Hong Hu | 27 May 11:15 2013
Picon

TBOOT ERRORCODE: 0xc00020a1

Hi, 

(It seems that only the tile is shown in my last post.)

Currently I'm trying to work on TBOOT. However I get an error which is "TXT.ERRORCODE: 0xc00020a1". I checked the sinit_errors.txt and found this error was due to "device scope of VT-d DMAR ACPI table is invalid". I searched on line and someone said this was due to VT-d unenabled. However I have enabled VT-d in the BIOS. 

Can anyone give me some help?

Thanks,
Hu Hong

Here is the environment to run tboot:

Laptop:     Thinkpad T400
BIOS:       Version 7UET94WW (the latest version, released on 16 Dec 2012 by Lenovo); TXT, VT, VT-d are enabled. 
TBOOT:    Version 1.7.3 (Released on 2012-12-28); 
ACM: GM45_GS45_PM45_SINIT_51.BIN 
OS:          Ubuntu 12.04 with 3.5.0-30-generic kernel

My grub.cfg for tboot is :

menuentry 'Ubuntu, with Linux 3.5.0-30-generic' --class ubuntu --class gnu-linux --class gnu --class os {
        recordfail
        gfxmode $linux_gfx_mode
        insmod gzio
        insmod part_msdos
        insmod ext2
        set root='(hd0,msdos1)'
        search --no-floppy --fs-uuid --set=root 9047b871-f55c-44d1-952c-48bf0de35fcd
        multiboot /tboot.gz /tboot.gz logging=vga,memory,serial
        module  /boot/vmlinuz-3.5.0-30-generic intel_iommu=on root=UUID=9047b871-f55c-44d1-952c-48bf0de35fcd ro   quiet splash $vt_handoff
        module  /boot/initrd.img-3.5.0-30-generic
        module  /boot/GM45_GS45_PM45_SINIT_51.BIN
}
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
tboot-devel mailing list
tboot-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
Hong Hu | 27 May 08:54 2013
Picon

TBOOT ERRORCODE: 0xc00020a1

Hi,

Currently I'm trying to work on TBOOT. However I get an error which is "TXT.ERRORCODE: 0xc00020a1". I checked the sinit_errors.txt and found this error was due to "device scope of VT-d DMAR ACPI table is invalid". I searched on line and someone said this was due to VT-d unenabled. However I have enabled VT-d in the BIOS. 

Can anyone give me some help?

Here is the environment to run tboot:

Laptop:     Thinkpad T400
BIOS:       Version 7UET94WW (the latest version, released on 16 Dec 2012 by Lenovo); TXT, VT, VT-d are enabled. 
TBOOT:    Version 1.7.3 (Released on 2012-12-28); 
ACM: GM45_GS45_PM45_SINIT_51.BIN 
OS:          Ubuntu 12.04 with 3.5.0-30-generic kernel

My grub.cfg for tboot is :

menuentry 'Ubuntu, with Linux 3.5.0-30-generic' --class ubuntu --class gnu-linux --class gnu --class os {
        recordfail
        gfxmode $linux_gfx_mode
        insmod gzio
        insmod part_msdos
        insmod ext2
        set root='(hd0,msdos1)'
        search --no-floppy --fs-uuid --set=root 9047b871-f55c-44d1-952c-48bf0de35fcd
        multiboot /tboot.gz /tboot.gz logging=vga,memory,serial
        module  /boot/vmlinuz-3.5.0-30-generic intel_iommu=on root=UUID=9047b871-f55c-44d1-952c-48bf0de35fcd ro   quiet splash $vt_handoff
        module  /boot/initrd.img-3.5.0-30-generic
        module  /boot/GM45_GS45_PM45_SINIT_51.BIN
}

The tboot log file is also attached. 

Thanks,
Hu Hong


Attachment (txt-stat.output): application/octet-stream, 6257 bytes
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
tboot-devel mailing list
tboot-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
Guiheux Goulven | 21 May 14:20 2013
Picon

Unknown TXT error code

Hi,
I am actually playing with Intel TXT (not TBOOT).
But my code that launchs DRTM fails with the following TXT error code : 0xC00024E1 (using txt-stat).
I use the lastest SINIT AC for my chipset (2nd_gen_i5_i7_SINIT_51.BIN) but I can't find my error code in the sinit_errors.txt file provided with the SINIT AC.

Does someone knows the meaning of my error ?

thanks !

****************************
Decoding of C00024E1
    Valid and External Error coming from SINIT
    Progress code : 0xE
    Error code: 0x9

Content of sinit_errors.txt :
Progress   Error
Code       Code      Description
--------     -----           -----------
0eh        00000     SCHECK
               00100     memory alias detected
               00110     an interrupt or exception occurred
               00111     SINIT region is not properly aligned
               01000     MC register is invalid


--
Best regards,
Goulven GUIHEUX

Goulven GUIHEUX
Ingénieur d'étude
goulven.guiheux <at> amossys.fr
AMOSSYS SAS
4 bis allée du bâtiment
35000 RENNES
Tél : 02 99 23 15 79
Agences : Rennes
  
 

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
tboot-devel mailing list
tboot-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
henry del | 16 May 16:31 2013
Picon

tboot launch bitvisor(vmm)

Hi,

  According to Joseph, Tboot is a specific implementation of an MLE (Measured Launched Environment). Tboot encapsulates most of the TXT-specific knowledge so that it can launch an OS or VMM that is only minimally aware of TXT.

   As for bitvisor, it is a tiny hypervisor, which runs directly on the hardware(Type-I VMM).

   The question is that if I want to launch bitvisor using Tboot, what should I do? Do I need to take a look at and modify the source code of Tboot and then rebuild Tboot?

