Add patches for Intel TXT support

Signed-off-by: Tomasz Żyjewski <[email protected]>

0001-xen-arch-x86-boot-Add-MLE-header-and-file-for-new-en.patch

@@ -0,0 +1,56 @@
+From 6daf42b8dad661ffe935950fe6afc97ea2dba4a7 Mon Sep 17 00:00:00 2001
+From: Kacper Stojek <[email protected]>
+Date: Wed, 31 Aug 2022 15:03:51 +0200
+Subject: [PATCH 01/19] xen/arch/x86/boot: Add MLE header and file for new
+ entry point
+
+Signed-off-by: Kacper Stojek <[email protected]>
+---
+ xen/arch/x86/boot/head.S | 24 ++++++++++++++++++++++++
+ 1 file changed, 24 insertions(+)
+
+diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S
+index 0fb7dd3029f2..640054edcc84 100644
+--- a/xen/arch/x86/boot/head.S
++++ b/xen/arch/x86/boot/head.S
+@@ -113,6 +113,25 @@ multiboot2_header:
+         .size multiboot2_header, . - multiboot2_header
+         .type multiboot2_header, @object
+
++        .balign 16
++mle_header:
++        .long	0x9082ac5a  /* UUID0 */
++        .long	0x74a7476f  /* UUID1 */
++        .long	0xa2555c0f  /* UUID2 */
++        .long	0x42b651cb  /* UUID3 */
++        .long   0x00000034  /* MLE header size */
++        .long	0x00020002  /* MLE version 2.2 */
++        .long   sym_offs(sl_stub_entry)  /* Linear entry point of MLE (virt. address) */
++        .long   0x00000000  /* First valid page of MLE */
++        .long   0x00000000  /* Offset within binary of first byte of MLE */
++        .long   0x00000000  /* Offset within binary of last byte + 1 of MLE */
++        .long   0x00000223  /* Bit vector of MLE-supported capabilities */
++        .long   0x00000000  /* Starting linear address of command line (unused) */
++        .long   0x00000000  /* Ending linear address of command line (unused) */
++
++        .size mle_header, .-mle_header
++        .type mle_header, @object
++
+         .section .init.rodata, "a", @progbits
+
+ .Lbad_cpu_msg: .asciz "ERR: Not a 64-bit CPU!"
+@@ -378,6 +397,11 @@ cs32_switch:
+         /* Jump to earlier loaded address. */
+         jmp     *%edi
+
++
++sl_stub_entry:
++
++        jmp __start
++
+ #ifdef CONFIG_PVH_GUEST
+ ELFNOTE(Xen, XEN_ELFNOTE_PHYS32_ENTRY, .long sym_offs(__pvh_start))
+
+-- 
+2.25.1
+

