Charles.Fisher | 12 Dec 00:23 2012

Buffer overrun and memory leak problems.

All,

 

While doing a routine update of a security review of the tboot code, I found a couple of minor problems – two potential (but very unlikely) buffer overrun problems, and one minor memory leak – although the program is going to terminate almost immediately, so the memory comes back anyway.

 

At any rate, here is a patch to correct the problem.

 

Signed Off by: Charles Fisher charles.fisher <at> gdc4s.com

 

diff -up tboot-1.7.2/lcptools/crtpconf.c.orig tboot-1.7.2/lcptools/crtpconf.c

--- tboot-1.7.2/lcptools/crtpconf.c.orig  2012-12-11 13:16:12.239464000 -0700

+++ tboot-1.7.2/lcptools/crtpconf.c 2012-12-11 16:00:23.097982000 -0700

<at> <at> -109,14 +109,12 <at> <at> main(int argc, char *argv[])

     uint16_t i = 0;

     uint32_t index[MAX_INDEX] = {0};

     uint32_t idx_num = 0;

-    unsigned char *pcr_num[MAX_INDEX] = {NULL};

     FILE *p_file = NULL;

     unsigned char* srtm_data = NULL;

     uint32_t data_len = 0;

     TPM_LOCALITY_SELECTION local_sel;

     lcp_result_t ret_value = LCP_E_COMD_INTERNAL_ERR;

-    uint32_t temp = 0;

     /*

      * No parameter input will print out the help message.

<at> <at> -151,28 +149,13 <at> <at> main(int argc, char *argv[])

         ret_value = LCP_E_INVALID_PARAMETER;

         goto _error_end;

     }

-

-    for (i = 0; i < MAX_INDEX; i++) {

-        pcr_num[i] = (unsigned char *)malloc(10);

-        if ( pcr_num[i] == NULL ) {

-            ret_value = LCP_E_OUTOFMEMORY;

-            goto _error_end;

-        }

-    }

-    if ( str_split((char *)pcr_val, (char **)&pcr_num, &idx_num) < 0 ) {

-        ret_value = LCP_E_INVALID_PARAMETER;

-        goto _error_end;

-    }

+    idx_num = MAX_INDEX;

+    str_split((char *)pcr_val, index, &idx_num);

     for ( i = 0; i < idx_num; i++ ) {

-      if ( strtonum((char *)pcr_num[i], &temp) < 0 ) {

-            ret_value = LCP_E_INVALID_PARAMETER;

-            goto _error_end;

-        }

-        if ( temp > 23 ) {

+        if ( index[i] > 23 ) {

             ret_value = LCP_E_INVALID_PARAMETER;

             goto _error_end;

-        }

-        index[i] = temp;

+     }

     }

     local_sel = (TPM_LOCALITY_SELECTION)locality;

<at> <at> -200,8 +183,7 <at> <at> main(int argc, char *argv[])

             fclose(p_file);

         } else

             print_hexmsg("the PConf data is:\n", data_len, srtm_data);

-        if(srtm_data)

-            free(srtm_data);

+     free(srtm_data);

     } else

         goto _error_end;

<at> <at> -210,10 +192,10 <at> <at> _error_end:

     /*

      * Error when execute.

      */

-    for (i = 0; i < MAX_INDEX; i++)

-        free(pcr_num[i]);

-    free(srtm_data);

+    if (srtm_data)

+     free(srtm_data);

     log_error("\nCommand CrtPConf failed:\n");

     print_error(ret_value);

     return ret_value;

-}

+    }

+   

diff -up tboot-1.7.2/lcptools/lcputils.c.orig tboot-1.7.2/lcptools/lcputils.c

--- tboot-1.7.2/lcptools/lcputils.c.orig  2012-12-11 13:16:30.352217000 -0700

+++ tboot-1.7.2/lcptools/lcputils.c 2012-12-11 15:44:03.076312000 -0700

<at> <at> -217,42 +217,22 <at> <at> print_hexmsg(const char *header_msg, int

}

 /* split the input string in the format: num1,num2,...,numN

- * into the array = {num1, num2, ... , numN}

+ * into the numeric array = {num1, num2, ... , numN}

*/

-int

-str_split(const char *str_in, char **str_out, unsigned int *number)

+void

+str_split(char *str_in, uint32_t ints[], unsigned int *nr_ints)

{

-    char * temp;

-    int num = 0;

-    const char *sep = ",";

-    size_t str_length = 0;

-    char *string = (char *)malloc(strlen(str_in) + 1);

-

-    if ( string == NULL )

-        return -1;

-    if ( str_in == NULL || str_out == NULL || number == NULL ) {

-        free(string);

-        return -1;

-    }

-    strcpy(string, str_in);

-    temp =strtok(string, sep);

-    if ( temp != NULL && str_out[num] )

-        strcpy(str_out[num], temp);//strtok(string, sep));

-    while (str_out[num] != NULL) {

-        str_length += strlen(str_out[num]);

-        num++;

-        temp = strtok(NULL, sep);

-        if ( temp != NULL )

-            strcpy(str_out[num], temp);

-        else

-            str_out[num] = NULL;

+    unsigned int nr = 0;

+

+    while ( true ) {

+        char *str = strsep(&str_in, ",");

+        if ( str == NULL || nr == *nr_ints )

+            break;

+        ints[nr++] = strtoul(str, NULL, 0);

     }

-    free(string);

-    *number = num;

-    str_length += num - 1;

-    if ( str_length != strlen(str_in) )

-        return -1;

-    return 0;

+    if ( nr == *nr_ints )

+        log_error("Error: too many items in list\n");

+    *nr_ints = nr;

}

 uint16_t

diff -up tboot-1.7.2/lcptools/lcputils.h.orig tboot-1.7.2/lcptools/lcputils.h

--- tboot-1.7.2/lcptools/lcputils.h.orig  2012-12-11 15:20:08.106747000 -0700

+++ tboot-1.7.2/lcptools/lcputils.h 2012-12-11 15:42:34.009610000 -0700

<at> <at> -134,6 +134,6 <at> <at> calc_sizeofselect(uint32_t num_indices,

void print_locality(unsigned char loc);

void print_permissions(UINT32 perms, const char *prefix);

-int str_split(const char *str_in, char **str_out, unsigned int *number);

+void str_split(char *str_in, uint32_t ints[], unsigned int *number);

 #endif

diff -up tboot-1.7.2/lcptools/lock.c.orig tboot-1.7.2/lcptools/lock.c

--- tboot-1.7.2/lcptools/lock.c.orig      2012-12-11 14:57:02.784235000 -0700

+++ tboot-1.7.2/lcptools/lock.c     2012-12-11 15:15:43.532763000 -0700

<at> <at> -91,7 +91,8 <at> <at> parse_cmdline(int argc, const char * arg

int

main (int argc, char *argv[])

{

-    char confirm_lock[1024] = {0};

+    char confirm_lock[4] = {0};

+    char c;

     in_nv_definespace_t in_defspace;

     lcp_result_t ret_value = LCP_E_COMD_INTERNAL_ERR;

<at> <at> -119,12 +120,12 <at> <at> main (int argc, char *argv[])

          */

         do {

             log_info("Really want to lock TPM NV? (Y/N) ");

-            dummy = scanf("%s", confirm_lock);

+            dummy = scanf("%3s", confirm_lock);

             if ( dummy <= 0 )

                 return LCP_E_COMD_INTERNAL_ERR;

-        } while (strcmp(confirm_lock, "N") && strcmp(confirm_lock, "n") &&

-           strcmp(confirm_lock, "Y") && strcmp(confirm_lock, "y"));

-        if ( !strcmp(confirm_lock, "N") || !strcmp(confirm_lock, "n") ) {

+         c = confirm_lock[0] | ' ';

+        } while ( (c != 'n') && (c != 'y') );

+        if ( c == 'n') {

             ret_value = LCP_SUCCESS;

             return ret_value;

         }

 

------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
tboot-devel mailing list
tboot-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
Patrick Winchester | 2 Dec 12:02 2012

TBoot setup on Ubuntu 12.10

Hi list,

I am trying to get tboot to run my Ubuntu 12.10 environment on a Dell Latitude 6520 laptop (no Xen / Hypervisor involved).
Sadly, I am a little stuck.

