[NOT FOR MERGE] Test ci #20
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
At least GNU ld 2.30 and earlier fail to discard the generic part of .got.plt when no actual entries were allocated. As this section can't be discarded, linker script checks if section's size is what we expect it to be (either empty or 3 * sizeof(long)) and fails otherwise. .got.plt is removed by objcopy when final binary is built. Signed-off-by: Krystian Hebel <[email protected]>
Big, sparsely filled structures don't have to be in measured part of SLB. This change moves them to .bss where they are filled at runtime, after .bss is cleared. Note that pagetables are not moved yet, it will be done in following commit. Signed-off-by: Krystian Hebel <[email protected]>
Pagetables take 7*4K = 28K of space. Building them at runtime means that they won't have to be measured, as long as the code creating them is measured and proper memory protections are in place. Signed-off-by: Krystian Hebel <[email protected]>
To keep amount of data sent to the TPM by SKINIT instruction low, .data section is made empty by moving its contents which is either turned read-only (.rodata), or uninitialized and built at run time (.bss). Linker script asserts that there is no leftover .data. Signed-off-by: Krystian Hebel <[email protected]>
Stack area doesn't need to be measured by SKINIT. Initial %esp always points to the end of SLB, there is no reason to move it from there. Minimal stack size is checked by the code as the amount of available space depends on size of SLRT passed by the bootloader. Signed-off-by: Krystian Hebel <[email protected]>
With reordered sections and most of the data structures built at runtime, size of actual code that has to be measured by TPM can be reduced. As that size field used to specify offset to bootloader data, a new field was added to the header for that purpose. Signed-off-by: Krystian Hebel <[email protected]>
Far return is used, so segment selector and relocated instruction pointer are build on the stack, instead of modifying the code. Signed-off-by: Krystian Hebel <[email protected]>
pm_kernel_entry and zero_page were renamed to dlme_entry and dlme_arg, respectively. Their previous names were valid only for Linux. Signed-off-by: Krystian Hebel <[email protected]>
Linux, Multiboot2 and simple payload don't have overlapping uses for values passed through registers or stack. All of those can be set at the same time. Signed-off-by: Krystian Hebel <[email protected]>
Signed-off-by: Krystian Hebel <[email protected]>
SKL hashes are no longer passed from the bootloader. Measured code and read-only data are not changed, and all other data is created at runtime so SKL is able to measure itself, which it now does. Those hashes are only used for event log entries, PCR was extended as a result of SKINIT instruction on Dynamic Launch Event. Signed-off-by: Krystian Hebel <[email protected]>
This removes different handling between boot protocols. Everything is reduced to one range of consecutive memory for DLME, as well as pointer to the entry point, which is measured to PCR 17 as an offset from DLME base to avoid attacks based on jumping to different parts of DLME. Signed-off-by: Krystian Hebel <[email protected]>
Signed-off-by: Krystian Hebel <[email protected]>
MULTIBOOT2_BOOTLOADER_MAGIC has been moved to defs.h as it is still used in head.S. Signed-off-by: Krystian Hebel <[email protected]>
It used to be defined in boot.h, even though it isn't expected to be ever needed anywhere but in code for handling event log internally. Signed-off-by: Krystian Hebel <[email protected]>
Test for INVALIDATE_ALL completion is now done inside the initialization function, instead of main.c. Function names were changed to better describe what the function does. Comment describing window in anti-DMA security was updated with new finds. Some bugs were fixed: - EventLogInt wasn't properly cleared (it is write-1-to-clear bit) - CmdBufEn was set on transition to the kernel, which didn't clear it before setting up head/tail pointers, which in turn lead to hang (it is listed as undefined behavior in IOMMU specification) - Command buffer tail/head pointer registers were incorrectly masked Signed-off-by: Krystian Hebel <[email protected]>
Release versions of SKL hanged in tis_send(), while versions with serial output worked, most likely thanks to increased delay between DRTM sequence and next TPM command. Apparently, some TPMs don't properly handle setting STS.commandReady when all of the following conditions are met: - TPM has recently finished DRTM sequence (internal work may still be happening at that point, there is no way to be sure), - TPM just transitioned to Idle state (e.g. by changing locality), - STS.commandReady is written periodically before TPM reports it is in Ready state. When all of the above applies, STS.commandReady is always read as 0, as if the TPM restarted transition from Idle to Ready each time it is asked to do so. To work around this, set this bit once and keep checking in a loop until TIMEOUT_B (2 seconds). Well behaving TPM must be able to enter Ready state before that time, if it doesn't, error is returned. Signed-off-by: Krystian Hebel <[email protected]>
This enables SHA tests to check if different compilers produce the same results. Definitions in string.h were moved outside of __STDC_HOSTED__ to avoid compiler warnings (promoted to errors because of -Werror) due to incompatible implicit declaration of built-in functions. Signed-off-by: Krystian Hebel <[email protected]>
-fstrict-aliasing is enabled by default when using optimization levels higher than 1, including -Os. With that option, compiler may assume that object of one type never resides at the same address as object of a different type. Both sha1_final() and sha256_final() used to write message length by casting a pointer to buffer into a pointer to u64, while surrounding code operated on the buffer directly. The problem manifests in GCC 11 and later versions. The commit fixes this issue and another UB caused by unaligned access at the beginning of transformation step by using memcpy() in both cases. Signed-off-by: Krystian Hebel <[email protected]> Signed-off-by: Sergii Dmytruk <[email protected]>
…ssors" This reverts commit 335c103. Without -march=btver2 SKL can be used on AMD 15h or earlier and now that SKL more than fits into 64KiB limit, no need for such options to save a bit of space. Signed-off-by: Sergii Dmytruk <[email protected]>
DEV is specific to a northbridge, so there are multiple of them on systems with several CPU sockets. 0x18 is the device number of the first one with the rest using successive numbers (0x19, 0x1A, etc.). Signed-off-by: Sergii Dmytruk <[email protected]>
Signed-off-by: Krystian Hebel <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.