Xen project Mailing List

[PATCH v2 17/22] x86/acpi: disallow S3 on Secure Launch boot

From: Sergii Dmytruk <sergii.dmytruk@xxxxxxxxx>

Date: Tue, 13 May 2025 20:05:54 +0300

Authentication-results: garm.ovh; auth=pass (GARM-106R006702d9b2a-3705-4bfd-8582-94ee596064ad, 0F27B6D195039ACFBDF5EC7F2AC12BEA7E98F15C) smtp.auth=sergii.dmytruk@xxxxxxxxx

Cc: Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, trenchboot-devel@xxxxxxxxxxxxxxxx

Delivery-date: Tue, 13 May 2025 17:12:15 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Secure Launch won't initiate DRTM on S3 resume (the code for starting DRTM is not part of Xen), so abort a request to perform S3 suspend to not lose the state of DRTM PCRs. Signed-off-by: Sergii Dmytruk <sergii.dmytruk@xxxxxxxxx> --- xen/arch/x86/acpi/power.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 3196a33b19..81eb8f705a 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -28,6 +28,7 @@ #include <asm/irq.h> #include <asm/microcode.h> #include <asm/prot-key.h> +#include <asm/slaunch.h> #include <asm/spec_ctrl.h> #include <asm/tboot.h> #include <asm/trampoline.h> @@ -357,6 +358,13 @@ int acpi_enter_sleep(const struct xenpf_enter_acpi_sleep *sleep) PAGE_SIZE - acpi_sinfo.vector_width / 8)) ) return -EOPNOTSUPP; + /* Secure Launch won't initiate DRTM on S3 resume, so abort S3 suspend. */ + if ( sleep->sleep_state == ACPI_STATE_S3 && slaunch_active ) + { + printk(XENLOG_INFO "SLAUNCH: refusing switching into ACPI S3 state.\n"); + return -EPERM; + } + if ( sleep->flags & XENPF_ACPI_SLEEP_EXTENDED ) { if ( !acpi_sinfo.sleep_control.address || -- 2.49.0

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.