diff --git a/grub-core/loader/i386/multiboot_mbi.c b/grub-core/loader/i386/multiboot_mbi.c index 29dd9cbb7..fe55572a5 100644 --- a/grub-core/loader/i386/multiboot_mbi.c +++ b/grub-core/loader/i386/multiboot_mbi.c @@ -756,3 +756,9 @@ grub_multiboot_set_bootdev (void) | ((part & 0xff) << 8) | 0xff; bootdev_set = 1; } + +void +grub_multiboot_add_slrt_policy_entries (void) +{ + /* No Secure Launch for this version of Multiboot. */ +} diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c index b3c9800f7..95593d411 100644 --- a/grub-core/loader/multiboot.c +++ b/grub-core/loader/multiboot.c @@ -50,6 +50,7 @@ #include #include #include +#include #if defined (__i386__) || defined (__x86_64__) #include #include @@ -162,25 +163,42 @@ efi_boot (struct grub_relocator *rel __attribute__ ((unused)), #endif #if defined (__i386__) || defined (__x86_64__) +#ifdef GRUB_USE_MULTIBOOT2 +static grub_err_t +grub_multiboot2_init_slparams (struct grub_slaunch_params *slparams) +{ + grub_err_t err; + grub_relocator_chunk_t ch; + + err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch, + 0x1000000, + 0xffffffff - GRUB_PAGE_SIZE, + GRUB_PAGE_SIZE, GRUB_PAGE_SIZE, + GRUB_RELOCATOR_PREFERENCE_NONE, 1); + if (err) + return grub_error (err, N_("Cannot allocate memory for SLR table")); + + slparams->slr_table_base = get_physical_target_address (ch); + slparams->slr_table_size = GRUB_PAGE_SIZE; + slparams->slr_table_mem = get_virtual_current_address (ch); + + grub_memset (slparams->slr_table_mem, 0, slparams->slr_table_size); + + grub_dprintf ("multiboot_loader", "slr_table_base = %lx, slr_table_size = %x\n", + (unsigned long) slparams->slr_table_base, + (unsigned) slparams->slr_table_size); + return GRUB_ERR_NONE; +} +#endif + static void normal_boot (struct grub_relocator *rel, struct grub_relocator32_state state) { - grub_err_t err; struct grub_slaunch_params *slparams = grub_slaunch_params(); state.edi = grub_slaunch_platform_type (); if (state.edi == SLP_INTEL_TXT) { - err = grub_txt_boot_prepare (slparams); - - if (err != GRUB_ERR_NONE) - { - grub_printf ("TXT boot preparation failed"); - return; - } - - grub_slaunch_finish_slr_table (); - /* Configure relocator GETSEC[SENTER] call. */ state.eax = GRUB_SMX_LEAF_SENTER; state.ebx = slparams->dce_base; @@ -216,6 +234,38 @@ grub_multiboot_boot (void) if (err) return err; +#ifdef GRUB_USE_MULTIBOOT2 + if (grub_slaunch_platform_type () == SLP_INTEL_TXT) + { + struct grub_slaunch_params *slparams = grub_slaunch_params(); + + err = grub_multiboot2_init_slparams (slparams); + if (err != GRUB_ERR_NONE) + { + grub_printf ("Initializing slaunch parameters failed"); + return err; + } + + err = grub_txt_boot_prepare (slparams); + if (err != GRUB_ERR_NONE) + { + grub_printf ("TXT boot preparation failed"); + return err; + } + + grub_slaunch_add_slrt_policy_entry (18, + GRUB_SLR_ET_MULTIBOOT_INFO, + /*flags=*/0, + state.MULTIBOOT_MBI_REGISTER, + mbi_size, + "Measured MB2 