test_data(&exp_data); } -static void test_smbios_ep_address(test_data *data) -{ - uint32_t off; - - /* find smbios entry point structure */ - for (off = 0xf0000; off < 0x100000; off += 0x10) { - uint8_t sig[] = "_SM_"; - int i; - - for (i = 0; i < sizeof sig - 1; ++i) { - sig[i] = readb(off + i); - } - - if (!memcmp(sig, "_SM_", sizeof sig)) { - break; - } - } - - g_assert_cmphex(off, <, 0x100000); - data->smbios_ep_addr = off; -} - -static void test_smbios_ep_table(test_data *data) +static bool smbios_ep_table_ok(test_data *data) { struct smbios_entry_point *ep_table = &data->smbios_ep_table; uint32_t addr = data->smbios_ep_addr; ACPI_READ_ARRAY(ep_table->anchor_string, addr); - g_assert(!memcmp(ep_table->anchor_string, "_SM_", 4)); + if (memcmp(ep_table->anchor_string, "_SM_", 4)) { + return false; + } ACPI_READ_FIELD(ep_table->checksum, addr); ACPI_READ_FIELD(ep_table->length, addr); ACPI_READ_FIELD(ep_table->smbios_major_version, addr); @@ -636,17 +616,50 @@ static void test_smbios_ep_table(test_data *data) ACPI_READ_FIELD(ep_table->entry_point_revision, addr); ACPI_READ_ARRAY(ep_table->formatted_area, addr); ACPI_READ_ARRAY(ep_table->intermediate_anchor_string, addr); - g_assert(!memcmp(ep_table->intermediate_anchor_string, "_DMI_", 5)); + if (memcmp(ep_table->intermediate_anchor_string, "_DMI_", 5)) { + return false; + } ACPI_READ_FIELD(ep_table->intermediate_checksum, addr); ACPI_READ_FIELD(ep_table->structure_table_length, addr); - g_assert_cmpuint(ep_table->structure_table_length, >, 0); + if (ep_table->structure_table_length == 0) { + return false; + } ACPI_READ_FIELD(ep_table->structure_table_address, addr); ACPI_READ_FIELD(ep_table->number_of_structures, addr); - g_assert_cmpuint(ep_table->number_of_structures, >, 0); + if (ep_table->number_of_structures == 0) { + return false; + } ACPI_READ_FIELD(ep_table->smbios_bcd_revision, addr); - g_assert(!acpi_checksum((uint8_t *)ep_table, sizeof *ep_table)); - g_assert(!acpi_checksum((uint8_t *)ep_table + 0x10, - sizeof *ep_table - 0x10)); + if (acpi_checksum((uint8_t *)ep_table, sizeof *ep_table) || + acpi_checksum((uint8_t *)ep_table + 0x10, sizeof *ep_table - 0x10)) { + return false; + } + return true; +} + +static void test_smbios_entry_point(test_data *data) +{ + uint32_t off; + + /* find smbios entry point structure */ + for (off = 0xf0000; off < 0x100000; off += 0x10) { + uint8_t sig[] = "_SM_"; + int i; + + for (i = 0; i < sizeof sig - 1; ++i) { + sig[i] = readb(off + i); + } + + if (!memcmp(sig, "_SM_", sizeof sig)) { + /* signature match, but is this a valid entry point? */ + data->smbios_ep_addr = off; + if (smbios_ep_table_ok(data)) { + break; + } + } + } + + g_assert_cmphex(off, <, 0x100000); } static inline bool smbios_single_instance(uint8_t type) @@ -767,8 +780,7 @@ static void test_acpi_one(const char *params, test_data *data) } } - test_smbios_ep_address(data); - test_smbios_ep_table(data); + test_smbios_entry_point(data); test_smbios_structs(data); qtest_quit(global_qtest); -- 2.1.0 [View Less]

2 1

[PATCH] smbios: ensure comparison SMBIOS string can't be paragraph aligned
by Bruce Rogers 31 Mar '15

31 Mar '15

The SMBIOS anchor string _SM_ is stored within SeaBIOS to validate an SMBIOS entry point structure. There is the possibility (observed) that this comparison string ends up paragraph aligned and mistakenly found during a search for the real SMBIOS entry point. Ensure it will never end up on a paragraph boundary by storing it at odd alignment. Signed-off-by: Bruce Rogers <brogers(a)suse.com> --- src/fw/biostables.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/… [View More]

3 5

[coreboot] Booting Windows 8 failed
by Zheng Bao 30 Mar '15

30 Mar '15

The same SeaBIOS image and same win8 hard drive can boot Mullins and Kabini. So I believe the SeaBIOS and hard drive are both OK. Since it is a new APU, there might be some potential problem in Coreboot. But I have no way to find it out. What I am looking for is the way to debug at Windows bootloader stage, before the kernel image is loaded. Zheng On 3/25/2015 3:59 PM, Kevin O'Connor wrote: > There have been success reports with SeaBIOS booting Windows 8, so > it's not a general win8 … [View More]