I took the following steps to install tboot:

apt-get install tboot

tpm_takeownership -z

Download SINIT from intel.com and place *.BIN in /boot

update-grub

Now, when I try to boot into tboot from the grub menu, I get two sets of results after seeing the message
Loading SINIT <binname>:
2nd_gen_i5_i7-SINIT_51 - the machine just hangs, no more activity or progress
3nd_gen_i5_i7-SINIT_51 (or any other) - the machine restart immediately

I have enabled all necessary options in BIOS and I am trying to EFI boot from a GPT disk (in case this is relevant).

Can someone point me to some resources on how to set this up properly or provide some insight into what is
going wrong?
Any help is appreciated.

Cheers,
 -- Patrick

------------------------------------------------------------------------------
Keep yourself connected to Go Parallel: 
DESIGN Expert tips on starting your parallel project right.
http://goparallel.sourceforge.net/
Charles.Fisher | 22 Oct 19:23 2012

USB interrupts and scrubbing e820 memory

Patch [2/2]

 

Signed-off-by: Charles Fisher <Charles.Fisher <at> gdc4s.com

 

There are a couple of problems that occur with tboot. The first is on some Dell

laptops, it is necessary to disable the legacy usb interrupts. This patch

provides a mechanism to enable a developer to do so.

 

The second problem is that in certain circumstances, data owners consider the

contents of memory to be sensitive. In these cases, they require that the e820

map be scrubbed. The other portion of this patch provides a capability to do

that scrub.

 

Both options are invoked via the command line, and both default to the current

behavior - i.e. don't disable the usb interrupts, and don't scrub the memory.

 

+bool get_scrub_e820(void)

+{

+    const char *clean_map = get_option_val(g_tboot_cmdline_options,

+                                           g_tboot_param_values, "scrub_e820");

+    if ( clean_map == NULL || ( strcmp(clean_map, "true") != 0 ))

+        return false;

+    return true;

+}

+   

 bool get_tboot_prefer_da(void)

{

     const char *value = get_option_val(g_tboot_cmdline_options,

diff -up tboot-1.7.2/tboot/common/e820.c.orig tboot-1.7.2/tboot/common/e820.c

--- tboot-1.7.2/tboot/common/e820.c.orig  2012-10-09 14:27:01.578660000 -0700

+++ tboot-1.7.2/tboot/common/e820.c 2012-10-09 14:28:48.030072000 -0700

<at> <at> -36,10 +36,14 <at> <at>

#include <config.h>

#include <types.h>

#include <stdbool.h>

+#include <compiler.h>

+#include <string.h>

#include <printk.h>

+#include <processor.h>

#include <cmdline.h>

#include <multiboot.h>

#include <stdarg.h>

+#include <paging.h>

#include <misc.h>

#include <pci_cfgreg.h>

#include <e820.h>

<at> <at> -553,6 +557,118 <at> <at> bool e820_reserve_ram(uint64_t base, uin

     return true;

}

 

+/* Define the virtual address page used to scrub memory     */

+/* tboot data is in page 0 of virtual and physical memory   */

+/* tboot code is on page 4 of virtual an physical memory    */

+/* These are the only pages that can't be used.             */

+/* Define a page that provides a little distance from these */

+/* ALL usable memory is erased by calling memset with       */

+/* the same virtual address. The virtual address is mapped  */

+/* to the proper physical address prior calling memset      */

+/* Page 8 is used for this version                          */

+/* This page is virtual address space 0x01000000            */

+/* With this address, the address space being erased is     */

+/* always in the range 0x01000000 - 0x011FFFFF              */

+#define SCRUB_VIRUTAL_ADDRESS 0x01000000

+#define SCRUB_BLOCK_SIZE (1 << TB_L1_PAGETABLE_SHIFT)

+#define SCRUB_BLOCK_OFFSET (SCRUB_BLOCK_SIZE - 1)

+

+/*

+ * e820_scrub_usable

+ *

+ * Scrub all e820 memory marked as usable.

+ *

+ */

+void e820_scrub_usable(void)

+{

+    printk("scrubbing memory\n");

+

+    /* Enable paging */

+    enable_paging();

+

+    /* Iterate the e820 map */

+    for ( unsigned int i = 0; i < g_nr_map; i++ ) {

+        /* Get the block start and length */

+        memory_map_t *entry = &g_copy_e820_map[i];

+        uint64_t block_start = e820_base_64(entry);

+        uint64_t block_length = e820_length_64(entry);

+

+        /* Is block a usable block? */

+        if(entry->type == E820_RAM) {

+            /* Erase the block */

+            printk("%016Lx - %016Lx\n",

+               (unsigned long long)block_start,

+               (unsigned long long)(block_start + block_length));

+

+            /* Loop over block by physical 'page' */

+            while(block_length > 0) {

+                /*

+                 *

+                 * Map the physical address at block_start to

+                 * virtual address SCRUB_VIRUTAL_ADDRESS

+                 * Since the physical address is specified as a page

+                 * the block does not need to start on a page boundary.

+                 *

+                 */

+                map_pages_to_tboot(

+                    SCRUB_VIRUTAL_ADDRESS,

+                    block_start>>TB_L1_PAGETABLE_SHIFT,

+                    1);

+

+                /*

+                 *

+                 * If block_start is not on a page boundary,

+                 * erase the block from the offset to the end of page.

+                 *

+                 */

+                uint32_t scrub_block_offset = block_start & SCRUB_BLOCK_OFFSET;

+

+                /*

+                 *

+                 * The starting virtual address is the

+                 * SCRUB_VIRUTAL_ADDRESS plus any offset

+                 *

+                 */

+                uint32_t scrub_block_virtual_address =

+                    SCRUB_VIRUTAL_ADDRESS + scrub_block_offset;

+

+                /*

+                 *

+                 * Determine the block size.

+                 * The block size is from the start address to the

+                 * end of the page or block.

+                 *

+                 */

+                uint32_t scrub_block_length =

+                    SCRUB_BLOCK_SIZE - scrub_block_offset;

+                if(scrub_block_length > block_length)

+                    scrub_block_length = block_length;

+

+                /*

+                 *

+                 * The page is mapped.

