From patchwork Fri Nov 10 22:27:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Philipson X-Patchwork-Id: 164016 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b129:0:b0:403:3b70:6f57 with SMTP id q9csp1420815vqs; Fri, 10 Nov 2023 14:29:32 -0800 (PST) X-Google-Smtp-Source: AGHT+IE/c2N5ls5Abyn/KHciCO67A9XZp4t0r2os9TwtZNRPP/LS16KyEx/0oBa75UlmCdSpwCEq X-Received: by 2002:a05:6a20:2588:b0:185:b481:302b with SMTP id k8-20020a056a20258800b00185b481302bmr561589pzd.9.1699655371861; Fri, 10 Nov 2023 14:29:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699655371; cv=none; d=google.com; s=arc-20160816; b=USvNdjzUFfNPSZ/4wsBgSxDFgpW0XfH7OYNFRMLZwxgmomZumS+3eQ9xu6EIM+jaXJ OTY2Qt9+nba2xOWXYmlqRlnCfaBssrv/s3bpupEPP2PXU9HVpytF07jjW6gESfSkBqXn RJ37d7piboWGDEjJzTSMHZhtudMbyGpHdL0RiheXCG5MEf30IH/x9cgCldw6X70f/EyP MH6jNfjPYEDAaZhP64FhCCvrF8B7F9NfUXMAFyaJOUGVtj70CcQPUxpfgii3vXJTxV8W ny9zEKDS2DFR/84iZgyMr9wz1L1YnEVdUQ2yOtlmOO3IyEZIZ4JJvSHev4YPLLAlVDiI HIVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=PF3adVbDuDOrhrzIcst51oqzg2T1uPdLomNy2PQ/df0=; fh=3RswKj8aEXyBJ6DCbqm+xF4dpuJnrF7Rjf3Zdj/lhD8=; b=CcvB8tmYBLXOchpgeATh+4bpUkLW+QHpsEfwtEohEvnn4OuLZ1XteHgtPx/BcOLRCL hSLDc2iARS2OzIL2PAdROWieB9NJCC8g5Wxnn2QekS6LBy0XNJVbhP44S1/RvxNCd/SZ QMEy7/OmimwPW9TAGMSVyodx9SlkaEqibT/lGeDLStDL+v5+Agx6mAbctlxUx+lWmX0w mEh7B4+9DpUEdlYYQoAskrj0wTz3uTC2Bv5dVXnrpwTMxnh4416uFH//qEdC7mRoNl01 w/NU0kqT91xDicCCvWBvZ34ZxcoqIkhNAiqGgnKQ/R8C5SM3TWRxVo3cjJlc5jZeyiqO 4WmQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2023-03-30 header.b=mxZ9ME16; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id a26-20020a056a001d1a00b006c2d6a04897si390376pfx.396.2023.11.10.14.29.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Nov 2023 14:29:31 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2023-03-30 header.b=mxZ9ME16; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id C620E8344A65; Fri, 10 Nov 2023 14:29:11 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229992AbjKJW2r (ORCPT + 29 others); Fri, 10 Nov 2023 17:28:47 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60660 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229772AbjKJW2j (ORCPT ); Fri, 10 Nov 2023 17:28:39 -0500 Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3799B4229; Fri, 10 Nov 2023 14:28:36 -0800 (PST) Received: from pps.filterd (m0246627.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAHifV1019404; Fri, 10 Nov 2023 22:28:07 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=corp-2023-03-30; bh=PF3adVbDuDOrhrzIcst51oqzg2T1uPdLomNy2PQ/df0=; b=mxZ9ME161Tpx/sUIktn5cCgEWbUPkYCT4Gopk0IPusYQd16bQbEA2QDRqW10AV2lYExP YTcDZA5XkdVOuwUYunT6X/fKMLtEp+iV8uuT+hi7EA3Qzt4nP6hhA86rKg7UIE4oxHgt MrQSbIwPspaP9IA/psV5wjEFSnqJxICshWAapxdunaKp2GOuWlwZJIOTiwSX4+9tbZ8d htPPyXRjFuljRKUELcpioVxqQJ+tUYjMRSWii2R3xmOrcJ0phC4FxU9SMW1Uz8I+zxAK z9NhWcd06DeWGgueO8zqe+TfI19O0bhPPjrgyYH+nZn+HZRvdi64oMVqYS59RZPdwM17 3w== Received: from iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta01.appoci.oracle.com [130.35.100.223]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3u7w2370up-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Nov 2023 22:28:07 +0000 Received: from pps.filterd (iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAM4utL023964; Fri, 10 Nov 2023 22:28:05 GMT Received: from pps.reinject (localhost [127.0.0.1]) by iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 3u7w28nb37-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 10 Nov 