   It does not work just to add a menuentry including Tboot and bitvisor image in the grub.cfg. But it works fine when I add a menuentry including Tboot and Xen according to Tboot spec.

   Thanks!

Best regards,

henry
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
tboot-devel mailing list
tboot-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
Qiaowei Ren | 14 May 23:21 2013
Picon

[PATCH] x86: add a new SMP bring up way for tboot case

tboot provides a better AP wakeup mechanism based on cpu MWAIT
feature for OS/VMM. With this mechanism, system will boot faster
and will NOT require VT to be enabled. But it requires that
OS/VMM must have support it, otherwise system can never boot up.

Once this mechanism is enabled, tboot will put APs waiting in
MWAIT loops before launching kernel. kernel can check the new
flag field in v6 tboot shared page for the hint. If the bit
TB_FLAG_AP_WAKE_SUPPORT in flag field is set, kernel BSP has
to write the monitored memory (tboot->ap_wake_trigger) to bring
APs out of MWAIT loops. The sipi vector should be written in
tboot->ap_wake_addr before waking up APs.

Signed-off-by: Qiaowei Ren <qiaowei.ren <at> intel.com>
Signed-off-by: Xiaoyan Zhang <xiaoyan.zhang <at> intel.com>
Signed-off-by: Gang Wei <gang.wei <at> intel.com>
---
 arch/x86/kernel/smpboot.c |   21 ++++++++++-----------
 arch/x86/kernel/tboot.c   |   36 ++++++++++++++++++++++++++++++++++++
 include/linux/tboot.h     |   17 +++++++++++++++++
 3 files changed, 63 insertions(+), 11 deletions(-)

diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
index 9f190a2..07f979e 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
 <at>  <at>  -787,17 +787,16  <at>  <at>  static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
 		}
 	}

-	/*
-	 * Wake up a CPU in difference cases:
-	 * - Use the method in the APIC driver if it's defined
-	 * Otherwise,
-	 * - Use an INIT boot APIC message for APs or NMI for BSP.
-	 */
-	if (apic->wakeup_secondary_cpu)
-		boot_error = apic->wakeup_secondary_cpu(apicid, start_ip);
-	else
-		boot_error = wakeup_cpu_via_init_nmi(cpu, start_ip, apicid,
-						     &cpu0_nmi_registered);
+	if (!tboot_wake_up(apicid, start_ip)) {
+		/*
+		 * Kick the secondary CPU. Use the method in the APIC driver
+		 * if it's defined - or use an INIT boot APIC message otherwise:
+		 */
+		if (apic->wakeup_secondary_cpu)
+			boot_error = apic->wakeup_secondary_cpu(apicid, start_ip);
+		else
+			boot_error = wakeup_secondary_cpu_via_init(apicid, start_ip);
+	}

 	if (!boot_error) {
 		/*
diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c
index f84fe00..0ec1947 100644
--- a/arch/x86/kernel/tboot.c
+++ b/arch/x86/kernel/tboot.c
 <at>  <at>  -101,6 +101,8  <at>  <at>  void __init tboot_probe(void)
 	pr_debug("shutdown_entry: 0x%x\n", tboot->shutdown_entry);
 	pr_debug("tboot_base: 0x%08x\n", tboot->tboot_base);
 	pr_debug("tboot_size: 0x%x\n", tboot->tboot_size);
+	if (tboot->version >= 6)
+		pr_info("flags: 0x%08x\n", tboot->flags);
 }

 static pgd_t *tboot_pg_dir;
 <at>  <at>  -453,3 +455,37  <at>  <at>  int tboot_force_iommu(void)

 	return 1;
 }
+
+/*
+ * tboot provides a better AP wakeup mechanism based on cpu MWAIT
+ * feature for OS/VMM. This mechanism is defaultly disabled, and
+ * could be enabled with tboot command line option:
+ *	ap_wake_mwait=true|false
+ *
+ * With this mechanism, system will boot faster and will NOT require
+ * VT to be enabled. But it requires that OS/VMM must have support
+ * it, otherwise system can never boot up.
+ *
+ * Once this mechanism is enabled, tboot will put APs waiting in
+ * MWAIT loops before launching kernel. kernel can check the new
+ * flag field in v6 tboot shared page for the hint. If the bit
+ * TB_FLAG_AP_WAKE_SUPPORT in flag field is set, kernel BSP has
+ * to write the monitored memory (tboot->ap_wake_trigger) to bring
+ * APs out of MWAIT loops. The sipi vector should be written in
+ * tboot->ap_wake_addr before waking up APs.
+ */
+bool tboot_wake_up(int apicid, unsigned long sipi_vec)
+{
+	if (!tboot_enabled())
+		return false;
+
+	if ((tboot->version < 6) ||
+		!(tboot->flags & TB_FLAG_AP_WAKE_SUPPORT))
+		return false;
+
+	tboot->ap_wake_addr = sipi_vec;
+	tboot->ap_wake_trigger = apicid;
+
+	return true;
+}
+
diff --git a/include/linux/tboot.h b/include/linux/tboot.h
index c75128b..163d779 100644
--- a/include/linux/tboot.h
+++ b/include/linux/tboot.h
 <at>  <at>  -124,8 +124,23  <at>  <at>  struct tboot {

 	/* number of processors in wait-for-SIPI */
 	u32 num_in_wfs;
+
+	/*
+	 * version 6+ fields:
+	 */
+
+	u32 flags;
+
+	/* phys addr of kernel/VMM SIPI vector */
+	u64 ap_wake_addr;
+
+	/* kernel/VMM writes APIC ID to wake AP */
+	u32 ap_wake_trigger;
 } __packed;