0002-xen-arch-x86-reserve-TXT-memory.patch

@@ -0,0 +1,177 @@
+From 6311bd378e3cc3950ad7e81d58e976ccb6b46de1 Mon Sep 17 00:00:00 2001
+From: Kacper Stojek <[email protected]>
+Date: Fri, 2 Sep 2022 08:11:43 +0200
+Subject: [PATCH 02/19] xen/arch/x86: reserve TXT memory
+
+---
+ xen/arch/x86/Makefile                |  1 +
+ xen/arch/x86/boot/head.S             |  8 +++++
+ xen/arch/x86/include/asm/intel_txt.h | 18 ++++++++++
+ xen/arch/x86/include/asm/setup.h     |  2 ++
+ xen/arch/x86/intel_txt.c             | 53 ++++++++++++++++++++++++++++
+ xen/arch/x86/setup.c                 |  6 ++++
+ 6 files changed, 88 insertions(+)
+ create mode 100644 xen/arch/x86/include/asm/intel_txt.h
+ create mode 100644 xen/arch/x86/intel_txt.c
+
+diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile
+index 177a2ff74272..312932d50f02 100644
+--- a/xen/arch/x86/Makefile
++++ b/xen/arch/x86/Makefile
+@@ -55,6 +55,7 @@ obj-y += percpu.o
+ obj-y += physdev.o
+ obj-$(CONFIG_COMPAT) += x86_64/physdev.o
+ obj-y += psr.o
++obj-y += intel_txt.o
+ obj-y += setup.o
+ obj-y += shutdown.o
+ obj-y += smp.o
+diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S
+index 640054edcc84..b93f16380714 100644
+--- a/xen/arch/x86/boot/head.S
++++ b/xen/arch/x86/boot/head.S
+@@ -400,6 +400,14 @@ cs32_switch:
+
+ sl_stub_entry:
+
++        /* Calculate the load base address. */
++        call    1f
++1:      pop     %esi
++        sub     $sym_offs(1b), %esi
++
++        /* Save information that TrenchBoot slaunch was used. */
++        movl $1, sym_esi(sl_status)
++
+         jmp __start
+
+ #ifdef CONFIG_PVH_GUEST
+diff --git a/xen/arch/x86/include/asm/intel_txt.h b/xen/arch/x86/include/asm/intel_txt.h
+new file mode 100644
+index 000000000000..c591e57ca54c
+--- /dev/null
++++ b/xen/arch/x86/include/asm/intel_txt.h
+@@ -0,0 +1,18 @@
++/*
++ * TXT configuration registers (offsets from TXT_{PUB, PRIV}_CONFIG_REGS_BASE)
++ */
++
++#define TXT_PUB_CONFIG_REGS_BASE       0xfed30000
++#define TXT_PRIV_CONFIG_REGS_BASE      0xfed20000
++
++/* # pages for each config regs space - used by fixmap */
++#define NR_TXT_CONFIG_PAGES     ((TXT_PUB_CONFIG_REGS_BASE -                \
++                                  TXT_PRIV_CONFIG_REGS_BASE) >> PAGE_SHIFT)
++
++/* offsets from pub/priv config space */
++#define TXTCR_SINIT_BASE            0x0270
++#define TXTCR_SINIT_SIZE            0x0278
++#define TXTCR_HEAP_BASE             0x0300
++#define TXTCR_HEAP_SIZE             0x0308
++
++void protect_txt_mem_regions(void);
+diff --git a/xen/arch/x86/include/asm/setup.h b/xen/arch/x86/include/asm/setup.h
+index 21037b7f3139..aaf12908de54 100644
+--- a/xen/arch/x86/include/asm/setup.h
++++ b/xen/arch/x86/include/asm/setup.h
+@@ -15,6 +15,8 @@ extern uint64_t boot_tsc_stamp;
+
+ extern void *stack_start;
+
++extern unsigned long __initdata sl_status;
++
+ void early_cpu_init(void);
+ void early_time_init(void);
+
+diff --git a/xen/arch/x86/intel_txt.c b/xen/arch/x86/intel_txt.c
+new file mode 100644
+index 000000000000..2b27a18fa5eb
+--- /dev/null
++++ b/xen/arch/x86/intel_txt.c
+@@ -0,0 +1,53 @@
++#include <xen/types.h>
++#include <asm/e820.h>
++#include <xen/string.h>
++#include <asm/page.h>
++
++#include <asm/intel_txt.h>
++
++void protect_txt_mem_regions(void)
++{
++    uint64_t txt_heap_base, txt_heap_size;
++    uint64_t sinit_base, sinit_size;
++    int rc;
++
++    txt_heap_base = txt_heap_size = sinit_base = sinit_size = 0;
++    /* TXT Heap */
++    memcpy(maddr_to_virt(TXT_PUB_CONFIG_REGS_BASE + TXTCR_HEAP_BASE),
++           &txt_heap_base , sizeof(txt_heap_base));
++    memcpy(maddr_to_virt(TXT_PUB_CONFIG_REGS_BASE + TXTCR_HEAP_SIZE),
++           &txt_heap_size , sizeof(txt_heap_size));
++    /* SINIT */
++    memcpy(maddr_to_virt(TXT_PUB_CONFIG_REGS_BASE + TXTCR_SINIT_BASE),
++           &sinit_base , sizeof(sinit_base));
++    memcpy(maddr_to_virt(TXT_PUB_CONFIG_REGS_BASE + TXTCR_SINIT_SIZE),
++           &sinit_size , sizeof(sinit_size));
++
++    /* TXT Heap */
++    if ( txt_heap_base == 0 )
++        return;
++
++    rc = e820_change_range_type(&e820, txt_heap_base,
++                                txt_heap_base + txt_heap_size,
++                                E820_RESERVED, E820_UNUSABLE);
++    if ( !rc )
++        return;
++
++    /* SINIT */
++    if ( sinit_base == 0 )
++        return;
++    rc = e820_change_range_type(&e820, sinit_base,
++                                sinit_base + sinit_size,
++                                E820_RESERVED, E820_UNUSABLE);
++    if ( !rc )
++        return;
++
++    /* TXT Private Space */
++    rc = e820_change_range_type(&e820, TXT_PRIV_CONFIG_REGS_BASE,
++                 TXT_PRIV_CONFIG_REGS_BASE + NR_TXT_CONFIG_PAGES * PAGE_SIZE,
++                 E820_RESERVED, E820_UNUSABLE);
++    if ( !rc )
++        return;
++
++    return;
++}
+diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
+index e05189f64997..864a098e1870 100644
+--- a/xen/arch/x86/setup.c
++++ b/xen/arch/x86/setup.c
+@@ -55,6 +55,7 @@
+ #include <asm/guest.h>
+ #include <asm/microcode.h>
+ #include <asm/pv/domain.h>
++#include <asm/intel_txt.h>
+
+ /* opt_nosmp: If true, secondary processors are ignored. */
+ static bool __initdata opt_nosmp;
+@@ -72,6 +73,8 @@ static bool __initdata opt_invpcid = true;
+ boolean_param("invpcid", opt_invpcid);
+ bool __read_mostly use_invpcid;
+
++unsigned long __initdata sl_status;
++
+ unsigned long __read_mostly cr4_pv32_mask;
+
+ /* **** Linux config option: propagated to domain0. */
+@@ -1143,6 +1146,9 @@ void __init noreturn __start_xen(unsigned long mbi_p)
+     /* Sanitise the raw E820 map to produce a final clean version. */
+     max_page = raw_max_page = init_e820(memmap_type, &e820_raw);
+
++    if ( sl_status )
++        protect_txt_mem_regions();
++
+     if ( !efi_enabled(EFI_BOOT) && e820_raw.nr_map >= 1 )
+     {
+         /*
+-- 
+2.25.1
+