Closed SergiiDmytruk closed 5 months ago
SergiiDmytruk
commented
5 months ago Perhaps TIS and event log should be mapped separately from TXT/SKINIT specific ranges, these are common to both versions, especially since SLRT is now in common variable.
Good idea. Also moved dispatching to slaunch.c out of setup.c.
https://github.com/TrenchBoot/xen/compare/0bac2f30b7bb5c9f4946a0ea27f5d9fc816e80a0..eb394884c439fca26cc5814cff59adfa10b21074
SergiiDmytruk
commented
5 months ago Now booting works all the way to dom0 starting, where it complains about E820 conflict (log.txt), which may be caused by SLB reservation.
No, it's TPM event log:
...
(XEN) SLAUNCH: reserving TPM event log (0x3284000 - 0x328c000)
...
(XEN) Dom0 kernel: 64-bit, PAE, lsb, paddr 0x1000000 -> 0x5000000
...Xen loads Dom0 kernel over a reserved area. I've changed how GRUB allocates the log in https://github.com/TrenchBoot/grub/commit/89e27febfd0fe8bb0a52fd81f79d930949b67b83 and was able to boot.
That line should actually stay SLAUNCH: reserving event log (not "TPM event log") to not break anti-evil-maid-dump-evt-log. Updated it in https://github.com/TrenchBoot/xen/compare/8ae81e157bfd4fa36c6bdb1dbf104d47edd5ce29..0186fd858e26497152cd9a27cb2a26c69217c156..
SergiiDmytruk
commented
5 months ago Sent https://github.com/TrenchBoot/grub/pull/19 for that GRUB change.
SergiiDmytruk
commented
5 months ago Looks like 0x1000000 is where Linux wants to get loaded:
``` Elf file type is EXEC (Executable file) Entry point 0x1000000 There are 5 program headers, starting at offset 64 Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flags Align LOAD 0x0000000000200000 0xffffffff81000000 0x0000000001000000 0x0000000001b5d72c 0x0000000001b5d72c R E 0x200000 LOAD 0x0000000001e00000 0xffffffff82c00000 0x0000000002c00000 0x00000000008c4000 0x00000000008c4000 RW 0x200000 LOAD 0x0000000002800000 0x0000000000000000 0x00000000034c4000 0x0000000000035000 0x0000000000035000 RW 0x200000 LOAD 0x00000000028f9000 0xffffffff834f9000 0x00000000034f9000 0x0000000001b07000 0x0000000001b07000 RWE 0x200000 NOTE 0x0000000001d5d4e0 0xffffffff82b5d4e0 0x0000000002b5d4e0 0x000000000000024c 0x000000000000024c 0x8 Section to Segment mapping: Segment Sections... 00 .text .rodata .pci_fixup .tracedata .printk_index __ksymtab __ksymtab_gpl __ksymtab_strings __init_rodata __param __modver __ex_table .notes 01 .data __bug_table .orc_unwind_ip .orc_unwind .orc_lookup .vvar 02 .data..percpu 03 .init.text .altinstr_aux .init.data .x86_cpu_dev.init .parainstructions .retpoline_sites .return_sites .altinstructions .altinstr_replacement .apicdrivers .exit.text .smp_locks .bss .brk .init.scratch 04 .notes ```
So Xen can't do much here. It's weird that Linux checks for e820 overlaps instead of Xen, but whatever, event log just should be allocated high to avoid this problem.
krystian-hebel
commented
5 months ago Works (somewhat) with https://github.com/TrenchBoot/secure-kernel-loader/pull/17 and https://github.com/TrenchBoot/grub/commit/263639999fc9309ec721fd04cab0a053c98a6939. I've worked around the issue fixed with https://github.com/TrenchBoot/grub/pull/19 by calling slaunch_module /skl.bin before Xen and modules are loaded, which changed memory map sufficiently, I don't see how that fix can break anything so I'll merge it soon. I had to start with maxcpus=1, after which none of the sys-* VMs started due to timeouts. They wanted 2 vCPUs each, which was very inefficient with only one pCPU available. It was possible to start VMs manually after logging in through serial (remove plymouth.ignore-serial-consoles or something like that from Linux command line), one by one, after multiple tries.
Dumping event log works, but PCR 17 values don't match with event log. I'm not sure what's causing it, but I'm merging this PR as is. SMP issue will have to be resolved first, then we can worry about debugging PCR mismatches.
Moved some code into
slaunch.candslaunch.hto avoid putting AMD-specific things into files namedintel_txt.*and stop putting too much intotpm.c. Better to review by commits.Also had to work around limitations of early TPM code for getting SLRT pointer and determining CPU vendor.