Xen project Mailing List

[PATCH v3 17/22] x86/acpi: disallow S3 on Secure Launch boot

From: Sergii Dmytruk <sergii.dmytruk@xxxxxxxxx>

Date: Fri, 30 May 2025 16:17:59 +0300

Authentication-results: garm.ovh; auth=pass (GARM-114S00895dc382f-a550-4f6b-b404-f0cac4229ca3, A4E380CC922F0B59227EC5DCC46884561651840B) smtp.auth=sergii.dmytruk@xxxxxxxxx

Cc: Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, trenchboot-devel@xxxxxxxxxxxxxxxx

Delivery-date: Fri, 30 May 2025 13:23:21 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Secure Launch won't initiate DRTM on S3 resume (the code for starting DRTM is not part of Xen), so abort a request to perform S3 suspend to not lose the state of DRTM PCRs. Signed-off-by: Sergii Dmytruk <sergii.dmytruk@xxxxxxxxx> --- xen/arch/x86/acpi/power.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 448aa9f3a7..6a53c6718c 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -28,6 +28,7 @@ #include <asm/irq.h> #include <asm/microcode.h> #include <asm/prot-key.h> +#include <asm/slaunch.h> #include <asm/spec_ctrl.h> #include <asm/tboot.h> #include <asm/trampoline.h> @@ -356,6 +357,13 @@ int acpi_enter_sleep(const struct xenpf_enter_acpi_sleep *sleep) PAGE_SIZE - acpi_sinfo.vector_width / 8)) ) return -EOPNOTSUPP; + /* Secure Launch won't initiate DRTM on S3 resume, so abort S3 suspend. */ + if ( sleep->sleep_state == ACPI_STATE_S3 && slaunch_active ) + { + printk(XENLOG_INFO "SLAUNCH: refusing switching into ACPI S3 state.\n"); + return -EPERM; + } + if ( sleep->flags & XENPF_ACPI_SLEEP_EXTENDED ) { if ( !acpi_sinfo.sleep_control.address || -- 2.49.0

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.