2 1

Re: [SeaBIOS] [PATCH v10 3/6] Support for BIOS interrupt handler
by Stefan Berger 30 Mar '15

30 Mar '15

On 03/27/2015 03:58 AM, Xu, Quan wrote: > >> -----Original Message----- >> From: Xu, Quan >> Sent: Friday, March 27, 2015 10:01 AM >> To: 'Stefan Berger'; Kevin O'Connor >> Cc: seabios(a)seabios.org; stefano.stabellini(a)eu.citrix.com >> Subject: RE: [PATCH v10 3/6] Support for BIOS interrupt handler >> >> >> >>> -----Original Message----- >>> From: Stefan Berger [mailto:stefanb@linux.vnet.ibm.com] >>> Sent: … [View More]Thursday, March 26, 2015 7:04 PM >>> To: Xu, Quan; Kevin O'Connor >>> Cc: seabios(a)seabios.org; stefano.stabellini(a)eu.citrix.com >>> Subject: Re: [PATCH v10 3/6] Support for BIOS interrupt handler >>> >>> On 03/26/2015 07:01 AM, Xu, Quan wrote: >>>>> -----Original Message----- >>>>> From: Stefan Berger [mailto:stefanb@linux.vnet.ibm.com] >>>>> Sent: Thursday, March 26, 2015 6:18 PM >>>>> To: Kevin O'Connor; Xu, Quan >>>>> Cc: seabios(a)seabios.org; stefano.stabellini(a)eu.citrix.com >>>>> Subject: Re: [PATCH v10 3/6] Support for BIOS interrupt handler >>>>> >>>>> On 03/25/2015 06:42 PM, Kevin O'Connor wrote: >>>>>> On Tue, Mar 24, 2015 at 11:10:03AM -0400, Stefan Berger wrote: >>>>>>> On 03/23/2015 08:13 PM, Kevin O'Connor wrote: >>>>>>>> Because of the mixed 16bit/32bit code in SeaBIOS, all assembler >>>>>>>> must use size suffixes - so the above should be "roll" instead of "rol". >>>>>>> Ok, fixed. >>>>>>> >>>>>>>> As before - both issues are minor and can be addressed after >>>>>>>> merge (as long as there is agreement that the sha1.c file can be >>>>>>>> licensed as LGPLv3). >>>>>>> It can have that license. I can post v11 or you can modify it, >>>>>>> either way is fine. >>>>>> Thanks. I pushed the first three patches into a test branch at: >>>>>> >>>>>> https://github.com/KevinOConnor/seabios/tree/tcg-testing >>>>>> >>>>>> I'd like to get confirmation that this works for the Xen >>>>>> requirements before merging. >>>>> I don't use Xen. I hope that Quan will provide feedback. >>>>> >>>>> Stefan >>>> Sure, I am glad to help you test it :):) Try to >>>> https://github.com/KevinOConnor/seabios/tree/tcg-testing ?? >>> Yes. >>> >>> Stefan >> Just for check, >> I can NOT git clone https://github.com/KevinOConnor/seabios/tree/tcg-testing >> I can clone https://github.com/KevinOConnor/seabios and checkout * tcg-testing >> branch. >> Correct? >> >> Quan > Share the test result first. It is not working with Xen vTPM. > The log from vtpm mini-os: > > [.. ] > tpm_testing.c:229: Debug: verify plain text > tpm_testing.c:261: Info: Self-Test succeeded > tpm_startup.c:43: Info: TPM_Startup(1) > Tpmback:Info Frontend 0/0 connected > tpm_cmd_handler.c:4217: Debug: tpm_handle_command(0) > tpm_cmd_handler.c:3514: Debug: [TPM_TAG_RQU_COMMAND] > tpm_cmd_handler.c:3537: Debug: [TPM_ORD_Startup] > tpm_startup.c:43: Info: TPM_Startup(1) > tpm_cmd_handler.c:4151: Info: TPM command failed: (0x26) The command was received in the wrong sequence > relative to TPM_Init and a subsequent TPM_Startup. > [..] > > > In my opinion, we need this patch for Xen vTPM too. Which patch is 'this patch'? Does the above indicate that TPM_Startup(1) is sent twice to the Xen vTPM? Besides SeaBIOS, what else is sending a TPM_Startup()? If there is something else in Xen that sends a TPM_Startup() to the TPM, before SeaBIOS does, then the following code may apply as well: This part is from src/tcgbios.c. + rc = build_and_send_cmd(TPM_ORD_Startup, + Startup_ST_CLEAR, sizeof(Startup_ST_CLEAR), + NULL, 10, &returnCode, TPM_DURATION_TYPE_SHORT); + + dprintf(DEBUG_tcg, "Return code from TPM_Startup = 0x%08x\n", + returnCode); + + if (CONFIG_COREBOOT) { Here you could add a check whether you are running on Xen and ignore the error returned from TPM_Startup(). + /* with other firmware on the system the TPM may already have been + * initialized + */ + if (returnCode == TPM_INVALID_POSTINIT) + returnCode = 0; + } + + if (rc || returnCode) + goto err_exit; Regards, Stefan > now Xen vTPM is working with two basic functions: TPM TCPA / SSDT and registers reset > in my previous seabios patch. > > > Quan > > >> [View Less]