+/* kernel/VMM use INIT-SIPI-SIPI if clear, ap_wake_* if set */
+#define TB_FLAG_AP_WAKE_SUPPORT 0X00000001
+
 /*
  * UUID for tboot data struct to facilitate matching
  * defined as {663C8DFF-E8B3-4b82-AABF-19EA4D057A08} by tboot, which is
 <at>  <at>  -146,6 +161,7  <at>  <at>  extern void tboot_shutdown(u32 shutdown_type);
 extern struct acpi_table_header *tboot_get_dmar_table(
 				      struct acpi_table_header *dmar_tbl);
 extern int tboot_force_iommu(void);
+extern bool tboot_wake_up(int apicid, unsigned long sipi_vec);

 #else

 <at>  <at>  -156,6 +172,7  <at>  <at>  extern int tboot_force_iommu(void);
 					do { } while (0)
 #define tboot_get_dmar_table(dmar_tbl)	(dmar_tbl)
 #define tboot_force_iommu()		0
+#define tboot_wake_up(apicid, sipi_vec) 0

 #endif /* !CONFIG_INTEL_TXT */

--

-- 
1.7.9.5

Ross Philipson | 29 Apr 19:57 2013

When !is_kernel_linux(), tboot memory is set to E820_UNUSABLE

We have been looking at the code in tboot.c that sets the tboot memory 
area to E820_UNUSABLE when it detects that the next module is not Linux. 
Specifically this code:

uint32_t mem_type = is_kernel_linux() ? E820_RESERVED : E820_UNUSABLE;

And this commit:

http://hg.code.sf.net/p/tboot/code/rev/b170b7b39e5c

It seems to make sense to set the region to reserved but we do not 
understand why the region is set to unusable in the other case. Can 
someone explain the reasoning behind this?

Also, the check for is_kernel_linux() relies on it not being an elf 
image but this doesn't seem very correct. Not being an elf image does 
not imply it is a Linux kernel. Are you relying on the fact that only 
Linux and Xen are used with tboot at the moment?

Thanks,
Ross Philipson

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
Hal Finney | 21 Apr 01:35 2013
Picon

Intel(R) Trusted Execution Technology | Intel(R) Developer Zone

http://software.intel.com/en-us/articles/intel-trusted-execution-technology/

When I click on any of the SINIT modules, I get Page not found. Hopefully this is temporary; just thought I'd let you know.

Oh, while I'm writing: is there any source of old SINIT modules? I ask because I have a new HP laptop which I can't get tboot to work on. It gets past getsec[senter] successfully, but when it boots Ubuntu the disk doesn't respond. I had a similar problem on my old HP workstation, and I fixed it by downgrading SINIT from version 51 to 17. Actually I don't care about tboot; I'm trying to get Jon McCune's flicker working, but that uses the same technology.

Not very many laptops come with serial ports any more. But it has something called AMT which can theoretically emulate a serial port over ethernet. I need to learn how to do this, so I can post logs.

Hal Finney
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
tboot-devel mailing list
tboot-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
Charles Bushong | 10 Apr 20:22 2013
Picon

ERRORCODE: 0xc0000901

So while I wait for a miracle on my other system, I have tried configuring tboot on a different platform using a similar config.  I'm hoping to find out if the problem is configuration based or hardware based.

The result is:
TBOOT: TXT.ERRORCODE: 0xc0000901
TBOOT: AC module error : acm_type=0x1, progress=0x10, error=0x2

Which, according to the Q45_Q43_SINIT_51.BIN sinit_errors.txt file, is "10h                  Processing Launch Control Policy", "unsupported policy version"

I have tried this configuration in any way I can think of, from using LCPv1, LCPv2/unsigned/no MLE, LCPv2/signed/no MLE, LCPv2/signed/"custom" elt/no nvram, and then finally LCPv2 signed, custom element fully defined and written to NVRAM.  I'm not really sure what it means by "unsupported policy version", as I've tried every version of LCP I know of.  Any suggestions would be greatly appreciated.

-Charles

FULL OUTPUT PASTE:
http://pastebin.com/hq6vQRFH

SCRIPT:
  ## Set TPM_PASS var
export TPM_PASS=<the_pass>
  ## Start tcsd service
tcsd
  ## Release old indicies to clear status
tpmnv_relindex -i owner -p $TPM_PASS
tpmnv_relindex -i 0x20000001 -p $TPM_PASS
tpmnv_relindex -i 0x20000002 -p $TPM_PASS
  ## Define indices for owner, error, and TBOOT
tpmnv_defindex -i owner -p $TPM_PASS
tpmnv_defindex -i 0x20000001 -s 256 -pv 0x02 -p $TPM_PASS
tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 -p $TPM_PASS
  ## Create MLE Policy
tb_polgen --create --type nonfatal vl_ver1.pol
  ## Hash vmlinuz, add to policy file
tb_polgen --add --num 0 --pcr none --hash image --cmdline "ro root=/dev/mapper/vg_rd8uxr84163g-lv_root rd_LVM_LV=vg_rd8uxr84163g/lv_swap rd_NO_LUKS LANG=en_US.UTF-8 rd_LVM_LV=vg_rd8uxr84163g/lv_root rd_NO_MD quiet SYSFONT=latarcyrheb-sun16 rhgb crashkernel=auto  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM intel_iommu=on" --image /boot/vmlinuz-2.6.32-220.el6.x86_64 vl_ver1.pol
  ## Hash initramfs, add to policy file
tb_polgen --add --num 1 --pcr 19 --hash image --cmdline "" --image /boot/initramfs-2.6.32-220.el6.x86_64.img vl_ver1.pol
  ## Create TBOOT hash
lcp_mlehash –c "logging=vga,serial,memory loglvl=all" /boot/tboot.gz > tboot_hash
  ## Create Policy Element with tboot_hash
lcp_crtpolelt --create --type mle --ctrl 0x00 --out mle.elt tboot_hash
  ## Create the list of elements, yet to be signed
lcp_crtpollist --create --out list_unsig.lst mle.elt
  ## Generate private key
openssl genrsa -out privkey.pem 2048
  ## Generate public key
openssl rsa -pubout -in privkey.pem -out pubkey.pem
  ## Create the signed list
cp list_unsig.lst list_sig.lst
lcp_crtpollist --sign --pub pubkey.pem --priv privkey.pem --out list_sig.lst
  ## Create the actual policy using the unsigned and signed element lists
lcp_crtpol2 --create --type list --pol list.pol --data list.data list_{unsig,sig}.lst
  ## Write the policies to NVRAM
lcp_writepol -i owner -f list.pol -p $TPM_PASS
lcp_writepol -i 0x20000001 -f vl_ver1.pol -p $TPM_PASS
  ## Copy list.data to boot directory
cp list.data /boot
  ## validate grub.conf has /list.data module and reboot

