| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Now that all code is switched over to use vp_read/write we can
drop the ioaddr field from vp_device and the offset #defines.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Add macros to read/write virtio registers.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
virtio 1.0 specifies the location of the various virtio regions
using pci capabilities. Look them up and store the results.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
... instead of the bdf only.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
For virtio 1.0 support we will need more state than just the (legacy
mode) ioaddr for each virtio-pci device. Prepare for that by adding
a new struct for it. For now it carries the ioaddr only.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
virtio version 1.0 registers can (and actually do in the qemu
implementation) live in mmio space. So we must run the blk and
scsi virtio drivers in 32bit mode, otherwise we can't access them.
This also allows to drop a bunch of GET_LOWFLAT calls from the virtio
code in the following patches.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Add a parameter to pci_find_capability, to specify the start point.
This allows to find multiple capabilities of the same type, by calling
pci_find_capability again with the offset of the last capability found.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Add the dependency to CONFIG_VGA_FIXUP_ASM so the menu option only
appears when appropriate.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Rename tcg externally called functions to more closely match other
subsystems.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
Move the call to measure the option ROM 'tpm_option_rom' into
init_optionrom.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
Remove some unused #defines and remove comments pointing to
sections in specs.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
Clean up the parameters to the build_and_send_cmd function call.
Use the sizeof() on the preceding buffer parameter. If the buffer
is NULL, we pass 0.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
Remove the array size from all arrays.
Replace the magic 12 with sizeof(GetCapability_Timeouts),
which represents the maximum number of bytes that need to be
reserved.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
Introduce a #define for the TPM command tag 0x00c1.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Unlike planned earlier virtio-vga will be compatible with
the qemu stdvga, with the framebuffer in bar 0. Drop the
virtio-vga chunk, update comment accordingly.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Add a kconfig menu to pick the vga variant, stick the vendorr
and device ids as defaults into Kconfig.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Add a build option to explicitly set the version information compiled
into the seabios and seavgabios binaries. This may assist in
reproducible builds or to better link builds to distribution packages.
If the new "VERSION=" parameter is not provided then the default build
version remains unchanged.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Don't mark function definitions in headers with "inline" - it causes
compile warnings on gcc v5.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Acked-by: Paul Menzel <paulepanter@sourceforge.net>
|
|
This patch adds invocations of functions that measure various parts of the
code and data through various parts of the BIOS code. It follows TCG
specifications on what needs to be measured. It also adds the implementation
of the called functions.
Reference for what needs to be measured can be found in specs found here:
http://www.trustedcomputinggroup.org/resources/pc_client_work_group_specific_implementation_specification_for_conventional_bios
The first measurements are done once the ACPI tables have been initialized.
Once booted into Linux, the current measurements produce the following logs
which can be found in /sys/kernel/security/tpm0/ascii_bios_measurements.
The below log also shows measurements from trusted grub.
1 3fb240d2a04085a4e84f81e4398e070ed5a18163 06 [SMBIOS]
2 cc812353fc277c1fab99e0b721752a1392984566 06 [Option ROM]
2 9dbd87163112e5670378abe4510491259a61f411 05 [Start Option ROM Scan]
2 6f74e357331b8dee11bbad85f27bc66cb873106c 06 [Option ROM]
2 5626eb7ac05c7231e46d7461e7d3839b03ae9fad 06 [Option ROM]
4 c1e25c3f6b0dc78d57296aa2870ca6f782ccf80f 05 [Calling INT 19h]
0 d9be6524a5f5047db5866813acf3277892a7a30a 04 []
1 d9be6524a5f5047db5866813acf3277892a7a30a 04 []
2 d9be6524a5f5047db5866813acf3277892a7a30a 04 []
3 d9be6524a5f5047db5866813acf3277892a7a30a 04 []
4 d9be6524a5f5047db5866813acf3277892a7a30a 04 []
5 d9be6524a5f5047db5866813acf3277892a7a30a 04 []
6 d9be6524a5f5047db5866813acf3277892a7a30a 04 []
7 d9be6524a5f5047db5866813acf3277892a7a30a 04 []
4 8cf2fe6c87d4d0b2998a43da630292e6d85ee8b6 05 [Booting BCV device 80h (HDD)]
4 5dff94459a3e2d13a433ef94afdc306144565bf7 0d [IPL]
5 d1b33afde65ad47502332af957c60f20c84c1edc 0e [IPL Partition Data]
4 487ce764b527ccad17f1d04243d0136fa981e6c4 0d [IPL]
4 91d285e4dead566324c8938a3cc75803f462d9a1 0d [IPL]
4 8ba79ac98bb491524fef29defc724daaf6263d35 0d [IPL]
4 c591c15b82e4ff30e7383a4ff1ef3b41b38521ac 06 []
4 8cdc27ec545eda33fbba1e8b8dae4da5c7206972 04 [Grub Event Separator]
5 8cdc27ec545eda33fbba1e8b8dae4da5c7206972 04 [Grub Event Separator]
5 e8673b9e14b02dc12d8ccfd0176bca7a3de7fc3c 0e [IPL Partition Data]
5 0163e375a0af7525c5dac1a8e74b277359e40d1d 1105 []
8 4be30f67c3d48ab7f04d9c0fd07f06d4c68379be 1205 []
8 54c83965978de9708d026016ecb0e70660e04388 1305 []
5 2431ed60130faeaf3a045f21963f71cacd46a029 04 [OS Event Separator]
8 2431ed60130faeaf3a045f21963f71cacd46a029 04 [OS Event Separator]
8 f3973cae05d6e2055062119d6e6e1e077b7df876 1005 []
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
I've been successfully using SeaBIOS as secondary bootloader. In more details
I have GRUB2-as-payload in flash together with coreboot. SeaBIOS binary is on
the HDD and loaded by GRUB when needed. This has an unfortunate consequence
that I have to keep vga oprom in flash even if usually I boot without it. This
patches makes bios.bin.elf multiboot executable with files passed as modules.