2023 22:28:05 +0000 Received: from iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 3AAMRsaK039112; Fri, 10 Nov 2023 22:28:05 GMT Received: from ovs113.us.oracle.com (ovs113.us.oracle.com [10.149.224.213]) by iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 3u7w28nayh-12 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 10 Nov 2023 22:28:05 +0000 From: Ross Philipson To: linux-kernel@vger.kernel.org, x86@kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-crypto@vger.kernel.org, iommu@lists.linux-foundation.org, kexec@lists.infradead.org, linux-efi@vger.kernel.org Cc: ross.philipson@oracle.com, dpsmith@apertussolutions.com, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, ardb@kernel.org, mjg59@srcf.ucam.org, James.Bottomley@hansenpartnership.com, luto@amacapital.net, nivedita@alum.mit.edu, kanth.ghatraju@oracle.com, trenchboot-devel@googlegroups.com Subject: [PATCH v7 11/13] reboot: Secure Launch SEXIT support on reboot paths Date: Fri, 10 Nov 2023 17:27:49 -0500 Message-Id: <20231110222751.219836-12-ross.philipson@oracle.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20231110222751.219836-1-ross.philipson@oracle.com> References: <20231110222751.219836-1-ross.philipson@oracle.com> MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.987,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-11-10_20,2023-11-09_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999 phishscore=0 spamscore=0 mlxscore=0 adultscore=0 malwarescore=0 bulkscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311060000 definitions=main-2311100187 X-Proofpoint-GUID: dUuthkw529cAhBfrt5o13aJ6-FhLAJsi X-Proofpoint-ORIG-GUID: dUuthkw529cAhBfrt5o13aJ6-FhLAJsi X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Fri, 10 Nov 2023 14:29:11 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1782217831469844299 X-GMAIL-MSGID: 1782217831469844299 If the MLE kernel is being powered off, rebooted or halted, then SEXIT must be called. Note that the SEXIT GETSEC leaf can only be called after a machine_shutdown() has been done on these paths. The machine_shutdown() is not called on a few paths like when poweroff action does not have a poweroff callback (into ACPI code) or when an emergency reset is done. In these cases, just the TXT registers are finalized but SEXIT is skipped. Signed-off-by: Ross Philipson --- arch/x86/kernel/reboot.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c index 830425e6d38e..668cfc5e4c92 100644 --- a/arch/x86/kernel/reboot.c +++ b/arch/x86/kernel/reboot.c @@ -12,6 +12,7 @@ #include #include #include +#include #include #include #include @@ -766,6 +767,7 @@ static void native_machine_restart(char *__unused) if (!reboot_force) machine_shutdown(); + slaunch_finalize(!reboot_force); __machine_emergency_restart(0); } @@ -776,6 +778,9 @@ static void native_machine_halt(void) tboot_shutdown(TB_SHUTDOWN_HALT); + /* SEXIT done after machine_shutdown() to meet TXT requirements */ + slaunch_finalize(1); + stop_this_cpu(NULL); } @@ -784,8 +789,12 @@ static void native_machine_power_off(void) if (kernel_can_power_off()) { if (!reboot_force) machine_shutdown(); + slaunch_finalize(!reboot_force); do_kernel_power_off(); + } else { + slaunch_finalize(0); } + /* A fallback in case there is no PM info available */ tboot_shutdown(TB_SHUTDOWN_HALT); } @@ -813,6 +822,7 @@ void machine_shutdown(void) void machine_emergency_restart(void) { + slaunch_finalize(0); __machine_emergency_restart(1); }