-Charles
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
tboot-devel mailing list
tboot-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
Jay Schwichtenberg | 9 Apr 18:44 2013
Picon

lcp_* tools and owner policies.

Hello,

With the help from this group I was able to get my server setup with tboot 
and running (THANKS!). I've got my code written and I'm in the testing phase. 
One of the test criteria that I was given is to test the owner 'PolicyType' 
for 3 cases. These are: LCP_POLTYPE_LIST (0), LCP_POLTYPE_ANY (1) and 
POLTYPE_UNINIT (0xFF). I have no problem reading the owner policy and the 
code is detecting the LCP_POLTYPE_LIST from the setup I've done. Since I'm 
using the lcp_* tools from the provided examples I really don't have a 
concise knowledge of what is going on. I can guess and make assumptions but 
when I do that I usually get into trouble.

Would there be any documentation for the lcp_* tools or how to set the owner 
policy type to either any or un-initialized?

If there isn't any docs would there be examples on how to set these owner 
policies?

Thanks for the help.
Jay S.

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
Charles Bushong | 25 Mar 16:51 2013
Picon

verifying module against policy failed

Hi all,

I'm trying to get tboot up and running for my first time, and this list has been a great help.  However it seems I'm running into some problems when actually validating the modules.  I was hoping someone might have some insight as to what I'm doing wrong.  I'm using tboot 1.7.3 and legacy grub if it makes a difference.

I get ownership and define the nvram indicies without much issue (finally).  Then I create and write the v1 policy with this:

tb_polgen --create --type nonfatal vl_ver1.pol
tb_polgen --add --num 0 --pcr 18 --hash image --cmdline "logging=vga,serial,memory loglvl=all" --image /boot/tboot.gz vl_ver1.pol
tb_polgen --add --num 1 --pcr 19 --hash image --cmdline "$kernel_cmdline" --image /boot/vmlinuz-2.6.32-279.5.1.el6.x86_64 vl_ver1.pol
tb_polgen --add --num 2 --pcr 19 --hash image --cmdline "" --image /boot/initramfs-2.6.32-279.5.1.el6.x86_64.img vl_ver1.pol
lcp_writepol -i 0x20000001 -f vl_ver1.pol -p $TPM_PASS

There are a few red flags that are sticking out to me.

1) Does this post-GETSEC[SENTER] error code mean anything?
TBOOT: TXT.ERRORCODE: 0xc0000001
TBOOT: AC module error : acm_type=0x1, progress=0x00, error=0x0

2) Modules failing.
TBOOT: verifying module "
/vmlinuz-2.6.32-279.5.1.el6.x86_64 (kernel command line)"...
TBOOT:   verification failed
TBOOT: verifying module against policy failed.
TBOOT: verifying module "
/initramfs-2.6.32-279.5.1.el6.x86_64.img"...
TBOOT:   verification failed
TBOOT: verifying module against policy failed.
TBOOT: all modules are verified

I can't figure out why it's reading the policy without issue, getting into GETSEC[SENTER], and then still failing the policy check.  Any help or points in the right direction would be appreciated.  Thanks!

-Charles
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
tboot-devel mailing list
tboot-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
Jan Beulich | 11 Mar 10:48 2013

[PATCH] Xen/ACPI: support sleep state entering on hardware reduced systems

In version 3.4 acpi_os_prepare_sleep() got introduced in parallel with
reduced hardware sleep support, and the two changes didn't get
synchronized: The new code doesn't call the hook function (if so
requested). Fix this, requiring a boolean parameter to be added to the
hook function to distinguish "extended" from "legacy" sleep.

This requires adjusting TXT, but the adjustments only go as far as
failing the extended mode call (since, looking at the TXT interface,
there doesn't even appear to be precautions to deal with that
alternative interface).

