[RFC PATCH 0/9] x86: Trenchboot Secure Launch DRTM for AMD SKINIT (Linux)

From: Sergii Dmytruk
Date: Thu Dec 12 2024 - 08:42:57 EST

Next message: Gao Xiang: "[PATCH v2 4/4] erofs: use buffered I/O for file-backed mounts by default"
Previous message: Zijun Hu: "[PATCH v3 9/9] driver core: Introduce device_iter_t for device iterating APIs"
Next in thread: Sergii Dmytruk: "[RFC PATCH 3/9] x86: Secure Launch main header file AMD support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

NOTE: this patch set follows up on Intel TXT DRTM patches that are
currently under review in their 11th version [0]; therefore, it is not
standalone!

The publication of the patches at this point pursues several goals:
- Make anyone tracking upstream aware of the maturity of the support
for AMD SKINIT.
- Collect early feedback on the SKINIT implementation.
- Finally, demonstrate the extensibility of Secure Launch for
incorporating additional platforms.

As the RFC suggest, this series is temporal and will be updated based on
changes made to the initial Secure Launch series. Review comments are
greatly welcomed and will be worked/addressed, but we would caution that
changes to the Secure Launch series will take precedence over review
comments. Once the Secure Launch series is merged, this series will
transition from RFC to a formally submitted series.

-----

The patches extend Secure Launch for legacy and UEFI boots with support
for AMD CPUs and their DRTM in two flavours: SKINIT on its own and SKINIT
with DRTM service running in PSP/ASP.

The code is adjusted to detect CPU type and handle AMD differently.
DRTM-specific differences include:
- lack of registers to pass data from bootloader to DLME, resulting in passing
some information via boot parameters
- a different SLRT entry
- re-enabling GIF
- not sending #INIT to APs
- special handling for TPM event logs to make them "compatible" with TXT logs

-----

[0]: https://lkml.org/lkml/2024/9/13/1396

-----

Jagannathan Raman (1):
psp: Perform kernel portion of DRTM procedures

Michał Żygowski (1):
x86: Implement AMD support for Secure Launch

Ross Philipson (6):
x86: AMD changes for Secure Launch Resource Table header file
x86: Secure Launch main header file AMD support
x86: Split up Secure Launch setup and finalize functions
x86: Prepare CPUs for post SKINIT launch
x86/slmodule: Support AMD SKINIT
x86: AMD changes for EFI stub DRTM launch support

Sergii Dmytruk (1):
Documentation/x86: update Secure Launch for AMD SKINIT

.../secure_launch_details.rst | 83 ++++-
.../secure_launch_overview.rst | 64 ++--
arch/x86/Kconfig | 9 +-
arch/x86/boot/compressed/sl_main.c | 285 ++++++++++++++----
arch/x86/boot/compressed/sl_stub.S | 41 ++-
arch/x86/include/asm/svm.h | 2 +
arch/x86/include/uapi/asm/setup_data.h | 3 +-
arch/x86/kernel/Makefile | 1 +
arch/x86/kernel/setup.c | 2 +-
arch/x86/kernel/sl-psp.c | 239 +++++++++++++++
arch/x86/kernel/slaunch.c | 193 ++++++++++--
arch/x86/kernel/slmodule.c | 158 ++++++++--
arch/x86/kernel/smpboot.c | 15 +-
arch/x86/kernel/traps.c | 4 +
drivers/firmware/efi/libstub/x86-stub.c | 23 +-
drivers/iommu/amd/init.c | 12 +
include/linux/slaunch.h | 83 ++++-
include/linux/slr_table.h | 15 +
18 files changed, 1064 insertions(+), 168 deletions(-)
create mode 100644 arch/x86/kernel/sl-psp.c

base-commit: a74134ba0f244cb8d5d5605699aeca7712631e89
prerequisite-patch-id: d68300fcecfeaf27332858195e334a1802dcf591
--
2.47.1

Next message: Gao Xiang: "[PATCH v2 4/4] erofs: use buffered I/O for file-backed mounts by default"
Previous message: Zijun Hu: "[PATCH v3 9/9] driver core: Introduce device_iter_t for device iterating APIs"
Next in thread: Sergii Dmytruk: "[RFC PATCH 3/9] x86: Secure Launch main header file AMD support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]