+                 * The starting virual address and length have been computed.

+                 * Ready to erase.

+                 *

+                 */

+                memset(

+                    (void*)scrub_block_virtual_address,

+                    0,

+                    scrub_block_length);

+

+                /* Advance to the next page */

+                block_length -= scrub_block_length;

+                block_start  += scrub_block_length;

+

+            }

+        }

+    }

+

+    disable_paging();

+    wbinvd();

+    printk("complete\n");

+}

+

void print_e820_map(void)

{

     print_map(g_copy_e820_map, g_nr_map);

diff -up tboot-1.7.2/tboot/common/tboot.c.orig tboot-1.7.2/tboot/common/tboot.c

--- tboot-1.7.2/tboot/common/tboot.c.orig 2012-10-09 14:26:33.211480000 -0700

+++ tboot-1.7.2/tboot/common/tboot.c      2012-10-09 14:28:59.726554000 -0700

<at> <at> -207,6 +207,14 <at> <at> static void post_launch(void)

         if ( !e820_protect_region(base, size, E820_RESERVED) )

             apply_policy(TB_ERR_FATAL);

     }

+

+    /* protect the e820 map */

+    base = TBOOT_E820_COPY_ADDR;

+    size = TBOOT_E820_COPY_SIZE;

+    printk("reserving tboot e820 memory map (%Lx - %Lx) in e820 table\n", base,

+       (base + size - 1));

+    if ( !e820_protect_region(base, size, E820_RESERVED) )

+        apply_policy(TB_ERR_FATAL);

 

     /* replace map in mbi with copy */

     replace_e820_map(g_mbi);

<at> <at> -346,6 +354,10 <at> <at> void begin_launch(multiboot_info_t *mbi)

     /* make the CPU ready for measured launch */

     if ( !prepare_cpu() )

         apply_policy(TB_ERR_FATAL);

+

+    /* disable legacy USB #SMIs */

+    if (get_tboot_no_usb())

+        disable_smis();

 

     /* do s3 launch directly, if is a s3 resume */

     if ( s3_flag ) {

<at> <at> -525,8 +537,9 <at> <at> void shutdown(void)

             tpm_save_state(2);

 

         /* scrub any secrets by clearing their memory, then flush cache */

-        /* we don't have any secrets to scrub, however */

-        ;

+        /* scrub memory if requested on the command line */

+        if (get_scrub_e820())

+            e820_scrub_usable();

 

         /* in mwait "mode", APs will be in MONITOR/MWAIT and can be left there */

         if ( !use_mwait() ) {

[diff -up tboot-1.7.2/tboot/include/cmdline.h.orig tboot-1.7.2/tboot/include/cmdline.h

--- tboot-1.7.2/tboot/include/cmdline.h.orig    2012-10-09 14:25:28.155780000 -0700

+++ tboot-1.7.2/tboot/include/cmdline.h   2012-10-09 14:28:59.728551000 -0700

<at> <at> -47,6 +47,8 <at> <at> extern bool get_tboot_serial(void);

extern void get_tboot_baud(void);

extern void get_tboot_fmt(void);

extern void get_tboot_vga_delay(void);

+extern bool get_tboot_no_usb(void);

+extern bool get_scrub_e820(void);

extern bool get_tboot_mwait(void);

extern bool get_tboot_prefer_da(void);

extern void get_tboot_min_ram(void);

diff -up tboot-1.7.2/tboot/include/e820.h.orig tboot-1.7.2/tboot/include/e820.h

--- tboot-1.7.2/tboot/include/e820.h.orig 2012-10-09 14:26:00.123106000 -0700

+++ tboot-1.7.2/tboot/include/e820.h      2012-10-09 14:28:48.055068000 -0700

<at> <at> -70,6 +70,7 <at> <at> typedef struct __packed {

 

extern bool copy_e820_map(const multiboot_info_t *mbi);

extern bool e820_protect_region(uint64_t addr, uint64_t size, uint32_t type);

+extern void e820_scrub_usable(void);

extern bool e820_reserve_ram(uint64_t base, uint64_t length);

extern void print_e820_map(void);

extern void replace_e820_map(multiboot_info_t *mbi);

 

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
tboot-devel mailing list
tboot-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
Charles.Fisher | 10 Oct 19:10 2012

USB interrupts and scrubbing e820 memory

Signed-off-by: Charles Fisher <Charles.Fisher <at> gdc4s.com

 

There are a couple of problems that occur with tboot. The first is on some Dell

laptops, it is necessary to disable the legacy usb interrupts. This patch

provides a mechanism to enable a developer to do so.

 

The second problem is that in certain circumstances, data owners consider the

contents of memory to be sensitive. In these cases, they require that the e820

map be scrubbed. The other portion of this patch provides a capability to do

that scrub.

 

Both options are invoked via the command line, and both default to the current

behavior - i.e. don't disable the usb interrupts, and don't scrub the memory.

 

diff -up tboot-1.7.2/tboot/common/acpi.c.orig tboot-1.7.2/tboot/common/acpi.c

--- tboot-1.7.2/tboot/common/acpi.c.orig  2012-10-09 14:26:14.279694000 -0700

+++ tboot-1.7.2/tboot/common/acpi.c 2012-10-09 14:28:59.721553000 -0700

<at> <at> -436,6 +436,15 <at> <at> void set_s3_resume_vector(const tboot_ac

     acpi_printk("wakeup_vector_address = %llx\n", acpi_sinfo->wakeup_vector);

     acpi_printk("wakeup_vector_value = %llxx\n", resume_vector);

+}

+

+void disable_smis(void)

+{

+        printk("disabling legacy USB SMIs\n");

+        uint32_t pmbase = pcireg_cfgread(0, 31, 0, 0x40, 4) & ~1;

+        uint32_t smi_en = inl(pmbase + 0x30);

+        smi_en &= ~0x20008;

+        outl(pmbase + 0x30, smi_en);

}

 /*

diff -up tboot-1.7.2/tboot/common/cmdline.c.orig tboot-1.7.2/tboot/common/cmdline.c

--- tboot-1.7.2/tboot/common/cmdline.c.orig     2012-10-09 14:26:23.724083000 -0700

+++ tboot-1.7.2/tboot/common/cmdline.c    2012-10-09 14:28:59.723556000 -0700

<at> <at> -74,6 +74,8 <at> <at> static const cmdline_option_t g_tboot_cm

     { "ap_wake_mwait", "false" },    /* true|false */

     { "pcr_map", "legacy" },         /* legacy|da */

     { "min_ram", "0" },              /* size in bytes | 0 for no min */

+    { "scrub_e820", "false" },       /* true|false */

+    { "no_usb", "false" },           /* true|false */

     { NULL, NULL }

};

static char g_tboot_param_values[ARRAY_SIZE(g_tboot_cmdline_options)][MAX_VALUE_LEN];

<at> <at> -423,6 +425,15 <at> <at> bool get_tboot_serial(void)

     return parse_serial_param(serial);

}

+bool get_tboot_no_usb(void)

+{

+    const char *no_usb = get_option_val(g_tboot_cmdline_options,

+                                        g_tboot_param_values, "no_usb");

+    if ( no_usb == NULL || (strcmp(no_usb, "true") != 0 ))

+        return false;