Signed-off-by: Jan Beulich <jbeulich <at> suse.com>
Cc: Richard L Maliszewski <richard.l.maliszewski <at> intel.com>
Cc: Gang Wei <gang.wei <at> intel.com>
Cc: Shane Wang <shane.wang <at> intel.com>

---
 arch/x86/kernel/tboot.c          |    6 +++++-
 drivers/acpi/acpica/hwesleep.c   |    8 ++++++++
 drivers/acpi/acpica/hwsleep.c    |    2 +-
 drivers/acpi/osl.c               |   16 ++++++++--------
 drivers/xen/acpi.c               |   26 +++++++++++++-------------
 include/linux/acpi.h             |   10 +++++-----
 include/xen/acpi.h               |    4 ++--
 include/xen/interface/platform.h |    7 ++++---
 8 files changed, 46 insertions(+), 33 deletions(-)

--- 3.9-rc2/arch/x86/kernel/tboot.c
+++ 3.9-rc2-xen-ACPI-v5-sleep/arch/x86/kernel/tboot.c
 <at>  <at>  -273,7 +273,8  <at>  <at>  static void tboot_copy_fadt(const struct
 		offsetof(struct acpi_table_facs, firmware_waking_vector);
 }

-static int tboot_sleep(u8 sleep_state, u32 pm1a_control, u32 pm1b_control)
+static int tboot_sleep(u8 sleep_state, u32 pm1a_control, u32 pm1b_control,
+		       bool extended)
 {
 	static u32 acpi_shutdown_map[ACPI_S_STATE_COUNT] = {
 		/* S0,1,2: */ -1, -1, -1,
 <at>  <at>  -284,6 +285,9  <at>  <at>  static int tboot_sleep(u8 sleep_state, u
 	if (!tboot_enabled())
 		return 0;

+	if (extended)
+		return -1;
+
 	tboot_copy_fadt(&acpi_gbl_FADT);
 	tboot->acpi_sinfo.pm1a_cnt_val = pm1a_control;
 	tboot->acpi_sinfo.pm1b_cnt_val = pm1b_control;
--- 3.9-rc2/drivers/acpi/acpica/hwesleep.c
+++ 3.9-rc2-xen-ACPI-v5-sleep/drivers/acpi/acpica/hwesleep.c
 <at>  <at>  -43,6 +43,7  <at>  <at> 
  */

 #include <acpi/acpi.h>
+#include <linux/acpi.h>
 #include "accommon.h"

 #define _COMPONENT          ACPI_HARDWARE
 <at>  <at>  -128,6 +129,13  <at>  <at>  acpi_status acpi_hw_extended_sleep(u8 sl

 	ACPI_FLUSH_CPU_CACHE();

+	status = acpi_os_prepare_sleep(sleep_state, acpi_gbl_sleep_type_a,
+				       acpi_gbl_sleep_type_b, true);
+	if (ACPI_SKIP(status))
+		return_ACPI_STATUS(AE_OK);
+	if (ACPI_FAILURE(status))
+		return_ACPI_STATUS(status);
+
 	/*
 	 * Set the SLP_TYP and SLP_EN bits.
 	 *
--- 3.9-rc2/drivers/acpi/acpica/hwsleep.c
+++ 3.9-rc2-xen-ACPI-v5-sleep/drivers/acpi/acpica/hwsleep.c
 <at>  <at>  -153,7 +153,7  <at>  <at>  acpi_status acpi_hw_legacy_sleep(u8 slee
 	ACPI_FLUSH_CPU_CACHE();

 	status = acpi_os_prepare_sleep(sleep_state, pm1a_control,
-				       pm1b_control);
+				       pm1b_control, false);
 	if (ACPI_SKIP(status))
 		return_ACPI_STATUS(AE_OK);
 	if (ACPI_FAILURE(status))
--- 3.9-rc2/drivers/acpi/osl.c
+++ 3.9-rc2-xen-ACPI-v5-sleep/drivers/acpi/osl.c
 <at>  <at>  -77,8 +77,8  <at>  <at>  EXPORT_SYMBOL(acpi_in_debugger);
 extern char line_buf[80];
 #endif				/*ENABLE_DEBUGGER */

-static int (*__acpi_os_prepare_sleep)(u8 sleep_state, u32 pm1a_ctrl,
-				      u32 pm1b_ctrl);
+static int (*__acpi_os_prepare_sleep)(u8 sleep_state, u32 val_a, u32 val_b,
+				      bool extended);

 static acpi_osd_handler acpi_irq_handler;
 static void *acpi_irq_context;
 <at>  <at>  -1757,13 +1757,13  <at>  <at>  acpi_status acpi_os_terminate(void)
 	return AE_OK;
 }

-acpi_status acpi_os_prepare_sleep(u8 sleep_state, u32 pm1a_control,
-				  u32 pm1b_control)
+acpi_status acpi_os_prepare_sleep(u8 sleep_state, u32 val_a, u32 val_b,
+				  bool extended)
 {
 	int rc = 0;
 	if (__acpi_os_prepare_sleep)
-		rc = __acpi_os_prepare_sleep(sleep_state,
-					     pm1a_control, pm1b_control);
+		rc = __acpi_os_prepare_sleep(sleep_state, val_a, val_b,
+					     extended);
 	if (rc < 0)
 		return AE_ERROR;
 	else if (rc > 0)
 <at>  <at>  -1772,8 +1772,8  <at>  <at>  acpi_status acpi_os_prepare_sleep(u8 sle
 	return AE_OK;
 }

-void acpi_os_set_prepare_sleep(int (*func)(u8 sleep_state,
-			       u32 pm1a_ctrl, u32 pm1b_ctrl))
+void acpi_os_set_prepare_sleep(int (*func)(u8 sleep_state, u32 val_a,
+					   u32 val_b, bool extended))
 {
 	__acpi_os_prepare_sleep = func;
 }
--- 3.9-rc2/drivers/xen/acpi.c
+++ 3.9-rc2-xen-ACPI-v5-sleep/drivers/xen/acpi.c
 <at>  <at>  -35,27 +35,27  <at>  <at> 
 #include <asm/xen/hypercall.h>
 #include <asm/xen/hypervisor.h>

