1109-i386-slaunch-Add-basic-platform-support-for-secure-l.patch

From 615f29aac919a2fdaa6f9187569c8854ca1acf03 Mon Sep 17 00:00:00 2001
From: Ross Philipson <ross.philipson@oracle.com>
Date: Wed, 7 Aug 2019 13:50:14 -0400
Subject: [PATCH] i386/slaunch: Add basic platform support for secure launch

Some of the commands declared in header files will be implemented in
the follow-up commits.

Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
---
 include/grub/i386/cpuid.h   |  12 ++++
 include/grub/i386/crfr.h    | 127 ++++++++++++++++++++++++++++++++++++
 include/grub/i386/mmio.h    |  72 ++++++++++++++++++++
 include/grub/i386/msr.h     |  63 ++++++++++++++++++
 include/grub/i386/slaunch.h |  62 ++++++++++++++++++
 5 files changed, 336 insertions(+)
 create mode 100644 include/grub/i386/crfr.h
 create mode 100644 include/grub/i386/mmio.h
 create mode 100644 include/grub/i386/slaunch.h

diff --git a/include/grub/i386/cpuid.h b/include/grub/i386/cpuid.h
index f7ae4b0a4641..0ddd87b1544e 100644
--- a/include/grub/i386/cpuid.h
+++ b/include/grub/i386/cpuid.h
@@ -19,6 +19,18 @@
 #ifndef GRUB_CPU_CPUID_HEADER
 #define GRUB_CPU_CPUID_HEADER 1
 
+/* General  */
+#define GRUB_X86_CPUID_VENDOR		0x00000000
+#define GRUB_X86_CPUID_FEATURES		0x00000001
+/* Intel  */
+#define GRUB_X86_CPUID_FEATURES_ECX_VMX	(1<<5)
+#define GRUB_X86_CPUID_FEATURES_ECX_SMX	(1<<6)
+
+/* AMD  */
+#define GRUB_AMD_CPUID_FEATURES		0x80000001
+#define GRUB_AMD_CPUID_FEATURES_ECX_SVM	(1<<2)
+#define GRUB_AMD_CPUID_FUNC		0x8000000a
+
 extern unsigned char grub_cpuid_has_longmode;
 extern unsigned char grub_cpuid_has_pae;
 
