diff options
| author | Shane Wang <shane.wang@intel.com> | 2010-03-10 01:36:10 -0500 |
|---|---|---|
| committer | H. Peter Anvin <hpa@zytor.com> | 2010-03-19 16:39:58 -0400 |
| commit | 4bd96a7a8185755b091233b16034c7436cbf57af (patch) | |
| tree | 5a6d1a5014a39f0463c79abda29a482f4dd52dd1 /arch/x86/kernel/tboot.c | |
| parent | a3d3203e4bb40f253b1541e310dc0f9305be7c84 (diff) | |
x86, tboot: Add support for S3 memory integrity protection
This patch adds support for S3 memory integrity protection within an Intel(R)
TXT launched kernel, for all kernel and userspace memory. All RAM used by the
kernel and userspace, as indicated by memory ranges of type E820_RAM and
E820_RESERVED_KERN in the e820 table, will be integrity protected.
The MAINTAINERS file is also updated to reflect the maintainers of the
TXT-related code.
All MACing is done in tboot, based on a complexity analysis and tradeoff.
v3: Compared with v2, this patch adds a check of array size in
tboot.c, and a note to specify which c/s of tboot supports this kind
of MACing in intel_txt.txt.
Signed-off-by: Shane Wang <shane.wang@intel.com>
LKML-Reference: <4B973DDA.6050902@intel.com>
Signed-off-by: Joseph Cihula <joseph.cihula@intel.com>
Acked-by: Pavel Machek <pavel@ucw.cz>
Acked-by: Rafael J. Wysocki <rjw@sisk.pl>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Diffstat (limited to 'arch/x86/kernel/tboot.c')
| -rw-r--r-- | arch/x86/kernel/tboot.c | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c index 86c9f91b48ae..cc2c60474fd0 100644 --- a/arch/x86/kernel/tboot.c +++ b/arch/x86/kernel/tboot.c | |||
| @@ -175,6 +175,9 @@ static void add_mac_region(phys_addr_t start, unsigned long size) | |||
| 175 | struct tboot_mac_region *mr; | 175 | struct tboot_mac_region *mr; |
| 176 | phys_addr_t end = start + size; | 176 | phys_addr_t end = start + size; |
| 177 | 177 | ||
| 178 | if (tboot->num_mac_regions >= MAX_TB_MAC_REGIONS) | ||
| 179 | panic("tboot: Too many MAC regions\n"); | ||
| 180 | |||
| 178 | if (start && size) { | 181 | if (start && size) { |
| 179 | mr = &tboot->mac_regions[tboot->num_mac_regions++]; | 182 | mr = &tboot->mac_regions[tboot->num_mac_regions++]; |
| 180 | mr->start = round_down(start, PAGE_SIZE); | 183 | mr->start = round_down(start, PAGE_SIZE); |
| @@ -184,18 +187,17 @@ static void add_mac_region(phys_addr_t start, unsigned long size) | |||
| 184 | 187 | ||
| 185 | static int tboot_setup_sleep(void) | 188 | static int tboot_setup_sleep(void) |
| 186 | { | 189 | { |
| 190 | int i; | ||
| 191 | |||
| 187 | tboot->num_mac_regions = 0; | 192 | tboot->num_mac_regions = 0; |
| 188 | 193 | ||
| 189 | /* S3 resume code */ | 194 | for (i = 0; i < e820.nr_map; i++) { |
| 190 | add_mac_region(acpi_wakeup_address, WAKEUP_SIZE); | 195 | if ((e820.map[i].type != E820_RAM) |
| 196 | && (e820.map[i].type != E820_RESERVED_KERN)) | ||
| 197 | continue; | ||
| 191 | 198 | ||
| 192 | #ifdef CONFIG_X86_TRAMPOLINE | 199 | add_mac_region(e820.map[i].addr, e820.map[i].size); |
| 193 | /* AP trampoline code */ | 200 | } |
| 194 | add_mac_region(virt_to_phys(trampoline_base), TRAMPOLINE_SIZE); | ||
| 195 | #endif | ||
| 196 | |||
| 197 | /* kernel code + data + bss */ | ||
| 198 | add_mac_region(virt_to_phys(_text), _end - _text); | ||
| 199 | 201 | ||
| 200 | tboot->acpi_sinfo.kernel_s3_resume_vector = acpi_wakeup_address; | 202 | tboot->acpi_sinfo.kernel_s3_resume_vector = acpi_wakeup_address; |
| 201 | 203 | ||