[SeaBIOS] [PATCH v10 3/6] Support for BIOS interrupt handler
Stefan Berger
stefanb at linux.vnet.ibm.com
Tue Mar 24 16:10:03 CET 2015
On 03/23/2015 08:13 PM, Kevin O'Connor wrote:
> On Mon, Mar 23, 2015 at 02:22:17PM -0400, Stefan Berger wrote:
>> This patch implements the TCG BIOS interrupt handler 1ah. It is for
>> example used by trusted grub.
>>
>> This patch adds an implementation of SHA1 (following NIST specs., IETF RFC 3147
>> and Wikipedia) for speeding up measurements of code. Trusted Grub for example
>> makes use of this interface and measures (calculates SHA1) of the Linux kernel
>> and initrd. Those files can be rather large and hunting their bytes through
>> the TIS interface as part of the int handler commands invoked by trusted grub
>> does take quite some time due to the many vmexits the interface is creating
>> (one per byte).
>>
>> There is also a threshold for the size of data to hash (100k) below which
>> the TPM is used and above the internal faster SHA1 algorithm is used.
>>
>> This patch for example enables trusted grub to interact with the TPM
>> and take additional measurements.
> [...]
>> --- /dev/null
>> +++ b/src/sha1.c
>> @@ -0,0 +1,145 @@
>> +// Support for Calculation of SHA1 in SW
>> +//
>> +// Copyright (C) 2006-2011 IBM Corporation
>> +//
>> +// Authors:
>> +// Stefan Berger <stefanb at linux.vnet.ibm.com>
>> +//
>> +// See: http://www.itl.nist.gov/fipspubs/fip180-1.htm
>> +// RFC3174, Wikipedia's SHA1 alogrithm description
>> +//
> This file needs an LGPLv3 license statement.
>
> [...]
>> --- a/src/x86.h
>> +++ b/src/x86.h
>> @@ -129,6 +129,13 @@ static inline u32 getesp(void) {
>> return esp;
>> }
>>
>> +static inline u32 rol(u32 val, u16 rol) {
>> + u32 res;
>> + asm volatile("rol %%cl, %%eax"
>> + : "=a" (res) : "a" (val), "c" (rol));
>> + return res;
>> +}
> Because of the mixed 16bit/32bit code in SeaBIOS, all assembler must
> use size suffixes - so the above should be "roll" instead of "rol".
Ok, fixed.
>
> As before - both issues are minor and can be addressed after merge (as
> long as there is agreement that the sha1.c file can be licensed as
> LGPLv3).
It can have that license. I can post v11 or you can modify it, either
way is fine.
FYI: I have 3 more patches beyond the ones I am posting. I am using them
mostly for testing purposes, so for testing the QEMU TIS for example.
One of them tests the SHA1 with the first 5 input vectors from here:
http://www.di-mgt.com.au/sha_testvectors.html
The tests pass.
Stefan
More information about the SeaBIOS
mailing list