Example:
menuentry "SeaBIOS (mb)" --unrestricted {
root=ahci0,2
multiboot /bios.bin.elf
module /vgabios_x230.rom name=pci8086,0166.rom
}
the parameter name= specifies under which name SeaBIOS will see it.
Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Signed-off-by: Quan Xu <quan.xu@intel.com>
|
|
This patch implements the TCG BIOS interrupt handler 1ah. It is for
example used by trusted grub.
This patch adds an implementation of SHA1 (following NIST specs., IETF RFC 3147
and Wikipedia) for speeding up measurements of code. Trusted Grub for example
makes use of this interface and measures (calculates SHA1) of the Linux kernel
and initrd. Those files can be rather large and hunting their bytes through
the TIS interface as part of the int handler commands invoked by trusted grub
does take quite some time due to the many vmexits the interface is creating
(one per byte).
There is also a threshold for the size of data to hash (100k) below which
the TPM is used and above the internal faster SHA1 algorithm is used.
This patch for example enables trusted grub to interact with the TPM
and take additional measurements.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
This patch implements the main part of the TCG BIOS extensions. It provides
the following functionality:
- initialization of the TCPA ACPI table used for logging of measurements
- initialization of the TPM by sending a sequence of commands to it
- proper setup of the TPM before the BIOS hands over control to the bootloader
- support for S3 resume; BIOS sends TPM_Startup(ST_STATE) to TPM
- enable configuration of SeaBIOS to be built with TCGBIOS extensions
All TCG BIOS extensions are activated with CONFIG_TCGBIOS.
Structures that are needed in subsequent patches are also included in
tcgbios.h at this point.
The effect of this patch is that it initialized the TPM upon VM start
and S3 resume.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
This patch adds an implementation of a TPM TIS driver for the TPM TIS
emulation supported by QEMU. The driver is broken up into several
small functions that have to be called in proper sequence. The driver is
cleanly separated from the rest of the code through an interface holding
pointers to the driver's functions.
A client using this driver first probes whether the TPM TIS
interface is available (probe function) and then invokes the interface
function to initialze the interface and send requests and receive responses.
Possible future extensions *could* include a virtio interface for the TPM
with a corresponding driver here.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
This option tells linker not to align sections in a way optimied for OS.
ls -lh out/bios.bin.elf
-rwxr-xr-x 1 phcoder phcoder 90K Mai 19 20:38 out/bios.bin.elf
Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
|
|
At least AHCI on Intel on some machines claim to support only 6 ports
while in fact higher port numbers are present and work.
This is needed to access CD-ROM on PackardBell MS2290.
Both GRUB and Linux have a similar workaround.
Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
|
|
Bits 16-31 of the SMM revision ID are feature bits. We only need to
check that SMBASE relocation is supported, but do not care about other
features. In particular, this allows the SMM I/O instruction restart
feature to be present.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Emulate the "leal" instruction so that the vgabios can run on older
versions of x86emu. (This removes the previous "leal" trap.)
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Add a kconfig build option (CONFIG_VGA_FIXUP_ASM) to allow users to
build the vgabios without the complex assembler fixups that work
around emulator bugs.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Commit 251e2638 introduced the "smsww" instruction to the vgabios.
Unfortunately, it appears at least some versions of x86emu crash when
executing that instruction (eg, FC13 installer crashes). That
instruction wasn't required to work around the problem fixed in
251e2638, so just avoid it.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
|
Change the smbios structure to use a 4 byte u32 signature field
instead of a 4 byte character string field. In practice, this allows
the compiler to place the signature in the initialize code segment and
thus makes it less likely the signature would be found in the
f-segment. (If the smbios signature is found in the f-segment it can
confuse some table scans.)
Reviewed-by: Bruce Rogers <brogers@suse.com>
Tested-by: Bruce Rogers <brogers@suse.com>
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