-int xen_acpi_notify_hypervisor_state(u8 sleep_state,
-				     u32 pm1a_cnt, u32 pm1b_cnt)
+int xen_acpi_notify_hypervisor_state(u8 sleep_state, u32 val_a, u32 val_b,
+				     bool extended)
 {
+	unsigned int bits = extended ? 8 : 16;
+
 	struct xen_platform_op op = {
 		.cmd = XENPF_enter_acpi_sleep,
 		.interface_version = XENPF_INTERFACE_VERSION,
-		.u = {
-			.enter_acpi_sleep = {
-				.pm1a_cnt_val = (u16)pm1a_cnt,
-				.pm1b_cnt_val = (u16)pm1b_cnt,
-				.sleep_state = sleep_state,
-			},
+		.u.enter_acpi_sleep = {
+			.val_a = (u16)val_a,
+			.val_b = (u16)val_b,
+			.sleep_state = sleep_state,
+			.flags = extended ? XENPF_ACPI_SLEEP_EXTENDED : 0,
 		},
 	};

-	if ((pm1a_cnt & 0xffff0000) || (pm1b_cnt & 0xffff0000)) {
-		WARN(1, "Using more than 16bits of PM1A/B 0x%x/0x%x!"
-		     "Email xen-devel <at> lists.xensource.com  Thank you.\n", \
-		     pm1a_cnt, pm1b_cnt);
+	if (WARN((val_a & (~0 << bits)) || (val_b & (~0 << bits)),
+		 "Using more than %u bits of sleep control values %#x/%#x!"
+		 "Email xen-devel <at> lists.xen.org - Thank you.\n", \
+		 bits, val_a, val_b))
 		return -1;
-	}

 	HYPERVISOR_dom0_op(&op);
 	return 1;
--- 3.9-rc2/include/linux/acpi.h
+++ 3.9-rc2-xen-ACPI-v5-sleep/include/linux/acpi.h
 <at>  <at>  -486,11 +486,11  <at>  <at>  static inline bool acpi_driver_match_dev
 #endif	/* !CONFIG_ACPI */

 #ifdef CONFIG_ACPI
-void acpi_os_set_prepare_sleep(int (*func)(u8 sleep_state,
-			       u32 pm1a_ctrl,  u32 pm1b_ctrl));
+void acpi_os_set_prepare_sleep(int (*func)(u8 sleep_state, u32 val_a,
+					   u32 val_b, bool extended));

-acpi_status acpi_os_prepare_sleep(u8 sleep_state,
-				  u32 pm1a_control, u32 pm1b_control);
+acpi_status acpi_os_prepare_sleep(u8 sleep_state, u32 val_a, u32 val_b,
+				  bool extended);
 #ifdef CONFIG_X86
 void arch_reserve_mem_area(acpi_physical_address addr, size_t size);
 #else
 <at>  <at>  -500,7 +500,7  <at>  <at>  static inline void arch_reserve_mem_area
 }
 #endif /* CONFIG_X86 */
 #else
-#define acpi_os_set_prepare_sleep(func, pm1a_ctrl, pm1b_ctrl) do { } while (0)
+#define acpi_os_set_prepare_sleep(func, val_a, val_b, ext) do { } while (0)
 #endif

 #if defined(CONFIG_ACPI) && defined(CONFIG_PM_RUNTIME)
--- 3.9-rc2/include/xen/acpi.h
+++ 3.9-rc2-xen-ACPI-v5-sleep/include/xen/acpi.h
 <at>  <at>  -75,8 +75,8  <at>  <at>  static inline int xen_acpi_get_pxm(acpi_
 	return -ENXIO;
 }

-int xen_acpi_notify_hypervisor_state(u8 sleep_state,
-				     u32 pm1a_cnt, u32 pm1b_cnd);
+int xen_acpi_notify_hypervisor_state(u8 sleep_state, u32 val_a, u32 val_b,
+				     bool extended);

 static inline void xen_acpi_sleep_register(void)
 {
--- 3.9-rc2/include/xen/interface/platform.h
+++ 3.9-rc2-xen-ACPI-v5-sleep/include/xen/interface/platform.h
 <at>  <at>  -152,10 +152,11  <at>  <at>  DEFINE_GUEST_HANDLE_STRUCT(xenpf_firmwar
 #define XENPF_enter_acpi_sleep    51
 struct xenpf_enter_acpi_sleep {
 	/* IN variables */
-	uint16_t pm1a_cnt_val;      /* PM1a control value. */
-	uint16_t pm1b_cnt_val;      /* PM1b control value. */
+	uint16_t val_a;             /* PM1a control / sleep type A. */
+	uint16_t val_b;             /* PM1b control / sleep type B. */
 	uint32_t sleep_state;       /* Which state to enter (Sn). */
-	uint32_t flags;             /* Must be zero. */
+#define XENPF_ACPI_SLEEP_EXTENDED 0x00000001
+	uint32_t flags;             /* XENPF_ACPI_SLEEP_*. */
 };
 DEFINE_GUEST_HANDLE_STRUCT(xenpf_enter_acpi_sleep_t);

Xen/ACPI: support sleep state entering on hardware reduced systems

In version 3.4 acpi_os_prepare_sleep() got introduced in parallel with
reduced hardware sleep support, and the two changes didn't get
synchronized: The new code doesn't call the hook function (if so
requested). Fix this, requiring a boolean parameter to be added to the
hook function to distinguish "extended" from "legacy" sleep.

This requires adjusting TXT, but the adjustments only go as far as
failing the extended mode call (since, looking at the TXT interface,
there doesn't even appear to be precautions to deal with that
alternative interface).