2 1

Re: [SeaBIOS] [PATCH v10 3/6] Support for BIOS interrupt handler
by Stefan Berger 27 Mar '15

27 Mar '15

On 03/26/2015 07:01 AM, Xu, Quan wrote: > >> -----Original Message----- >> From: Stefan Berger [mailto:stefanb@linux.vnet.ibm.com] >> Sent: Thursday, March 26, 2015 6:18 PM >> To: Kevin O'Connor; Xu, Quan >> Cc: seabios(a)seabios.org; stefano.stabellini(a)eu.citrix.com >> Subject: Re: [PATCH v10 3/6] Support for BIOS interrupt handler >> >> On 03/25/2015 06:42 PM, Kevin O'Connor wrote: >>> On Tue, Mar 24, 2015 at 11:10:03AM -0400, … [View More]

2 3

Methods to reduce bios image size
by Bruce Rogers 26 Mar '15

26 Mar '15

All, When building SeaBIOS in the context of QEMU v2.3-rc0 using various openSUSE versions we found that some recent versions overflowed the 128K limit imposed for bios.bin. The Makefile fails with the suggestion of using a more recent toolset or of eliminating some features to make it fit. Neither of those are options in this case. Of course another option is to review the code for places where variables or strings can be reduced in size without changing functionality. That doesn't buy us … [View More]

3 3

[PATCH v10 0/6] Add TPM support to SeaBIOS
by Stefan Berger 26 Mar '15

26 Mar '15

This is a repost of a series of patches providing TPM support to SeaBIOS. As an addition, this patch series now works on the Acer C720 Chromebook with limitations (S3 not getting invoked; no logging into TCPA table). The patch series cleanly applies to a checkout of b4581224. The following set of patches add TPM and Trusted Computing support to SeaBIOS. In particular the patches add: - a TPM driver for the Qemu's TPM TIS emulation - Support for initialzation of the TPM - init of TCPA … [View More]logging table - Support for the TCG BIOS extensions (1ah handler [ah = 0xbb]) (used by trusted grub; http://trousers.sourceforge.net/grub.html) - Static Root of Trusted for Measurement (SRTM) support - Support for S3 resume (sends command to TPM upon resume) - Support for sending control messages from the OS to the BIOS and have the BIOS control certain life-cycle aspects of the TPM following those messages - TPM-specific menu for controlling aspects of the TPM All implementations necessarily follow specifications. When all patches are applied the following services are available - SSDT ACPI table for TPM support - initialization of the TPM upon VM start and S3 resume - Static root of trust for measurements (SRTM) that measures (some) data of SeaBIOS in TCPA ACPI table - 1ah interrupt handler offering APIs for measuring and sending commands to the TPM (trusted grub uses them) - With an extensions to QEMU's TPM SSDT: The root user in Linux (for example) can send the above mentioned control messages to the BIOS and have the BIOS act upon them - User menu for controlling aspects of the state of the TPM Stefan Berger (6): Add an implementation of a TPM TIS driver Implementation of the TCG BIOS extensions Support for BIOS interrupt handler Add 'measurement' code to the BIOS Support for TPM Physical Presence Interface Add a menu for TPM control Makefile | 5 +- src/Kconfig | 7 + src/boot.c | 27 +- src/cdrom.c | 11 + src/clock.c | 13 + src/config.h | 1 + src/hw/tpm_drivers.c | 291 +++++++ src/hw/tpm_drivers.h | 90 +++ src/optionroms.c | 4 + src/post.c | 14 + src/resume.c | 3 + src/sha1.c | 145 ++++ src/sha1.h | 8 + src/std/acpi.h | 20 + src/tcgbios.c | 2186 ++++++++++++++++++++++++++++++++++++++++++++++++++ src/tcgbios.h | 454 +++++++++++ src/util.h | 2 + src/x86.h | 7 + 18 files changed, 3283 insertions(+), 5 deletions(-) create mode 100644 src/hw/tpm_drivers.c create mode 100644 src/hw/tpm_drivers.h create mode 100644 src/sha1.c create mode 100644 src/sha1.h create mode 100644 src/tcgbios.c create mode 100644 src/tcgbios.h -- 1.9.3 [View Less]

3 11

Re: [SeaBIOS] [coreboot] Booting Windows 8 failed
by Kevin O'Connor 25 Mar '15

25 Mar '15

On Wed, Mar 25, 2015 at 12:14:00PM -0700, David Hendricks wrote: > On Mon, Mar 23, 2015 at 7:27 PM, Bao, Zheng <Zheng.Bao(a)amd.com> wrote: > > I am porting the coreboot to a platform with a new AMD APU, which is close > > to Kabini and Mullins. > > Now the board can boot Ubuntu and Windows 7. But it failed to boot Windows > > 8. > > It crashes at a very early stage, which seems to be Windows bootloader. > > The debug message of SeaBIOS is attached. … [View More]

2 1

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

SeaBIOS March 2015