information"); + grub_slaunch_add_slrt_policy_entries (); + grub_txt_add_slrt_policy_entries (); + GRUB_MULTIBOOT (add_slrt_policy_entries) (); + grub_slaunch_finish_slr_table (); + } +#endif + if (grub_efi_is_finished) normal_boot (GRUB_MULTIBOOT (relocator), state); else diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c index ac81b0d8b..b81404a40 100644 --- a/grub-core/loader/multiboot_mbi2.c +++ b/grub-core/loader/multiboot_mbi2.c @@ -39,6 +39,7 @@ #include #include #include +#include #if defined (GRUB_MACHINE_EFI) #include @@ -1049,6 +1050,23 @@ grub_multiboot2_make_mbi (grub_uint32_t *target, grub_uint32_t *size) return GRUB_ERR_NONE; } +void +grub_multiboot2_add_slrt_policy_entries (void) +{ + unsigned i; + struct module *cur; + + for (i = 0, cur = modules; i < modcnt; i++, cur = cur->next) + { + grub_slaunch_add_slrt_policy_entry (17, + GRUB_SLR_ET_MULTIBOOT_MODULE, + /*flags=*/0, + cur->start, + cur->size, + "Measured MB2 module"); + } +} + void grub_multiboot2_free_mbi (void) { diff --git a/include/grub/multiboot.h b/include/grub/multiboot.h index f9fa74471..08874e121 100644 --- a/include/grub/multiboot.h +++ b/include/grub/multiboot.h @@ -50,6 +50,7 @@ void grub_multiboot_set_bootdev (void); void grub_multiboot_add_elfsyms (grub_size_t num, grub_size_t entsize, unsigned shndx, void *data); +void grub_multiboot_add_slrt_policy_entries (void); grub_uint32_t grub_multiboot_get_mmap_count (void); grub_err_t grub_multiboot_set_video_mode (void); diff --git a/include/grub/multiboot2.h b/include/grub/multiboot2.h index d1e3b3a8b..b0795b236 100644 --- a/include/grub/multiboot2.h +++ b/include/grub/multiboot2.h @@ -43,6 +43,7 @@ void grub_multiboot2_set_bootdev (void); void grub_multiboot2_add_elfsyms (grub_size_t num, grub_size_t entsize, unsigned shndx, void *data); +void grub_multiboot2_add_slrt_policy_entries (void); grub_uint32_t grub_multiboot2_get_mmap_count (void); grub_err_t grub_multiboot2_set_video_mode (void); diff --git a/include/grub/slr_table.h b/include/grub/slr_table.h index 9e9f90ad6..5fe2b0ce4 100644 --- a/include/grub/slr_table.h +++ b/include/grub/slr_table.h @@ -65,15 +65,17 @@ #define GRUB_SLR_ENTRY_END 0xffff /* Entity Types */ -#define GRUB_SLR_ET_UNSPECIFIED 0x0000 -#define GRUB_SLR_ET_SLRT 0x0001 -#define GRUB_SLR_ET_BOOT_PARAMS 0x0002 -#define GRUB_SLR_ET_SETUP_DATA 0x0003 -#define GRUB_SLR_ET_CMDLINE 0x0004 -#define GRUB_SLR_ET_UEFI_MEMMAP 0x0005 -#define GRUB_SLR_ET_RAMDISK 0x0006 -#define GRUB_SLR_ET_TXT_OS2MLE 0x0010 -#define GRUB_SLR_ET_UNUSED 0xffff +#define GRUB_SLR_ET_UNSPECIFIED 0x0000 +#define GRUB_SLR_ET_SLRT 0x0001 +#define GRUB_SLR_ET_BOOT_PARAMS 0x0002 +#define GRUB_SLR_ET_SETUP_DATA 0x0003 +#define GRUB_SLR_ET_CMDLINE 0x0004 +#define GRUB_SLR_ET_UEFI_MEMMAP 0x0005 +#define GRUB_SLR_ET_RAMDISK 0x0006 +#define GRUB_SLR_ET_MULTIBOOT_INFO 0x0007 +#define GRUB_SLR_ET_MULTIBOOT_MODULE 0x0008 +#define GRUB_SLR_ET_TXT_OS2MLE 0x0010 +#define GRUB_SLR_ET_UNUSED 0xffff /* * Primary SLR Table Header