diff --git a/include/grub/i386/crfr.h b/include/grub/i386/crfr.h
new file mode 100644
index 000000000000..2efd42a1767c
--- /dev/null
+++ b/include/grub/i386/crfr.h
@@ -0,0 +1,127 @@
+/*
+ *  GRUB  --  GRand Unified Bootloader
+ *  Copyright (C) 2020  Oracle and/or its affiliates.
+ *
+ *  GRUB is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  GRUB is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with GRUB.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+#ifndef GRUB_CRFR_H
+#define GRUB_CRFR_H 1
+
+#include <grub/types.h>
+
+/* Routines for R/W of control and flags registers */
+
+#define GRUB_CR0_X86_PE		0x00000001 /* Enable Protected Mode */
+#define GRUB_CR0_X86_MP		0x00000002 /* "Math" (FPU) Present */
+#define GRUB_CR0_X86_EM		0x00000004 /* EMulate FPU */
+#define GRUB_CR0_X86_TS		0x00000008 /* Task Switched */
+#define GRUB_CR0_X86_PG		0x80000000 /* Enable PaGing */
+
+#define GRUB_CR0_X86_NE		0x00000020 /* Numeric Error enable (EX16 vs IRQ13) */
+#define GRUB_CR0_X86_WP		0x00010000 /* Write Protect */
+#define GRUB_CR0_X86_AM		0x00040000 /* Alignment Mask */
+#define GRUB_CR0_X86_NW		0x20000000 /* Not Write-through */
+#define GRUB_CR0_X86_CD		0x40000000 /* Cache Disable */
+
+#define GRUB_CR4_X86_VME	0x00000001 /* Virtual 8086 mode extensions */
+#define GRUB_CR4_X86_PVI	0x00000002 /* Protected-mode virtual interrupts */
+#define GRUB_CR4_X86_TSD	0x00000004 /* Time stamp disable */
+#define GRUB_CR4_X86_DE		0x00000008 /* Debugging extensions */
+#define GRUB_CR4_X86_PSE	0x00000010 /* Page size extensions */
+#define GRUB_CR4_X86_PAE	0x00000020 /* Physical address extension */
+#define GRUB_CR4_X86_MCE	0x00000040 /* Enable Machine check enable */
+#define GRUB_CR4_X86_PGE	0x00000080 /* Enable Page global */
+#define GRUB_CR4_X86_PCE	0x00000100 /* Enable Performance monitoring counter */
+#define GRUB_CR4_X86_FXSR	0x00000200 /* Fast FPU save/restore */
+#define GRUB_CR4_X86_XMM	0x00000400 /* Generate #XM instead of #UD for SIMD */
+#define GRUB_CR4_X86_VMXE	0x00002000 /* Enable VMX */
+#define GRUB_CR4_X86_SMXE	0x00004000 /* Enable SMX */
+#define GRUB_CR4_X86_PCIDE	0x00020000 /* Enable PCID */
+
+static inline unsigned long
+grub_read_cr0 (void)
+{
+  unsigned long val;
+
+  asm volatile ("mov %%cr0, %0" : "=r" (val) : : "memory");
+
+  return val;
+}
+
+static inline void
+grub_write_cr0 (unsigned long val)
+{
+  asm volatile ("mov %0, %%cr0" : : "r" (val) : "memory");
+}
+
+static inline unsigned long
+grub_read_cr4 (void)
+{
+  unsigned long val;
+
+  asm volatile ("mov %%cr4, %0" : "=r" (val) : : "memory");
+
+  return val;
+}
+
+static inline void
+grub_write_cr4 (unsigned long val)
+{
+  asm volatile ("mov %0, %%cr4" : : "r" (val) : "memory");
+}
+
+#define GRUB_EFLAGS_X86_CF	0x00000001 /* Carry Flag */
+#define GRUB_EFLAGS_X86_PF	0x00000004 /* Parity Flag */
+#define GRUB_EFLAGS_X86_AF	0x00000010 /* Auxillary carry Flag */
+#define GRUB_EFLAGS_X86_ZF	0x00000040 /* Zero Flag */
+#define GRUB_EFLAGS_X86_SF	0x00000080 /* Sign Flag */
+#define GRUB_EFLAGS_X86_TF	0x00000100 /* Trap Flag */
+#define GRUB_EFLAGS_X86_IF	0x00000200 /* Interrupt Flag */
+#define GRUB_EFLAGS_X86_DF	0x00000400 /* Direction Flag */
+#define GRUB_EFLAGS_X86_OF	0x00000800 /* Overflow Flag */
+#define GRUB_EFLAGS_X86_IOPL	0x00003000 /* IOPL mask */
+#define GRUB_EFLAGS_X86_NT	0x00004000 /* Nested Task */
+#define GRUB_EFLAGS_X86_RF	0x00010000 /* Resume Flag */
+#define GRUB_EFLAGS_X86_VM	0x00020000 /* Virtual Mode */
+#define GRUB_EFLAGS_X86_AC	0x00040000 /* Alignment Check */
+#define GRUB_EFLAGS_X86_VIF	0x00080000 /* Virtual Interrupt Flag */
+#define GRUB_EFLAGS_X86_VIP	0x00100000 /* Virtual Interrupt Pending */
+#define GRUB_EFLAGS_X86_ID	0x00200000 /* CPUID detection flag */
+
+static inline unsigned long
+grub_read_flags_register(void)
+{
+  unsigned long flags;
+
+#ifdef __x86_64__
+  asm volatile ("pushfq; popq %0" : "=r" (flags));
+#else
+  asm volatile ("pushfl; popl %0" : "=r" (flags));
+#endif
+
+  return flags;
+}
+
+static inline void
+grub_write_flags_register(unsigned long flags)
+{
+#ifdef __x86_64__
+  asm volatile ("pushq %0; popfq" : : "r" (flags));
+#else
+  asm volatile ("pushl %0; popfl" : : "r" (flags));
+#endif
+}
+
+#endif
diff --git a/include/grub/i386/mmio.h b/include/grub/i386/mmio.h
new file mode 100644
index 000000000000..97a30f7d8af6
--- /dev/null
+++ b/include/grub/i386/mmio.h
@@ -0,0 +1,72 @@
+/*
+ *  GRUB  --  GRand Unified Bootloader
+ *  Copyright (C) 2020  Oracle and/or its affiliates.
+ *
+ *  GRUB is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  GRUB is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with GRUB.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+#ifndef GRUB_I386_MMIO_H
+#define GRUB_I386_MMIO_H 1
+
+#include <grub/types.h>
+
+static inline grub_uint8_t
+grub_read8 (const grub_addr_t addr)
+{
+  grub_uint8_t val;
+
+  val = (*(volatile grub_uint8_t *) (addr));
+
+  return val;
+}
+
+static inline grub_uint32_t
+grub_read32 (const grub_addr_t addr)
+{
+  grub_uint32_t val;
+
+  val = (*(volatile grub_uint32_t *) (addr));
+
+  return val;
+}
+
+static inline grub_uint64_t
+grub_read64 (const grub_addr_t addr)
+{
+  grub_uint64_t val;
+
+  val = (*(volatile grub_uint64_t *) (addr));
+
+  return val;
+}
+
+static inline void
+grub_write8 (grub_uint8_t val, grub_addr_t addr)
+{
+  (*(volatile grub_uint8_t *) (addr)) = val;
+}
+
+static inline void
+grub_write32 (grub_uint32_t val, grub_addr_t addr)
+{
+  (*(volatile grub_uint32_t *) (addr)) = val;
+}
+
+static inline void
+grub_write64 (grub_uint64_t val, grub_addr_t addr)
+{
+  (*(volatile grub_uint64_t *) (addr)) = val;
+}
+
+#endif /* GRUB_I386_MMIO_H */
diff --git a/include/grub/i386/msr.h b/include/grub/i386/msr.h
index 1e838c022f41..52c923ab94ac 100644
--- a/include/grub/i386/msr.h
+++ b/include/grub/i386/msr.h
@@ -2,6 +2,9 @@
  *  GRUB  --  GRand Unified Bootloader
  *  Copyright (C) 2019  Free Software Foundation, Inc.
  *
+ *  Some definitions in this header are extracted from the Trusted Computing
+ *  Group's "TPM Main Specification", Parts 1-3.
+ *
  *  GRUB is free software: you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
  *  the Free Software Foundation, either version 3 of the License, or
@@ -19,6 +22,64 @@
 #ifndef GRUB_I386_MSR_H
 #define GRUB_I386_MSR_H 1
 
