[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 0/3] x86: Initial Trenchboot/SKINIT support

To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Fri, 15 Jan 2021 23:10:43 +0000
Authentication-results: esa3.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none
Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Marek Kasiewicz <marek.kasiewicz@xxxxxxxxx>, Norbert Kamiński <norbert.kaminski@xxxxxxxxx>, Michal Zygowski <michal.zygowski@xxxxxxxxx>, Piotr Krol <piotr.krol@xxxxxxxx>, Krystian Hebel <krystian.hebel@xxxxxxxxx>, "Daniel P . Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Rich Persaud <persaur@xxxxxxxxx>, Christopher Clark <christopher.w.clark@xxxxxxxxx>
Delivery-date: Fri, 15 Jan 2021 23:11:25 +0000
Ironport-sdr: kWw/S1F1iXVzovzmhBYHuxX6MoSiIf7KKxRMsmf5uZHzG/d9kUdgphrYdYniXZkUsRhKypqQI6 2KbETQnNj5vrz+Ubf0ssfNLLduxLh+3O0tz67Vr80xphsstidPidkDtZ+XtV4HbUPXJxP9IBBs 9w+QGYrJ3L/ZaG3quNblWD6fUI4/LzoOicuCb1U1Bce/SXGjhedm+LPdl3GSVml+QHQKteA/76 b3dvB8Hp9FKP7RBE/oFOS91HGsQVVIKnQi6HHo+rQgV5htYWpqolURfgijO6A9u1j9Ebr9EIEm dNg=
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

The Trenchboot project[0][1] project aims to develop and upstream support for
TCG DRTM support into various open source projects in the ecosystem, to
improve boot security.  Trenchboot has been discussed at previous
XenSummits[2], and the work across the ecosystem is extensively blogged
about[3].

This series forms the start of the work within Xen, and for now simply covers
the ability to boot in the AMD SKINIT/Secure Startup environment.

Full details are available in AMD APM Vol2 15.27 "Secure Startup with SKINIT"

Future work will cover related support for Intel TXT in a non-tboot system,
and the common logic to interact with the TPM and extend the hardware measured
chain of trust into dom0.

[0] https://trenchboot.org/
[1] https://github.com/TrenchBoot/documentation
[2] 
https://www.youtube.com/watch?v=SwByVrw7-08&list=PLYyw7IQjL-zFYmEoZEYswoVuXrHvXAWxj&index=13
[3] https://blog.3mdeb.com/tags/trenchboot/

Andrew Cooper (2):
  x86/smpboot: Re-position the call to tboot_wake_ap()
  x86/smpboot: Allow making an INIT IPI conditional

Norbert Kamiński (1):
  x86: Support booting under Secure Startup via SKINIT

 xen/arch/x86/cpu/common.c        | 32 +++++++++++++
 xen/arch/x86/smpboot.c           | 98 ++++++++++++++++++++++++----------------
 xen/include/asm-x86/cpufeature.h |  1 +
 xen/include/asm-x86/msr-index.h  |  1 +
 xen/include/asm-x86/processor.h  |  6 +++
 5 files changed, 99 insertions(+), 39 deletions(-)

-- 
2.11.0

Follow-Ups:
- [PATCH v2 3/3] x86: Support booting under Secure Startup via SKINIT
  - From: Andrew Cooper
- [PATCH 2.5/3] x86/svm: Reimplement VMRUN/STGI/CLGI with new asm-defns.h infrastructure
  - From: Andrew Cooper
- [PATCH 3/3] x86: Support booting under Secure Startup via SKINIT
  - From: Andrew Cooper
- [PATCH 1/3] x86/smpboot: Re-position the call to tboot_wake_ap()
  - From: Andrew Cooper
- [PATCH 2/3] x86/smpboot: Allow making an INIT IPI conditional
  - From: Andrew Cooper

Prev by Date: [PATCH 1/3] x86/smpboot: Re-position the call to tboot_wake_ap()
Next by Date: [PATCH 3/3] x86: Support booting under Secure Startup via SKINIT
Previous by thread: [qemu-mainline test] 158436: regressions - FAIL
Next by thread: [PATCH 2/3] x86/smpboot: Allow making an INIT IPI conditional
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.