+    return true;

+}

+

void get_tboot_vga_delay(void)

{

     const char *vga_delay = get_option_val(g_tboot_cmdline_options,

<at> <at> -433,6 +444,15 <at> <at> void get_tboot_vga_delay(void)

     g_vga_delay = strtoul(vga_delay, NULL, 0);

}

+bool get_scrub_e820(void)

+{

+    const char *clean_map = get_option_val(g_tboot_cmdline_options,

+                                           g_tboot_param_values, "scrub_e820");

+    if ( clean_map == NULL || ( strcmp(clean_map, "true") != 0 ))

+        return false;

+    return true;

+}

+   

 bool get_tboot_prefer_da(void)

{

     const char *value = get_option_val(g_tboot_cmdline_options,

diff -up tboot-1.7.2/tboot/common/e820.c.orig tboot-1.7.2/tboot/common/e820.c

--- tboot-1.7.2/tboot/common/e820.c.orig  2012-10-09 14:27:01.578660000 -0700

+++ tboot-1.7.2/tboot/common/e820.c 2012-10-09 14:28:48.030072000 -0700

<at> <at> -36,10 +36,14 <at> <at>

#include <config.h>

#include <types.h>

#include <stdbool.h>

+#include <compiler.h>

+#include <string.h>

#include <printk.h>

+#include <processor.h>

#include <cmdline.h>

#include <multiboot.h>

#include <stdarg.h>

+#include <paging.h>

#include <misc.h>

#include <pci_cfgreg.h>

#include <e820.h>

<at> <at> -553,6 +557,118 <at> <at> bool e820_reserve_ram(uint64_t base, uin

     return true;

}

+/* Define the virtual address page used to scrub memory     */

+/* tboot data is in page 0 of virtual and physical memory   */

+/* tboot code is on page 4 of virtual an physical memory    */

+/* These are the only pages that can't be used.             */

+/* Define a page that provides a little distance from these */

+/* ALL usable memory is erased by calling memset with       */

+/* the same virtual address. The virtual address is mapped  */

+/* to the proper physical address prior calling memset      */

+/* Page 8 is used for this version                          */

+/* This page is virtual address space 0x01000000            */

+/* With this address, the address space being erased is     */

+/* always in the range 0x01000000 - 0x011FFFFF              */

+#define SCRUB_VIRUTAL_ADDRESS 0x01000000

+#define SCRUB_BLOCK_SIZE (1 << TB_L1_PAGETABLE_SHIFT)

+#define SCRUB_BLOCK_OFFSET (SCRUB_BLOCK_SIZE - 1)

+

+/*

+ * e820_scrub_usable

+ *

+ * Scrub all e820 memory marked as usable.

+ *

+ */

+void e820_scrub_usable(void)

+{

+    printk("scrubbing memory\n");

+

+    /* Enable paging */

+    enable_paging();

+

+    /* Iterate the e820 map */

+    for ( unsigned int i = 0; i < g_nr_map; i++ ) {

+        /* Get the block start and length */

+        memory_map_t *entry = &g_copy_e820_map[i];

+        uint64_t block_start = e820_base_64(entry);

+        uint64_t block_length = e820_length_64(entry);

+

+        /* Is block a usable block? */

+        if(entry->type == E820_RAM) {

+            /* Erase the block */

+            printk("%016Lx - %016Lx\n",

+               (unsigned long long)block_start,

+               (unsigned long long)(block_start + block_length));

+

+            /* Loop over block by physical 'page' */

+            while(block_length > 0) {

+                /*

+                 *

+                 * Map the physical address at block_start to

+                 * virtual address SCRUB_VIRUTAL_ADDRESS

+                 * Since the physical address is specified as a page

+                 * the block does not need to start on a page boundary.

+                 *

+                 */

+                map_pages_to_tboot(

+                    SCRUB_VIRUTAL_ADDRESS,

+                    block_start>>TB_L1_PAGETABLE_SHIFT,

+                    1);

+

+                /*

+                 *

+                 * If block_start is not on a page boundary,

+                 * erase the block from the offset to the end of page.

+                 *

+                 */

+                uint32_t scrub_block_offset = block_start & SCRUB_BLOCK_OFFSET;

+

+                /*

+                 *

+                 * The starting virtual address is the

+                 * SCRUB_VIRUTAL_ADDRESS plus any offset

+                 *

+                 */

+                uint32_t scrub_block_virtual_address =

+                    SCRUB_VIRUTAL_ADDRESS + scrub_block_offset;

+

+                /*

+                 *

+                 * Determine the block size.

+                 * The block size is from the start address to the

+                 * end of the page or block.

+                 *

+                 */

+                uint32_t scrub_block_length =

+                    SCRUB_BLOCK_SIZE - scrub_block_offset;

+                if(scrub_block_length > block_length)

+                    scrub_block_length = block_length;

+

+                /*

+                 *

+                 * The page is mapped.

+                 * The starting virual address and length have been computed.

+                 * Ready to erase.

+                 *

+                 */

+                memset(

+                    (void*)scrub_block_virtual_address,

+                    0,

+                    scrub_block_length);

+

+                /* Advance to the next page */

+                block_length -= scrub_block_length;

+                block_start  += scrub_block_length;

+

+            }

+        }

+    }

+

+    disable_paging();

+    wbinvd();

+    printk("complete\n");

+}

+

void print_e820_map(void)

{

     print_map(g_copy_e820_map, g_nr_map);

diff -up tboot-1.7.2/tboot/common/tboot.c.orig tboot-1.7.2/tboot/common/tboot.c

--- tboot-1.7.2/tboot/common/tboot.c.orig 2012-10-09 14:26:33.211480000 -0700

+++ tboot-1.7.2/tboot/common/tboot.c      2012-10-09 14:28:59.726554000 -0700

<at> <at> -207,6 +207,14 <at> <at> static void post_launch(void)

         if ( !e820_protect_region(base, size, E820_RESERVED) )

             apply_policy(TB_ERR_FATAL);

     }

+

+    /* protect the e820 map */

+    base = TBOOT_E820_COPY_ADDR;

+    size = TBOOT_E820_COPY_SIZE;

+    printk("reserving tboot e820 memory map (%Lx - %Lx) in e820 table\n", base,

+       (base + size - 1));

+    if ( !e820_protect_region(base, size, E820_RESERVED) )

+        apply_policy(TB_ERR_FATAL);

     /* replace map in mbi with copy */

     replace_e820_map(g_mbi);

<at> <at> -346,6 +354,10 <at> <at> void begin_launch(multiboot_info_t *mbi)

     /* make the CPU ready for measured launch */

     if ( !prepare_cpu() )

         apply_policy(TB_ERR_FATAL);

+

+    /* disable legacy USB #SMIs */

+    if (get_tboot_no_usb())

+        disable_smis();

     /* do s3 launch directly, if is a s3 resume */

     if ( s3_flag ) {

<at> <at> -525,8 +537,9 <at> <at> void shutdown(void)

             tpm_save_state(2);

         /* scrub any secrets by clearing their memory, then flush cache */

-        /* we don't have any secrets to scrub, however */

-        ;

+        /* scrub memory if requested on the command line */

+        if (get_scrub_e820())

+            e820_scrub_usable();

