Commit graph

124 commits

Author SHA1 Message Date
Matthew Garrett
f4f4e3c715 verifiers: Core TPM support
Add support for performing basic TPM measurements. Right now this only
supports extending PCRs statically and only on UEFI. In future we might
want to have some sort of mechanism for choosing which events get logged
to which PCRs, but this seems like a good default policy and we can wait
to see whether anyone  has a use case before adding more complexity.

Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-09-21 16:43:54 -04:00
Juergen Gross
d87a8ebb48 xen: Init memory regions for PVH
Add all usable memory regions to grub memory management and add the
needed mmap iterate code, which will be used by grub core (e.g.
grub-core/lib/relocator.c or grub-core/mmap/mmap.c).

As we are running in 32-bit mode don't add memory above 4GB.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
2020-09-21 13:57:20 -04:00
Juergen Gross
036b001beb xen: Setup Xen specific data for PVH
Initialize the needed Xen specific data. This is:

- the Xen start of day page containing the console and Xenstore ring
  page PFN and event channel
- the grant table
- the shared info page

Write back the possibly modified memory map to the hypervisor in case
the guest is reading it from there again.

Set the RSDP address for the guest from the start_info page passed
as boot parameter.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
2020-09-21 13:57:20 -04:00
Juergen Gross
ad37d8a89e xen: Get memory map from hypervisor for PVH
Retrieve the memory map from the hypervisor and normalize it to contain
no overlapping entries and to be sorted by address.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
2020-09-21 13:57:20 -04:00
Juergen Gross
d0c68baa5b xen: Setup hypercall page for PVH
Add the needed code to setup the hypercall page for calling into the
Xen hypervisor.

Import the XEN_HVM_DEBUGCONS_IOPORT define from Xen unstable into
include/xen/arch-x86/xen.h

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
2020-09-21 13:57:20 -04:00
Juergen Gross
590dd77f55 xen: Add PVH boot entry code
Add the code for the Xen PVH mode boot entry.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
2020-09-21 13:57:20 -04:00
Juergen Gross
21d8017ace xen: Add basic hooks for PVH in current code
Add the hooks to current code needed for Xen PVH. They will be filled
with code later when the related functionality is being added.

loader/i386/linux.c needs to include machine/kernel.h now as it needs
to get GRUB_KERNEL_USE_RSDP_ADDR from there. This in turn requires to
add an empty kernel.h header for some i386 platforms (efi, coreboot,
ieee1275, xen) and for x86_64 efi.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
2020-09-21 13:57:20 -04:00
Juergen Gross
ef5fcec192 xen: Prepare common code for Xen PVH support
Some common code needs to be special cased for Xen PVH mode. This hits
mostly Xen PV mode specific areas.

Split include/grub/i386/pc/int_types.h off from
include/grub/i386/pc/int.h to support including this file later from
xen_pvh code without the grub_bios_interrupt definition.

Move definition of struct grub_e820_mmap_entry from
grub-core/mmap/i386/pc/mmap.c to include/grub/i386/memory.h in order
to make it usable from xen_pvh code.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
2020-09-21 13:46:35 -04:00
David E. Box
bee9cdaa2b tsc: Change default tsc calibration method to pmtimer on EFI systems
On efi systems, make pmtimer based tsc calibration the default over the
pit. This prevents Grub from hanging on Intel SoC systems that power gate
the pit.

Signed-off-by: David E. Box <david.e.box@linux.intel.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-09-21 12:16:25 -04:00
Vladimir Serbinenko
9ec5094213 coreboot: Split parts that are platform-independent.
We currently assume that coreboot is always i386, it's no longer the case,
so split i386-coreboot parts from generic coreboot code.
2020-09-21 11:32:45 -04:00
David Michael
e576eb0cbc Merge remote-tracking branch 'upstream/master' 2017-01-23 14:02:45 -08:00
Matthew Garrett
bf25cda14e Make TPM errors less fatal
Handle TPM errors, and stop trying to use the TPM once we hit one.
2016-10-13 14:01:52 -07:00
Vladimir Serbinenko
25492a0f04 Add wbinvd around bios call.
Via C3 has problems with cache coherency when transitioning between the modes,
so flush it around bios calls.
2016-02-14 08:34:10 +01:00
Vladimir Serbinenko
d9a3bfead8 Split pmtimer wait and tsc measurement from pmtimer tsc calibration. 2016-02-12 11:40:51 +01:00
Vladimir Serbinenko
1933d37371 Make grub_cpu_is_tsc_supported generally available. 2016-02-12 11:38:51 +01:00
Vladimir Serbinenko
b29638222e Make grub_acpi_find_fadt accessible generically 2016-02-12 11:35:48 +01:00
Matthew Garrett
858f763466 Core TPM support
Add support for performing basic TPM measurements. Right now this only
supports extending PCRs statically and only on UEFI and BIOS systems, but
will measure all modules as they're loaded.
2016-01-05 14:35:05 -08:00
Michael Chang
a03c1034f6 i386: fix TSC calibration using PIT
Condition was accidentally reversed, so PIT calibration always failed
when PIT was present and always succeeded when PIT was missing, but in
the latter case resulted in absurdly fast clock.

Reported and tested by Vitaly Kuznetsov <vkuznets@redhat.com>
2015-12-01 18:49:38 +03:00
Vladimir Serbinenko
d43a5ee651 tsc: Use alternative delay sources whenever appropriate.
PIT isn't available on some of new hardware including Hyper-V. So
use pmtimer for calibration. Moreover pmtimer calibration is faster, so
use it on coreboor where booting time is important.