Signed-off-by: Jan Beulich <jbeulich <at> suse.com>
Cc: Richard L Maliszewski <richard.l.maliszewski <at> intel.com>
Cc: Gang Wei <gang.wei <at> intel.com>
Cc: Shane Wang <shane.wang <at> intel.com>

---
 arch/x86/kernel/tboot.c          |    6 +++++-
 drivers/acpi/acpica/hwesleep.c   |    8 ++++++++
 drivers/acpi/acpica/hwsleep.c    |    2 +-
 drivers/acpi/osl.c               |   16 ++++++++--------
 drivers/xen/acpi.c               |   26 +++++++++++++-------------
 include/linux/acpi.h             |   10 +++++-----
 include/xen/acpi.h               |    4 ++--
 include/xen/interface/platform.h |    7 ++++---
 8 files changed, 46 insertions(+), 33 deletions(-)

--- 3.9-rc2/arch/x86/kernel/tboot.c
+++ 3.9-rc2-xen-ACPI-v5-sleep/arch/x86/kernel/tboot.c
 <at>  <at>  -273,7 +273,8  <at>  <at>  static void tboot_copy_fadt(const struct
 		offsetof(struct acpi_table_facs, firmware_waking_vector);
 }

-static int tboot_sleep(u8 sleep_state, u32 pm1a_control, u32 pm1b_control)
+static int tboot_sleep(u8 sleep_state, u32 pm1a_control, u32 pm1b_control,
+		       bool extended)
 {
 	static u32 acpi_shutdown_map[ACPI_S_STATE_COUNT] = {
 		/* S0,1,2: */ -1, -1, -1,
 <at>  <at>  -284,6 +285,9  <at>  <at>  static int tboot_sleep(u8 sleep_state, u
 	if (!tboot_enabled())
 		return 0;

+	if (extended)
+		return -1;
+
 	tboot_copy_fadt(&acpi_gbl_FADT);
 	tboot->acpi_sinfo.pm1a_cnt_val = pm1a_control;
 	tboot->acpi_sinfo.pm1b_cnt_val = pm1b_control;
--- 3.9-rc2/drivers/acpi/acpica/hwesleep.c
+++ 3.9-rc2-xen-ACPI-v5-sleep/drivers/acpi/acpica/hwesleep.c
 <at>  <at>  -43,6 +43,7  <at>  <at> 
  */

 #include <acpi/acpi.h>
+#include <linux/acpi.h>
 #include "accommon.h"

 #define _COMPONENT          ACPI_HARDWARE
 <at>  <at>  -128,6 +129,13  <at>  <at>  acpi_status acpi_hw_extended_sleep(u8 sl

 	ACPI_FLUSH_CPU_CACHE();

+	status = acpi_os_prepare_sleep(sleep_state, acpi_gbl_sleep_type_a,
+				       acpi_gbl_sleep_type_b, true);
+	if (ACPI_SKIP(status))
+		return_ACPI_STATUS(AE_OK);
+	if (ACPI_FAILURE(status))
+		return_ACPI_STATUS(status);
+
 	/*
 	 * Set the SLP_TYP and SLP_EN bits.
 	 *
--- 3.9-rc2/drivers/acpi/acpica/hwsleep.c
+++ 3.9-rc2-xen-ACPI-v5-sleep/drivers/acpi/acpica/hwsleep.c
 <at>  <at>  -153,7 +153,7  <at>  <at>  acpi_status acpi_hw_legacy_sleep(u8 slee
 	ACPI_FLUSH_CPU_CACHE();

 	status = acpi_os_prepare_sleep(sleep_state, pm1a_control,
-				       pm1b_control);
+				       pm1b_control, false);
 	if (ACPI_SKIP(status))
 		return_ACPI_STATUS(AE_OK);
 	if (ACPI_FAILURE(status))
--- 3.9-rc2/drivers/acpi/osl.c
+++ 3.9-rc2-xen-ACPI-v5-sleep/drivers/acpi/osl.c
 <at>  <at>  -77,8 +77,8  <at>  <at>  EXPORT_SYMBOL(acpi_in_debugger);
 extern char line_buf[80];
 #endif				/*ENABLE_DEBUGGER */

-static int (*__acpi_os_prepare_sleep)(u8 sleep_state, u32 pm1a_ctrl,
-				      u32 pm1b_ctrl);
+static int (*__acpi_os_prepare_sleep)(u8 sleep_state, u32 val_a, u32 val_b,
+				      bool extended);

 static acpi_osd_handler acpi_irq_handler;
 static void *acpi_irq_context;
 <at>  <at>  -1757,13 +1757,13  <at>  <at>  acpi_status acpi_os_terminate(void)
 	return AE_OK;
 }

-acpi_status acpi_os_prepare_sleep(u8 sleep_state, u32 pm1a_control,
-				  u32 pm1b_control)
+acpi_status acpi_os_prepare_sleep(u8 sleep_state, u32 val_a, u32 val_b,
+				  bool extended)
 {
 	int rc = 0;
 	if (__acpi_os_prepare_sleep)
-		rc = __acpi_os_prepare_sleep(sleep_state,
-					     pm1a_control, pm1b_control);
+		rc = __acpi_os_prepare_sleep(sleep_state, val_a, val_b,
+					     extended);
 	if (rc < 0)
 		return AE_ERROR;
 	else if (rc > 0)
 <at>  <at>  -1772,8 +1772,8  <at>  <at>  acpi_status acpi_os_prepare_sleep(u8 sle
 	return AE_OK;
 }