         /* in mwait "mode", APs will be in MONITOR/MWAIT and can be left there */

         if ( !use_mwait() ) {

[diff -up tboot-1.7.2/tboot/include/cmdline.h.orig tboot-1.7.2/tboot/include/cmdline.h

--- tboot-1.7.2/tboot/include/cmdline.h.orig    2012-10-09 14:25:28.155780000 -0700

+++ tboot-1.7.2/tboot/include/cmdline.h   2012-10-09 14:28:59.728551000 -0700

<at> <at> -47,6 +47,8 <at> <at> extern bool get_tboot_serial(void);

extern void get_tboot_baud(void);

extern void get_tboot_fmt(void);

extern void get_tboot_vga_delay(void);

+extern bool get_tboot_no_usb(void);

+extern bool get_scrub_e820(void);

extern bool get_tboot_mwait(void);

extern bool get_tboot_prefer_da(void);

extern void get_tboot_min_ram(void);

diff -up tboot-1.7.2/tboot/include/e820.h.orig tboot-1.7.2/tboot/include/e820.h

--- tboot-1.7.2/tboot/include/e820.h.orig 2012-10-09 14:26:00.123106000 -0700

+++ tboot-1.7.2/tboot/include/e820.h      2012-10-09 14:28:48.055068000 -0700

<at> <at> -70,6 +70,7 <at> <at> typedef struct __packed {

 extern bool copy_e820_map(const multiboot_info_t *mbi);

extern bool e820_protect_region(uint64_t addr, uint64_t size, uint32_t type);

+extern void e820_scrub_usable(void);

extern bool e820_reserve_ram(uint64_t base, uint64_t length);

extern void print_e820_map(void);

extern void replace_e820_map(multiboot_info_t *mbi);

 

 

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
tboot-devel mailing list
tboot-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
Charles.Fisher | 22 Oct 19:06 2012

USB interrupts and scrubbing e820 memory

Patch {1/2]

Signed-off-by: Charles Fisher <Charles.Fisher <at> gdc4s.com

 

There are a couple of problems that occur with tboot. The first is on some Dell

laptops, it is necessary to disable the legacy usb interrupts. This patch

provides a mechanism to enable a developer to do so.

 

The second problem is that in certain circumstances, data owners consider the

contents of memory to be sensitive. In these cases, they require that the e820

map be scrubbed. The other portion of this patch provides a capability to do

that scrub.

 

Both options are invoked via the command line, and both default to the current

behavior - i.e. don't disable the usb interrupts, and don't scrub the memory.

 

diff -up tboot-1.7.2/tboot/common/acpi.c.orig tboot-1.7.2/tboot/common/acpi.c

--- tboot-1.7.2/tboot/common/acpi.c.orig  2012-10-09 14:26:14.279694000 -0700

+++ tboot-1.7.2/tboot/common/acpi.c 2012-10-09 14:28:59.721553000 -0700

<at> <at> -436,6 +436,15 <at> <at> void set_s3_resume_vector(const tboot_ac

 

     acpi_printk("wakeup_vector_address = %llx\n", acpi_sinfo->wakeup_vector);

     acpi_printk("wakeup_vector_value = %llxx\n", resume_vector);

+}

+

+void disable_smis(void)

+{

+        printk("disabling legacy USB SMIs\n");

+        uint32_t pmbase = pcireg_cfgread(0, 31, 0, 0x40, 4) & ~1;

+        uint32_t smi_en = inl(pmbase + 0x30);

+        smi_en &= ~0x20008;

+        outl(pmbase + 0x30, smi_en);

}

 

 /*

diff -up tboot-1.7.2/tboot/common/cmdline.c.orig tboot-1.7.2/tboot/common/cmdline.c

--- tboot-1.7.2/tboot/common/cmdline.c.orig     2012-10-09 14:26:23.724083000 -0700

+++ tboot-1.7.2/tboot/common/cmdline.c    2012-10-09 14:28:59.723556000 -0700

<at> <at> -74,6 +74,8 <at> <at> static const cmdline_option_t g_tboot_cm

     { "ap_wake_mwait", "false" },    /* true|false */

     { "pcr_map", "legacy" },         /* legacy|da */

     { "min_ram", "0" },              /* size in bytes | 0 for no min */

+    { "scrub_e820", "false" },       /* true|false */

+    { "no_usb", "false" },           /* true|false */

     { NULL, NULL }

};

static char g_tboot_param_values[ARRAY_SIZE(g_tboot_cmdline_options)][MAX_VALUE_LEN];

<at> <at> -423,6 +425,15 <at> <at> bool get_tboot_serial(void)

     return parse_serial_param(serial);

}

 

+bool get_tboot_no_usb(void)

+{

+    const char *no_usb = get_option_val(g_tboot_cmdline_options,

+                                        g_tboot_param_values, "no_usb");

+    if ( no_usb == NULL || (strcmp(no_usb, "true") != 0 ))

+        return false;

+    return true;

+}

+

void get_tboot_vga_delay(void)

{

     const char *vga_delay = get_option_val(g_tboot_cmdline_options,

<at> <at> -433,6 +444,15 <at> <at> void get_tboot_vga_delay(void)

     g_vga_delay = strtoul(vga_delay, NULL, 0);

}

 

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
tboot-devel mailing list
tboot-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
Charles.Fisher | 22 Oct 19:02 2012

USB interrupts and scrubbing e820 memory

Patch {1/2]

Signed-off-by: Charles Fisher <Charles.Fisher <at> gdc4s.com

 

There are a couple of problems that occur with tboot. The first is on some Dell

laptops, it is necessary to disable the legacy usb interrupts. This patch

provides a mechanism to enable a developer to do so.

 

The second problem is that in certain circumstances, data owners consider the

contents of memory to be sensitive. In these cases, they require that the e820

map be scrubbed. The other portion of this patch provides a capability to do

that scrub.

 

Both options are invoked via the command line, and both default to the current

behavior - i.e. don't disable the usb interrupts, and don't scrub the memory.

 

diff -up tboot-1.7.2/tboot/common/acpi.c.orig tboot-1.7.2/tboot/common/acpi.c

--- tboot-1.7.2/tboot/common/acpi.c.orig  2012-10-09 14:26:14.279694000 -0700

+++ tboot-1.7.2/tboot/common/acpi.c 2012-10-09 14:28:59.721553000 -0700

<at> <at> -436,6 +436,15 <at> <at> void set_s3_resume_vector(const tboot_ac

 

     acpi_printk("wakeup_vector_address = %llx\n", acpi_sinfo->wakeup_vector);

     acpi_printk("wakeup_vector_value = %llxx\n", resume_vector);

+}

+

+void disable_smis(void)

+{

+        printk("disabling legacy USB SMIs\n");

+        uint32_t pmbase = pcireg_cfgread(0, 31, 0, 0x40, 4) & ~1;

+        uint32_t smi_en = inl(pmbase + 0x30);

+        smi_en &= ~0x20008;

+        outl(pmbase + 0x30, smi_en);

}

 

 /*

diff -up tboot-1.7.2/tboot/common/cmdline.c.orig tboot-1.7.2/tboot/common/cmdline.c

--- tboot-1.7.2/tboot/common/cmdline.c.orig     2012-10-09 14:26:23.724083000 -0700

