diff options
| author | Joseph Cihula <joseph.cihula@intel.com> | 2009-06-30 22:31:02 -0400 |
|---|---|---|
| committer | H. Peter Anvin <hpa@zytor.com> | 2009-07-21 14:49:31 -0400 |
| commit | 840c2baf2d4cdf35ecc3b7fcbba7740f97de30a4 (patch) | |
| tree | e20e6d3809dbab60507ccb71dac74a4f02d4330f /arch/x86/kernel | |
| parent | 3162534069597e34dd0ac9eb711be8dc23835ae7 (diff) | |
x86, intel_txt: Intel TXT reboot/halt shutdown support
Support for graceful handling of kernel reboots after an Intel(R) TXT launch.
Without this patch, attempting to reboot or halt the system will cause the
TXT hardware to lock memory upon system restart because the secrets-in-memory
flag that was set on launch was never cleared. This will in turn cause BIOS
to execute a TXT Authenticated Code Module (ACM) that will scrub all of memory
and then unlock it. Depending on the amount of memory in the system and its type,
this may take some time.
This patch creates a 1:1 address mapping to the tboot module and then calls back
into tboot so that it may properly and securely clean up system state and clear
the secrets-in-memory flag. When it has completed these steps, the tboot module
will reboot or halt the system.
arch/x86/kernel/reboot.c | 8 ++++++++
init/main.c | 3 +++
2 files changed, 11 insertions(+)
Signed-off-by: Joseph Cihula <joseph.cihula@intel.com>
Signed-off-by: Shane Wang <shane.wang@intel.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Diffstat (limited to 'arch/x86/kernel')
| -rw-r--r-- | arch/x86/kernel/reboot.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c index d2d1ce8170f0..9de01c5d9794 100644 --- a/arch/x86/kernel/reboot.c +++ b/arch/x86/kernel/reboot.c | |||
| @@ -24,6 +24,8 @@ | |||
| 24 | # include <asm/iommu.h> | 24 | # include <asm/iommu.h> |
| 25 | #endif | 25 | #endif |
| 26 | 26 | ||
| 27 | #include <asm/tboot.h> | ||
| 28 | |||
| 27 | /* | 29 | /* |
| 28 | * Power off function, if any | 30 | * Power off function, if any |
| 29 | */ | 31 | */ |
| @@ -460,6 +462,8 @@ static void native_machine_emergency_restart(void) | |||
| 460 | if (reboot_emergency) | 462 | if (reboot_emergency) |
| 461 | emergency_vmx_disable_all(); | 463 | emergency_vmx_disable_all(); |
| 462 | 464 | ||
| 465 | tboot_shutdown(TB_SHUTDOWN_REBOOT); | ||
| 466 | |||
| 463 | /* Tell the BIOS if we want cold or warm reboot */ | 467 | /* Tell the BIOS if we want cold or warm reboot */ |
| 464 | *((unsigned short *)__va(0x472)) = reboot_mode; | 468 | *((unsigned short *)__va(0x472)) = reboot_mode; |
| 465 | 469 | ||
| @@ -586,6 +590,8 @@ static void native_machine_halt(void) | |||
| 586 | /* stop other cpus and apics */ | 590 | /* stop other cpus and apics */ |
| 587 | machine_shutdown(); | 591 | machine_shutdown(); |
| 588 | 592 | ||
| 593 | tboot_shutdown(TB_SHUTDOWN_HALT); | ||
| 594 | |||
| 589 | /* stop this cpu */ | 595 | /* stop this cpu */ |
| 590 | stop_this_cpu(NULL); | 596 | stop_this_cpu(NULL); |
| 591 | } | 597 | } |
| @@ -597,6 +603,8 @@ static void native_machine_power_off(void) | |||
| 597 | machine_shutdown(); | 603 | machine_shutdown(); |
| 598 | pm_power_off(); | 604 | pm_power_off(); |
| 599 | } | 605 | } |
| 606 | /* a fallback in case there is no PM info available */ | ||
| 607 | tboot_shutdown(TB_SHUTDOWN_HALT); | ||
| 600 | } | 608 | } |
| 601 | 609 | ||
| 602 | struct machine_ops machine_ops = { | 610 | struct machine_ops machine_ops = { |