+/* General */
+#define GRUB_MSR_X86_PLATFORM_ID	0x00000017
+
+#define GRUB_MSR_X86_APICBASE		0x0000001b
+#define GRUB_MSR_X86_APICBASE_BSP	(1<<8)
+#define GRUB_MSR_X86_APICBASE_ENABLE	(1<<11)
+#define GRUB_MSR_X86_APICBASE_BASE	(0xfffff<<12) /* Mask for APIC base address */
+
+#define GRUB_MSR_X86_FEATURE_CONTROL	0x0000003a
+#define GRUB_MSR_X86_FEATURE_CTRL_LOCK	(1<<0)     /* Lock writes to this register */
+#define GRUB_MSR_X86_ENABLE_VMX_IN_SMX	(1<<1)     /* Enable VMX inside SMX */
+#define GRUB_MSR_X86_ENABLE_VMX_OUT_SMX	(1<<2)     /* Enable VMX outside SMX */
+#define GRUB_MSR_X86_SENTER_FUNCTIONS	(0x7f<<8)  /* Bitmap of SENTER function enables */
+#define GRUB_MSR_X86_SENTER_ENABLE	(1<<15)    /* SENTER global enable */
+
+#define GRUB_MSR_X86_MTRRCAP		0x000000fe
+#define GRUB_MSR_X86_VCNT_MASK		0xff       /* Number of variable MTRRs */
+
+#define GRUB_MSR_X86_MCG_CAP		0x00000179
+#define GRUB_MSR_MCG_BANKCNT_MASK	0xff       /* Number of banks */
+#define GRUB_MSR_X86_MCG_STATUS		0x0000017a
+#define GRUB_MSR_MCG_STATUS_MCIP	(1ULL<<2)  /* MC in progress */
+
+#define GRUB_MSR_X86_MISC_ENABLE	0x000001a0
+#define GRUB_MSR_X86_ENABLE_MONITOR_FSM	(1<<18)
+
+#define GRUB_MSR_X86_MTRR_PHYSBASE0	0x00000200
+#define GRUB_MSR_X86_MTRR_PHYSMASK0	0x00000201
+#define GRUB_MSR_X86_MTRR_PHYSBASE(n)	(GRUB_MSR_X86_MTRR_PHYSBASE0 + 2 * (n))
+#define GRUB_MSR_X86_MTRR_PHYSMASK(n)	(GRUB_MSR_X86_MTRR_PHYSMASK0 + 2 * (n))
+#define GRUB_MSR_X86_BASE_DEF_TYPE_MASK	0xff
+#define GRUB_MSR_X86_MASK_VALID		(1<<11)
+
+#define GRUB_MSR_X86_MTRR_DEF_TYPE	0x000002ff
+#define GRUB_MSR_X86_DEF_TYPE_MASK	0xff
+#define GRUB_MSR_X86_MTRR_ENABLE_FIXED	(1<<10)
+#define GRUB_MSR_X86_MTRR_ENABLE	(1<<11)
+
+#define GRUB_MSR_X86_MC0_STATUS		0x00000401
+
+#define GRUB_MSR_X86_EFER		0xc0000080 /* Extended features */
+#define GRUB_MSR_EFER_LME		(1<<8)     /* Enable Long Mode/IA-32e */
+#define GRUB_MSR_EFER_LMA		(1<<10)    /* Long Mode/IA-32e Active */
+#define GRUB_MSR_EFER_SVME		(1<<12)    /* Enable SVM (AMD-V) */
+
+/* AMD Specific */
+#define GRUB_MSR_AMD64_VM_CR		0xc0010114 /* SVM control register */
+#define GRUB_MSR_SVM_VM_CR_SVM_DISABLE	(1<<4)     /* Disable writes to EFER.SVME */
+
+/* MTRR Specific */
+#define GRUB_MTRR_MEMORY_TYPE_UC	0
+#define GRUB_MTRR_MEMORY_TYPE_WC	1
+#define GRUB_MTRR_MEMORY_TYPE_WT	4
+#define GRUB_MTRR_MEMORY_TYPE_WP	5
+#define GRUB_MTRR_MEMORY_TYPE_WB	6
+
+#ifndef ASM_FILE
+
 #include <grub/err.h>
 #include <grub/i386/cpuid.h>
 #include <grub/types.h>
@@ -71,4 +132,6 @@ grub_wrmsr (grub_uint32_t msr_id, grub_uint64_t msr_value)
   asm volatile ("wrmsr" : : "c" (msr_id), "a" (low), "d" (high));
 }
 