+++ tboot-1.7.2/tboot/common/cmdline.c    2012-10-09 14:28:59.723556000 -0700

<at> <at> -74,6 +74,8 <at> <at> static const cmdline_option_t g_tboot_cm

     { "ap_wake_mwait", "false" },    /* true|false */

     { "pcr_map", "legacy" },         /* legacy|da */

     { "min_ram", "0" },              /* size in bytes | 0 for no min */

+    { "scrub_e820", "false" },       /* true|false */

+    { "no_usb", "false" },           /* true|false */

     { NULL, NULL }

};

static char g_tboot_param_values[ARRAY_SIZE(g_tboot_cmdline_options)][MAX_VALUE_LEN];

<at> <at> -423,6 +425,15 <at> <at> bool get_tboot_serial(void)

     return parse_serial_param(serial);

}

 

+bool get_tboot_no_usb(void)

+{

+    const char *no_usb = get_option_val(g_tboot_cmdline_options,

+                                        g_tboot_param_values, "no_usb");

+    if ( no_usb == NULL || (strcmp(no_usb, "true") != 0 ))

+        return false;

+    return true;

+}

+

void get_tboot_vga_delay(void)

{

     const char *vga_delay = get_option_val(g_tboot_cmdline_options,

<at> <at> -433,6 +444,15 <at> <at> void get_tboot_vga_delay(void)

     g_vga_delay = strtoul(vga_delay, NULL, 0);

}

 

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
tboot-devel mailing list
tboot-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
Charles.Fisher | 22 Oct 19:09 2012

FW: USB interrupts and scrubbing e820 memory

Here is the real patch 2/2.

 

Patch [2/2]

 

Signed-off-by: Charles Fisher <Charles.Fisher <at> gdc4s.com

 

There are a couple of problems that occur with tboot. The first is on some Dell

laptops, it is necessary to disable the legacy usb interrupts. This patch

provides a mechanism to enable a developer to do so.

 

The second problem is that in certain circumstances, data owners consider the

contents of memory to be sensitive. In these cases, they require that the e820

map be scrubbed. The other portion of this patch provides a capability to do

that scrub.

 

Both options are invoked via the command line, and both default to the current

behavior - i.e. don't disable the usb interrupts, and don't scrub the memory.

 

+bool get_scrub_e820(void)

+{

+    const char *clean_map = get_option_val(g_tboot_cmdline_options,

+                                           g_tboot_param_values, "scrub_e820");

+    if ( clean_map == NULL || ( strcmp(clean_map, "true") != 0 ))

+        return false;

+    return true;

+}

+   

 bool get_tboot_prefer_da(void)

{

     const char *value = get_option_val(g_tboot_cmdline_options,

diff -up tboot-1.7.2/tboot/common/e820.c.orig tboot-1.7.2/tboot/common/e820.c

--- tboot-1.7.2/tboot/common/e820.c.orig  2012-10-09 14:27:01.578660000 -0700

+++ tboot-1.7.2/tboot/common/e820.c 2012-10-09 14:28:48.030072000 -0700

<at> <at> -36,10 +36,14 <at> <at>

#include <config.h>

#include <types.h>

#include <stdbool.h>

+#include <compiler.h>

+#include <string.h>

#include <printk.h>

+#include <processor.h>

#include <cmdline.h>

#include <multiboot.h>

#include <stdarg.h>

+#include <paging.h>

#include <misc.h>

#include <pci_cfgreg.h>

#include <e820.h>

<at> <at> -553,6 +557,118 <at> <at> bool e820_reserve_ram(uint64_t base, uin

     return true;

}

 

+/* Define the virtual address page used to scrub memory     */

+/* tboot data is in page 0 of virtual and physical memory   */

+/* tboot code is on page 4 of virtual an physical memory    */

+/* These are the only pages that can't be used.             */

+/* Define a page that provides a little distance from these */

+/* ALL usable memory is erased by calling memset with       */

+/* the same virtual address. The virtual address is mapped  */

+/* to the proper physical address prior calling memset      */

+/* Page 8 is used for this version                          */

+/* This page is virtual address space 0x01000000            */

+/* With this address, the address space being erased is     */

+/* always in the range 0x01000000 - 0x011FFFFF              */

+#define SCRUB_VIRUTAL_ADDRESS 0x01000000

+#define SCRUB_BLOCK_SIZE (1 << TB_L1_PAGETABLE_SHIFT)

+#define SCRUB_BLOCK_OFFSET (SCRUB_BLOCK_SIZE - 1)

+

+/*

+ * e820_scrub_usable

+ *

+ * Scrub all e820 memory marked as usable.

+ *

+ */

+void e820_scrub_usable(void)

+{

+    printk("scrubbing memory\n");

+

+    /* Enable paging */

+    enable_paging();

+

+    /* Iterate the e820 map */

+    for ( unsigned int i = 0; i < g_nr_map; i++ ) {

+        /* Get the block start and length */

+        memory_map_t *entry = &g_copy_e820_map[i];

+        uint64_t block_start = e820_base_64(entry);

+        uint64_t block_length = e820_length_64(entry);

+

+        /* Is block a usable block? */

+        if(entry->type == E820_RAM) {

+            /* Erase the block */

+            printk("%016Lx - %016Lx\n",

+               (unsigned long long)block_start,

+               (unsigned long long)(block_start + block_length));

+

+            /* Loop over block by physical 'page' */

+            while(block_length > 0) {

+                /*

+                 *

+                 * Map the physical address at block_start to

+                 * virtual address SCRUB_VIRUTAL_ADDRESS

+                 * Since the physical address is specified as a page

+                 * the block does not need to start on a page boundary.

+                 *

+                 */

+                map_pages_to_tboot(

+                    SCRUB_VIRUTAL_ADDRESS,

+                    block_start>>TB_L1_PAGETABLE_SHIFT,

+                    1);

+

+                /*

+                 *

+                 * If block_start is not on a page boundary,

+                 * erase the block from the offset to the end of page.

+                 *

+                 */

+                uint32_t scrub_block_offset = block_start & SCRUB_BLOCK_OFFSET;

+

+                /*

+                 *

+                 * The starting virtual address is the

+                 * SCRUB_VIRUTAL_ADDRESS plus any offset

+                 *

+                 */

+                uint32_t scrub_block_virtual_address =

+                    SCRUB_VIRUTAL_ADDRESS + scrub_block_offset;

+

+                /*

+                 *

+                 * Determine the block size.

+                 * The block size is from the start address to the

+                 * end of the page or block.

+                 *

+                 */

+                uint32_t scrub_block_length =

+                    SCRUB_BLOCK_SIZE - scrub_block_offset;

+                if(scrub_block_length > block_length)

+                    scrub_block_length = block_length;

+

+                /*

+                 *

+                 * The page is mapped.

+                 * The starting virual address and length have been computed.

+                 * Ready to erase.

