Xen project Mailing List

[PATCH v3 03/22] x86/boot: add MLE header and Secure Launch entry point

From: Sergii Dmytruk <sergii.dmytruk@xxxxxxxxx>

Date: Fri, 30 May 2025 16:17:45 +0300

Authentication-results: garm.ovh; auth=pass (GARM-101G00483e32f39-353f-424e-a8fc-ffe6f4f47263, A4E380CC922F0B59227EC5DCC46884561651840B) smtp.auth=sergii.dmytruk@xxxxxxxxx

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, trenchboot-devel@xxxxxxxxxxxxxxxx

Delivery-date: Fri, 30 May 2025 13:18:45 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

From: Kacper Stojek <kacper.stojek@xxxxxxxxx> Signed-off-by: Kacper Stojek <kacper.stojek@xxxxxxxxx> Signed-off-by: Krystian Hebel <krystian.hebel@xxxxxxxxx> Signed-off-by: Sergii Dmytruk <sergii.dmytruk@xxxxxxxxx> --- docs/hypervisor-guide/x86/how-xen-boots.rst | 5 ++ xen/arch/x86/boot/head.S | 53 +++++++++++++++++++++ 2 files changed, 58 insertions(+) diff --git a/docs/hypervisor-guide/x86/how-xen-boots.rst b/docs/hypervisor-guide/x86/how-xen-boots.rst index 8b3229005c..050fe9c61f 100644 --- a/docs/hypervisor-guide/x86/how-xen-boots.rst +++ b/docs/hypervisor-guide/x86/how-xen-boots.rst @@ -55,6 +55,11 @@ If ``CONFIG_PVH_GUEST`` was selected at build time, an Elf note is included which indicates the ability to use the PVH boot protocol, and registers ``__pvh_start`` as the entrypoint, entered in 32bit mode. +A combination of Multiboot 2 and MLE headers is used to implement DRTM for +legacy (BIOS) boot. The separate entry point is used mainly to differentiate +from other kinds of boots. It moves a magic number to EAX before jumping into +common startup code. + xen.gz ~~~~~~ diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S index 77bb7a9e21..a69107bd81 100644 --- a/xen/arch/x86/boot/head.S +++ b/xen/arch/x86/boot/head.S @@ -4,6 +4,7 @@ #include <public/xen.h> #include <asm/asm_defns.h> #include <asm/fixmap.h> +#include <asm/intel-txt.h> #include <asm/page.h> #include <asm/processor.h> #include <asm/msr-index.h> @@ -126,6 +127,25 @@ multiboot2_header: .size multiboot2_header, . - multiboot2_header .type multiboot2_header, @object + .balign 16 +mle_header: + .long 0x9082ac5a /* UUID0 */ + .long 0x74a7476f /* UUID1 */ + .long 0xa2555c0f /* UUID2 */ + .long 0x42b651cb /* UUID3 */ + .long 0x00000034 /* MLE header size */ + .long 0x00020002 /* MLE version 2.2 */ + .long (slaunch_stub_entry - start) /* Linear entry point of MLE (SINIT virt. address) */ + .long 0x00000000 /* First valid page of MLE */ + .long 0x00000000 /* Offset within binary of first byte of MLE */ + .long (_end - start) /* Offset within binary of last byte + 1 of MLE */ + .long 0x00000723 /* Bit vector of MLE-supported capabilities */ + .long 0x00000000 /* Starting linear address of command line (unused) */ + .long 0x00000000 /* Ending linear address of command line (unused) */ + + .size mle_header, .-mle_header + .type mle_header, @object + .section .init.rodata, "a", @progbits .Lbad_cpu_msg: .asciz "ERR: Not a 64-bit CPU!" @@ -332,6 +352,38 @@ cs32_switch: /* Jump to earlier loaded address. */ jmp *%edi + /* + * Entry point for TrenchBoot Secure Launch on Intel TXT platforms. + * + * CPU is in 32b protected mode with paging disabled. On entry: + * - %ebx = %eip = MLE entry point, + * - stack pointer is undefined, + * - CS is flat 4GB code segment, + * - DS, ES, SS, FS and GS are undefined according to TXT SDG, but this + * would make it impossible to initialize GDTR, because GDT base must + * be relocated in the descriptor, which requires write access that + * CS doesn't provide. Instead we have to assume that DS is set by + * SINIT ACM as flat 4GB data segment. + * + * Additional restrictions: + * - some MSRs are partially cleared, among them IA32_MISC_ENABLE, so + * some capabilities might be reported as disabled even if they are + * supported by CPU + * - interrupts (including NMIs and SMIs) are disabled and must be + * enabled later + * - trying to enter real mode results in reset + * - APs must be brought up by MONITOR or GETSEC[WAKEUP], depending on + * which is supported by a given SINIT ACM + */ +slaunch_stub_entry: + /* Calculate the load base address. */ + mov %ebx, %esi + sub $sym_offs(slaunch_stub_entry), %esi + + /* Mark Secure Launch boot protocol and jump to common entry. */ + mov $SLAUNCH_BOOTLOADER_MAGIC, %eax + jmp .Lset_stack + #ifdef CONFIG_PVH_GUEST ELFNOTE(Xen, XEN_ELFNOTE_PHYS32_ENTRY, .long sym_offs(__pvh_start)) @@ -371,6 +423,7 @@ __start: /* Restore the clobbered field. */ mov %edx, (%ebx) +.Lset_stack: /* Set up stack. */ lea STACK_SIZE - CPUINFO_sizeof + sym_esi(cpu0_stack), %esp -- 2.49.0

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.