+#endif /* ASM_FILE */
+
 #endif /* GRUB_I386_MSR_H */
diff --git a/include/grub/i386/slaunch.h b/include/grub/i386/slaunch.h
new file mode 100644
index 000000000000..7f7709cda75e
--- /dev/null
+++ b/include/grub/i386/slaunch.h
@@ -0,0 +1,62 @@
+/*
+ *  GRUB  --  GRand Unified Bootloader
+ *  Copyright (C) 2020  Oracle and/or its affiliates.
+ *
+ *  GRUB is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  GRUB is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ *  Main secure launch definitions header file.
+ */
+
+#ifndef GRUB_I386_SLAUNCH_H
+#define GRUB_I386_SLAUNCH_H 1
+
+/* Secure launch platform types. */
+#define SLP_NONE	0
+#define SLP_INTEL_TXT	1
+
+/* PCRs used by Secure launch. */
+#define GRUB_SLAUNCH_CODE_PCR	17
+#define GRUB_SLAUNCH_DATA_PCR	18
+
+#define GRUB_SLAUNCH_TPM_EVT_LOG_SIZE	(8 * GRUB_PAGE_SIZE)
+
+#ifndef ASM_FILE
+
+#include <grub/i386/linux.h>
+#include <grub/types.h>
+
+struct grub_slaunch_params
+{
+  grub_uint32_t boot_params_addr;
+  grub_uint32_t mle_start;
+  grub_uint32_t mle_size;
+  void *mle_ptab_mem;
+  grub_uint64_t mle_ptab_target;
+  grub_uint32_t mle_ptab_size;
+  grub_uint32_t mle_header_offset;
+  grub_uint32_t ap_wake_block;
+  grub_uint32_t ap_wake_block_size;
+  grub_uint32_t dce_base;
+  grub_uint32_t dce_size;
+  grub_uint64_t tpm_evt_log_base;
+  grub_uint32_t tpm_evt_log_size;
+};
+
+extern grub_uint32_t grub_slaunch_platform_type (void);
+extern void *grub_slaunch_module (void);
+extern struct grub_slaunch_params *grub_slaunch_params (void);
+
+#endif /* ASM_FILE */
+
+#endif /* GRUB_I386_SLAUNCH_H */
-- 
2.41.0