+                 *

+                 */

+                memset(

+                    (void*)scrub_block_virtual_address,

+                    0,

+                    scrub_block_length);

+

+                /* Advance to the next page */

+                block_length -= scrub_block_length;

+                block_start  += scrub_block_length;

+

+            }

+        }

+    }

+

+    disable_paging();

+    wbinvd();

+    printk("complete\n");

+}

+

void print_e820_map(void)

{

     print_map(g_copy_e820_map, g_nr_map);

diff -up tboot-1.7.2/tboot/common/tboot.c.orig tboot-1.7.2/tboot/common/tboot.c

--- tboot-1.7.2/tboot/common/tboot.c.orig 2012-10-09 14:26:33.211480000 -0700

+++ tboot-1.7.2/tboot/common/tboot.c      2012-10-09 14:28:59.726554000 -0700

<at> <at> -207,6 +207,14 <at> <at> static void post_launch(void)

         if ( !e820_protect_region(base, size, E820_RESERVED) )

             apply_policy(TB_ERR_FATAL);

     }

+

+    /* protect the e820 map */

+    base = TBOOT_E820_COPY_ADDR;

+    size = TBOOT_E820_COPY_SIZE;

+    printk("reserving tboot e820 memory map (%Lx - %Lx) in e820 table\n", base,

+       (base + size - 1));

+    if ( !e820_protect_region(base, size, E820_RESERVED) )

+        apply_policy(TB_ERR_FATAL);

 

     /* replace map in mbi with copy */

     replace_e820_map(g_mbi);

<at> <at> -346,6 +354,10 <at> <at> void begin_launch(multiboot_info_t *mbi)

     /* make the CPU ready for measured launch */

     if ( !prepare_cpu() )

         apply_policy(TB_ERR_FATAL);

+

+    /* disable legacy USB #SMIs */

+    if (get_tboot_no_usb())

+        disable_smis();

 

     /* do s3 launch directly, if is a s3 resume */

     if ( s3_flag ) {

<at> <at> -525,8 +537,9 <at> <at> void shutdown(void)

             tpm_save_state(2);

 

         /* scrub any secrets by clearing their memory, then flush cache */

-        /* we don't have any secrets to scrub, however */

-        ;

+        /* scrub memory if requested on the command line */

+        if (get_scrub_e820())

+            e820_scrub_usable();

 

         /* in mwait "mode", APs will be in MONITOR/MWAIT and can be left there */

         if ( !use_mwait() ) {

[diff -up tboot-1.7.2/tboot/include/cmdline.h.orig tboot-1.7.2/tboot/include/cmdline.h

--- tboot-1.7.2/tboot/include/cmdline.h.orig    2012-10-09 14:25:28.155780000 -0700

+++ tboot-1.7.2/tboot/include/cmdline.h   2012-10-09 14:28:59.728551000 -0700

<at> <at> -47,6 +47,8 <at> <at> extern bool get_tboot_serial(void);

extern void get_tboot_baud(void);

extern void get_tboot_fmt(void);

extern void get_tboot_vga_delay(void);

+extern bool get_tboot_no_usb(void);

+extern bool get_scrub_e820(void);

extern bool get_tboot_mwait(void);

extern bool get_tboot_prefer_da(void);

extern void get_tboot_min_ram(void);

diff -up tboot-1.7.2/tboot/include/e820.h.orig tboot-1.7.2/tboot/include/e820.h

--- tboot-1.7.2/tboot/include/e820.h.orig 2012-10-09 14:26:00.123106000 -0700

+++ tboot-1.7.2/tboot/include/e820.h      2012-10-09 14:28:48.055068000 -0700

<at> <at> -70,6 +70,7 <at> <at> typedef struct __packed {

 

extern bool copy_e820_map(const multiboot_info_t *mbi);

extern bool e820_protect_region(uint64_t addr, uint64_t size, uint32_t type);

+extern void e820_scrub_usable(void);

extern bool e820_reserve_ram(uint64_t base, uint64_t length);

extern void print_e820_map(void);

extern void replace_e820_map(multiboot_info_t *mbi);

 

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
tboot-devel mailing list
tboot-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
Charles.Fisher | 22 Oct 19:22 2012

USB interrupts and scrubbing e820 memory

Patch [1/2]

Signed-off-by: Charles Fisher <Charles.Fisher <at> gdc4s.com

 

There are a couple of problems that occur with tboot. The first is on some Dell

laptops, it is necessary to disable the legacy usb interrupts. This patch

provides a mechanism to enable a developer to do so.

 

The second problem is that in certain circumstances, data owners consider the

contents of memory to be sensitive. In these cases, they require that the e820

map be scrubbed. The other portion of this patch provides a capability to do

that scrub.

 

Both options are invoked via the command line, and both default to the current

behavior - i.e. don't disable the usb interrupts, and don't scrub the memory.

 

diff -up tboot-1.7.2/tboot/common/acpi.c.orig tboot-1.7.2/tboot/common/acpi.c

--- tboot-1.7.2/tboot/common/acpi.c.orig  2012-10-09 14:26:14.279694000 -0700

+++ tboot-1.7.2/tboot/common/acpi.c 2012-10-09 14:28:59.721553000 -0700

<at> <at> -436,6 +436,15 <at> <at> void set_s3_resume_vector(const tboot_ac

 

     acpi_printk("wakeup_vector_address = %llx\n", acpi_sinfo->wakeup_vector);

     acpi_printk("wakeup_vector_value = %llxx\n", resume_vector);

+}

+

+void disable_smis(void)

+{

+        printk("disabling legacy USB SMIs\n");

+        uint32_t pmbase = pcireg_cfgread(0, 31, 0, 0x40, 4) & ~1;

+        uint32_t smi_en = inl(pmbase + 0x30);

+        smi_en &= ~0x20008;

+        outl(pmbase + 0x30, smi_en);

}

 

 /*

diff -up tboot-1.7.2/tboot/common/cmdline.c.orig tboot-1.7.2/tboot/common/cmdline.c

--- tboot-1.7.2/tboot/common/cmdline.c.orig     2012-10-09 14:26:23.724083000 -0700

+++ tboot-1.7.2/tboot/common/cmdline.c    2012-10-09 14:28:59.723556000 -0700

<at> <at> -74,6 +74,8 <at> <at> static const cmdline_option_t g_tboot_cm

     { "ap_wake_mwait", "false" },    /* true|false */

     { "pcr_map", "legacy" },         /* legacy|da */

     { "min_ram", "0" },              /* size in bytes | 0 for no min */

+    { "scrub_e820", "false" },       /* true|false */

+    { "no_usb", "false" },           /* true|false */

     { NULL, NULL }

};

static char g_tboot_param_values[ARRAY_SIZE(g_tboot_cmdline_options)][MAX_VALUE_LEN];

<at> <at> -423,6 +425,15 <at> <at> bool get_tboot_serial(void)

     return parse_serial_param(serial);

}

 

+bool get_tboot_no_usb(void)

+{

+    const char *no_usb = get_option_val(g_tboot_cmdline_options,

+                                        g_tboot_param_values, "no_usb");

+    if ( no_usb == NULL || (strcmp(no_usb, "true") != 0 ))

+        return false;

+    return true;

+}

+

void get_tboot_vga_delay(void)

{

     const char *vga_delay = get_option_val(g_tboot_cmdline_options,

<at> <at> -433,6 +444,15 <at> <at> void get_tboot_vga_delay(void)

     g_vga_delay = strtoul(vga_delay, NULL, 0);

}

 

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
tboot-devel mailing list
tboot-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
Ning Qu | 17 Oct 02:15 2012
Picon

does tboot must know TPM srk and owner password

Already setup TPM trusted boot with Linux Kernel, seems whenever I change the tboot binary/parameters or kernel binary/parameters, the boot will fail as expected.