-void acpi_os_set_prepare_sleep(int (*func)(u8 sleep_state,
-			       u32 pm1a_ctrl, u32 pm1b_ctrl))
+void acpi_os_set_prepare_sleep(int (*func)(u8 sleep_state, u32 val_a,
+					   u32 val_b, bool extended))
 {
 	__acpi_os_prepare_sleep = func;
 }
--- 3.9-rc2/drivers/xen/acpi.c
+++ 3.9-rc2-xen-ACPI-v5-sleep/drivers/xen/acpi.c
 <at>  <at>  -35,27 +35,27  <at>  <at> 
 #include <asm/xen/hypercall.h>
 #include <asm/xen/hypervisor.h>

-int xen_acpi_notify_hypervisor_state(u8 sleep_state,
-				     u32 pm1a_cnt, u32 pm1b_cnt)
+int xen_acpi_notify_hypervisor_state(u8 sleep_state, u32 val_a, u32 val_b,
+				     bool extended)
 {
+	unsigned int bits = extended ? 8 : 16;
+
 	struct xen_platform_op op = {
 		.cmd = XENPF_enter_acpi_sleep,
 		.interface_version = XENPF_INTERFACE_VERSION,
-		.u = {
-			.enter_acpi_sleep = {
-				.pm1a_cnt_val = (u16)pm1a_cnt,
-				.pm1b_cnt_val = (u16)pm1b_cnt,
-				.sleep_state = sleep_state,
-			},
+		.u.enter_acpi_sleep = {
+			.val_a = (u16)val_a,
+			.val_b = (u16)val_b,
+			.sleep_state = sleep_state,
+			.flags = extended ? XENPF_ACPI_SLEEP_EXTENDED : 0,
 		},
 	};

-	if ((pm1a_cnt & 0xffff0000) || (pm1b_cnt & 0xffff0000)) {
-		WARN(1, "Using more than 16bits of PM1A/B 0x%x/0x%x!"
-		     "Email xen-devel <at> lists.xensource.com  Thank you.\n", \
-		     pm1a_cnt, pm1b_cnt);
+	if (WARN((val_a & (~0 << bits)) || (val_b & (~0 << bits)),
+		 "Using more than %u bits of sleep control values %#x/%#x!"
+		 "Email xen-devel <at> lists.xen.org - Thank you.\n", \
+		 bits, val_a, val_b))
 		return -1;
-	}

 	HYPERVISOR_dom0_op(&op);
 	return 1;
--- 3.9-rc2/include/linux/acpi.h
+++ 3.9-rc2-xen-ACPI-v5-sleep/include/linux/acpi.h
 <at>  <at>  -486,11 +486,11  <at>  <at>  static inline bool acpi_driver_match_dev
 #endif	/* !CONFIG_ACPI */

 #ifdef CONFIG_ACPI
-void acpi_os_set_prepare_sleep(int (*func)(u8 sleep_state,
-			       u32 pm1a_ctrl,  u32 pm1b_ctrl));
+void acpi_os_set_prepare_sleep(int (*func)(u8 sleep_state, u32 val_a,
+					   u32 val_b, bool extended));

-acpi_status acpi_os_prepare_sleep(u8 sleep_state,
-				  u32 pm1a_control, u32 pm1b_control);
+acpi_status acpi_os_prepare_sleep(u8 sleep_state, u32 val_a, u32 val_b,
+				  bool extended);
 #ifdef CONFIG_X86
 void arch_reserve_mem_area(acpi_physical_address addr, size_t size);
 #else
 <at>  <at>  -500,7 +500,7  <at>  <at>  static inline void arch_reserve_mem_area
 }
 #endif /* CONFIG_X86 */
 #else
-#define acpi_os_set_prepare_sleep(func, pm1a_ctrl, pm1b_ctrl) do { } while (0)
+#define acpi_os_set_prepare_sleep(func, val_a, val_b, ext) do { } while (0)
 #endif

 #if defined(CONFIG_ACPI) && defined(CONFIG_PM_RUNTIME)
--- 3.9-rc2/include/xen/acpi.h
+++ 3.9-rc2-xen-ACPI-v5-sleep/include/xen/acpi.h
 <at>  <at>  -75,8 +75,8  <at>  <at>  static inline int xen_acpi_get_pxm(acpi_
 	return -ENXIO;
 }

-int xen_acpi_notify_hypervisor_state(u8 sleep_state,
-				     u32 pm1a_cnt, u32 pm1b_cnd);
+int xen_acpi_notify_hypervisor_state(u8 sleep_state, u32 val_a, u32 val_b,
+				     bool extended);

 static inline void xen_acpi_sleep_register(void)
 {
--- 3.9-rc2/include/xen/interface/platform.h
+++ 3.9-rc2-xen-ACPI-v5-sleep/include/xen/interface/platform.h
 <at>  <at>  -152,10 +152,11  <at>  <at>  DEFINE_GUEST_HANDLE_STRUCT(xenpf_firmwar
 #define XENPF_enter_acpi_sleep    51
 struct xenpf_enter_acpi_sleep {
 	/* IN variables */
-	uint16_t pm1a_cnt_val;      /* PM1a control value. */
-	uint16_t pm1b_cnt_val;      /* PM1b control value. */
+	uint16_t val_a;             /* PM1a control / sleep type A. */
+	uint16_t val_b;             /* PM1b control / sleep type B. */
 	uint32_t sleep_state;       /* Which state to enter (Sn). */
-	uint32_t flags;             /* Must be zero. */
+#define XENPF_ACPI_SLEEP_EXTENDED 0x00000001
+	uint32_t flags;             /* XENPF_ACPI_SLEEP_*. */
 };
 DEFINE_GUEST_HANDLE_STRUCT(xenpf_enter_acpi_sleep_t);


Gmane