Based on patch by Michael Chang.
2015-11-27 11:39:55 +01:00
Vladimir Serbinenko
50ebc8f5f3 i386/tsc: Fix unused function warning on xen. 2015-02-22 13:12:44 +01:00
Vladimir Serbinenko
3c6043245e qemu: Switch to more portable .org
Binary is checked identical.
2015-02-21 20:13:58 +01:00
Vladimir Serbinenko
e62ca2a870 qemu: Fix compilation 2015-02-21 19:55:53 +01:00
Vladimir Serbinenko
44ff462e83 Remove realmode.S from coreboot and qemu.
It's not used there.
2015-02-21 19:53:18 +01:00
Vladimir Serbinenko
37353f0ae5 i386: Remove needless ADDR32 prefixes when address is known and fixed.
Shaves off 6 bytes in lzma_decompress.img.
2015-02-21 17:38:56 +01:00
Vladimir Serbinenko
f571dc1af8 i386: Move from explicit ADDR32/DATA32 prefixes to instruction suffixes.
Is more portable.
Binary is unchanged (verified).
2015-02-21 17:13:23 +01:00
Vladimir Serbinenko
21f22c7107 i386/pc/mmap: Fix memset size.
Found by: Coverity scan.
2015-01-26 09:38:11 +01:00
Vladimir Serbinenko
2e62352bc2 * grub-core/kern/i386/tsc.c (calibrate_tsc): Ensure that
no division by 0 occurs.
2015-01-21 17:42:14 +01:00
Vladimir Serbinenko
bec35dad2a * grub-core/kern/i386/pc/mmap.c: Fallback to EISA memory map
if E820 failed to return any regions.
2014-02-28 10:07:11 +01:00
Vladimir Serbinenko
f94b2b4eeb * grub-core/kern/i386/coreboot/mmap.c: Filter out 0xa0000-0x100000
region.
2014-02-28 09:47:57 +01:00
Vladimir Serbinenko
093dec7370 Don't abort() on unavailable coreboot tables if not running on coreboot. 2013-12-28 17:25:14 +01:00
Vladimir Serbinenko
60d1dd3d72 Remove grub_bios_interrupt on coreboot.
It's not used currently and cannot be used safely currently.
2013-12-17 12:54:11 +01:00
Vladimir Serbinenko
316c8d9a18 Make grub_xen_hypercall on i386 cdecl rather than stdcall to avoid
linker trying to "fixup" the code.
2013-12-16 18:10:50 +01:00
Vladimir Serbinenko
8fa2627942 * grub-core/kern/i386/coreboot/cbtable.c: Use char * arithmetic rather
than converting to long.
2013-12-15 14:24:34 +01:00
Vladimir Serbinenko
7e47e27bd8 Add gcc_struct to all packed structures when compiling with mingw.
Just "packed" doesn't always pack the way we expect.
2013-12-15 14:14:30 +01:00
Vladimir Serbinenko
6a5fe1328b * grub-core/kern/i386/qemu/init.c (resource): Decrease struct size
by using bitfields.
2013-12-14 23:15:47 +01:00
Vladimir Serbinenko
8c534b85f1 Revamp relocation handling.
Move more code to common dl.c. Add missing veneers for arm and arm64.
	Decreases kernel size by 70 bytes on i386-pc (40-50 compressed)
2013-12-06 09:18:55 +01:00
Vladimir Serbinenko
bb6e299ccb * grub-core/kern/i386/qemu/init.c: Remove variable length arrays. 2013-12-04 09:48:36 +01:00
Vladimir Serbinenko
1bba40f578 Move common BIOS/coreboot memory map declarations to
include/grub/i386/memory_raw.h and eliminate duplicate declarations.
2013-11-23 12:39:21 +01:00
Vladimir Serbinenko
631187be8c Add missing includes of loader.h. 2013-11-11 02:30:09 +01:00
Vladimir Serbinenko
9612ebc00e Add new ports: i386-xen and x86_64-xen. This allows running GRUB in
XEN PV environment and load kernels.
2013-11-09 21:29:11 +01:00
Vladimir Serbinenko
c81acb7ff3 Consolidate cpuid code. 2013-10-27 00:02:01 +02:00
Vladimir Serbinenko
c1bee64676 Move cpuid code to cpuid.h and TSC code to tsc.c. 2013-10-26 23:39:10 +02:00
Vladimir 'phcoder' Serbinenko
fc3182c799 * grub-core/kern/i386/pc/mmap.c (grub_machine_mmap_iterate): Pass
unknown types through.
2013-10-19 01:01:36 +02:00
Vladimir 'phcoder' Serbinenko
2af2353b0a * grub-core/kern/i386/coreboot/init.c: Fix compilation on
i386-multiboot.
2013-08-14 10:43:10 +02:00
Vladimir 'phcoder' Serbinenko
e6930a454d Enable coreboot information commands even when not loaded as
coreboot payload (e.g. when loaded from SeaBIOS-as-payload).
2013-06-16 01:57:55 +02:00
Vladimir 'phcoder' Serbinenko
fc4c4fddf6 Detach optional parts of gfxterm and integrate in with coreboot init. 2013-05-31 00:42:33 +02:00
Vladimir 'phcoder' Serbinenko
96f33fed86 Make PCI init in i386-qemu port more robust. 2013-04-29 15:09:39 +02:00
Vladimir 'phcoder' Serbinenko
6a7fb94bfb Replace the region at 0 from coreboot tables to available in BSD
memory map.
2013-03-25 10:23:04 +01:00
Vladimir 'phcoder' Serbinenko
cc19857a2a New commands cbmemc, lscoreboot, coreboot_boottime to inspect
coreboot tables content. Support for cbmemc.
2013-03-20 17:13:31 +01:00
Vladimir 'phcoder' Serbinenko
5341c0fbfc Avoid costly 64-bit division in grub_get_time_ms on most platforms. 2013-03-10 17:45:38 +01:00