However, I do see some logging information that indicates tboot might use seal operations, or try to write tpm nv ram, e.g.

TBOOT: TPM: write nv 20000002, offset 00000000, 00000004 bytes, return = 00000002^M
TBOOT: Error: write TPM error: 0x2.

TBOOT: TPM: seal data, return value = 00000001^M
TBOOT: failed to seal data

TBOOT: creation or verification of S3 measurements failed.  Why tboot needs to seal something after/for verification? In that case, is there any other way to pass the TPM password to tboot instead of simply setting it as all zero?
Best wishes,
--
Ning Qu
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
tboot-devel mailing list
tboot-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
Wei, Gang | 16 Oct 11:10 2012
Picon

OpenAttestation project v1.5 released

https://github.com/OpenAttestation/OpenAttestation.git

Key Changes since launched:
	Add supports for Ubuntu & SuSE OSes
	Simplified RESTful based Query API
	New WhiteList Manager Service API
	Reference CLI Curl scripts for API access

Enjoy it!

Jimmy
Attachment (smime.p7s): application/pkcs7-signature, 11 KiB
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
tboot-devel mailing list
tboot-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
Qiaowei Ren | 11 Oct 12:11 2012
Picon

[PATCH v2] x86: add a new SMP bring up way for tboot case

tboot provides a better AP wakeup mechanism based on cpu MWAIT feature for
OS/VMM. With this mechanism, system will boot faster and will NOT require
VT to be enabled. But it requires that OS/VMM must have support it, otherwise
system can never boot up.

Once this mechanism is enabled, tboot will put APs waiting in MWAIT loops
before launching kernel. kernel can check the new flag field in v6 tboot
shared page for the hint. If the bit TB_FLAG_AP_WAKE_SUPPORT in flag field
is set, kernel BSP has to write the monitored memory (tboot->ap_wake_trigger)
to bring APs out of MWAIT loops. The sipi vector should be written in
tboot->ap_wake_addr before waking up APs.

Signed-off-by: Qiaowei Ren <qiaowei.ren <at> intel.com>
Signed-off-by: Xiaoyan Zhang <xiaoyan.zhang <at> intel.com>
Signed-off-by: Gang Wei <gang.wei <at> intel.com>
---
 arch/x86/kernel/smpboot.c |   21 +++++++++++----------
 arch/x86/kernel/tboot.c   |   17 +++++++++++++++++
 include/linux/tboot.h     |   17 +++++++++++++++++
 3 files changed, 45 insertions(+), 10 deletions(-)

diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
index c80a33b..884c3e7 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
 <at>  <at>  -662,8 +662,7  <at>  <at>  static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
 	/* start_ip had better be page-aligned! */
 	unsigned long start_ip = real_mode_header->trampoline_start;

-	unsigned long boot_error = 0;
-	int timeout;
+	int timeout, boot_error = 0;

 	/* Just in case we booted with a single CPU. */
 	alternatives_enable_smp();
 <at>  <at>  -710,14 +709,16  <at>  <at>  static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
 		}
 	}

-	/*
-	 * Kick the secondary CPU. Use the method in the APIC driver
-	 * if it's defined - or use an INIT boot APIC message otherwise:
-	 */
-	if (apic->wakeup_secondary_cpu)
-		boot_error = apic->wakeup_secondary_cpu(apicid, start_ip);
-	else
-		boot_error = wakeup_secondary_cpu_via_init(apicid, start_ip);
+	if (!tboot_wake_up(apicid, start_ip)) {
+		/*
+		 * Kick the secondary CPU. Use the method in the APIC driver
+		 * if it's defined - or use an INIT boot APIC message otherwise:
+		 */
+		if (apic->wakeup_secondary_cpu)
+			boot_error = apic->wakeup_secondary_cpu(apicid, start_ip);
+		else
+			boot_error = wakeup_secondary_cpu_via_init(apicid, start_ip);
+	}

 	if (!boot_error) {
 		/*
diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c
index f84fe00..e5e50b8 100644
--- a/arch/x86/kernel/tboot.c
+++ b/arch/x86/kernel/tboot.c
 <at>  <at>  -101,6 +101,8  <at>  <at>  void __init tboot_probe(void)
 	pr_debug("shutdown_entry: 0x%x\n", tboot->shutdown_entry);
 	pr_debug("tboot_base: 0x%08x\n", tboot->tboot_base);
 	pr_debug("tboot_size: 0x%x\n", tboot->tboot_size);
+	if (tboot->version >= 6)
+		pr_info("flags: 0x%08x\n", tboot->flags);
 }

 static pgd_t *tboot_pg_dir;
 <at>  <at>  -453,3 +455,18  <at>  <at>  int tboot_force_iommu(void)

 	return 1;
 }
+
+int tboot_wake_up(int apicid, unsigned long sipi_vec)
+{
+	if (!tboot_enabled())
+		return 0;
+
+	if ((tboot->version < 6) ||
+	    !(tboot->flags & TB_FLAG_AP_WAKE_SUPPORT))
+		return 0;
+
+	tboot->ap_wake_addr = sipi_vec;
+	tboot->ap_wake_trigger = apicid;
+
+	return 1;
+}
diff --git a/include/linux/tboot.h b/include/linux/tboot.h
index c75128b..d65f7e9 100644
--- a/include/linux/tboot.h
+++ b/include/linux/tboot.h
 <at>  <at>  -124,8 +124,23  <at>  <at>  struct tboot {

 	/* number of processors in wait-for-SIPI */
 	u32 num_in_wfs;
+
+	/*
+	 * version 6+ fields:
+	 */
+
+	u32 flags;
+
+	/* phys addr of kernel/VMM SIPI vector */
+	u64 ap_wake_addr;
+
+	/* kernel/VMM writes APIC ID to wake AP */
+	u32 ap_wake_trigger;
 } __packed;

+/* kernel/VMM use INIT-SIPI-SIPI if clear, ap_wake_* if set */
+#define TB_FLAG_AP_WAKE_SUPPORT 0X00000001
+
 /*
  * UUID for tboot data struct to facilitate matching
  * defined as {663C8DFF-E8B3-4b82-AABF-19EA4D057A08} by tboot, which is
 <at>  <at>  -146,6 +161,7  <at>  <at>  extern void tboot_shutdown(u32 shutdown_type);
 extern struct acpi_table_header *tboot_get_dmar_table(
 				      struct acpi_table_header *dmar_tbl);
 extern int tboot_force_iommu(void);
+extern int tboot_wake_up(int apicid, unsigned long sipi_vec);

 #else

 <at>  <at>  -156,6 +172,7  <at>  <at>  extern int tboot_force_iommu(void);
 					do { } while (0)
 #define tboot_get_dmar_table(dmar_tbl)	(dmar_tbl)
 #define tboot_force_iommu()		0
+#define tboot_wake_up(apicid, sipi_vec) 0

 #endif /* !CONFIG_INTEL_TXT */

--

-- 
1.7.9.5


Gmane