From patchwork Fri Jan 22 00:51:39 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bobby Eshleman X-Patchwork-Id: 12038071 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7DCEAC433DB for ; Fri, 22 Jan 2021 00:55:37 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 29EEB20769 for ; Fri, 22 Jan 2021 00:55:36 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 29EEB20769 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.72501.130578 (Exim 4.92) (envelope-from ) id 1l2kjU-0002ii-ND; Fri, 22 Jan 2021 00:55:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 72501.130578; Fri, 22 Jan 2021 00:55:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1l2kjU-0002ib-KB; Fri, 22 Jan 2021 00:55:24 +0000 Received: by outflank-mailman (input) for mailman id 72501; Fri, 22 Jan 2021 00:55:23 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1l2kjT-0002iW-Hg for xen-devel@lists.xenproject.org; Fri, 22 Jan 2021 00:55:23 +0000 Received: from mail-pg1-x529.google.com (unknown [2607:f8b0:4864:20::529]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 452d960e-c1f9-4e3c-9c2e-293067f9f203; Fri, 22 Jan 2021 00:55:22 +0000 (UTC) Received: by mail-pg1-x529.google.com with SMTP id c22so2506548pgg.13 for ; Thu, 21 Jan 2021 16:55:22 -0800 (PST) Received: from localhost.localdomain ([2601:1c2:4f00:c640:3cc1:5f60:de20:49b1]) by smtp.gmail.com with ESMTPSA id j23sm6930632pgj.34.2021.01.21.16.55.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Jan 2021 16:55:20 -0800 (PST) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 452d960e-c1f9-4e3c-9c2e-293067f9f203 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=rIOKGHEaZfI6rvT9SVdqB5YuiixLFxsrRTXqgVKYpFY=; b=opo3i9qwHHPs7NSfXWSYlNwu9XA1+GYaUuidLeqlaoQkipH4qe75UTIN5JvfryfV9H WSt3OExA8ERcVCAvW7y0VRhJPF9KkXh35mcIPK3gcsiJOay9RK/AK+gLyB8+XZ1SqSbE oAD1SjEL9wNqgBvk3+to/YsNy0Ngdwaku0bORSTkUNiJLpc4/gc6BqrBko87QJUuUrpV +pZINbwXOIkmuN6w3B1QnlmIfLayZxlynRs7vev0HGwHPQzp/1Cz1/Qo1PQ3FdqOEZcA FbCaA6Vas2jSVlInulakqT7YMSiURmOqDnmIx4sbRH48J6hOFIwSQ7WO/Zfj7/Rsk0iK xjBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=rIOKGHEaZfI6rvT9SVdqB5YuiixLFxsrRTXqgVKYpFY=; b=A9azmct+dpddhC8yE3Y81PMn9Wgp816sFKGgDN7q4Zu6JWRQUkwMfIAHTXS/Bl7NIW n4Eyb6Bek+OrWuKzTHEOmpTcGqGOYUTN+LgSX+e1tMXTzcHoUoGVAUr1TnzJ2X+n/bu0 v2GNxYSqLbQiYurLdGYo8RSq8l+vjcjF9VdQzC22YOA8mwgdjfWgwJKyG02UlOq2bC3D fjEx/oD9u4Bw0diViYHo1wbHmf1GbMp3DFV0qCXzh8cf65+1UYvmYQUDcB1TtptNGsIr kprSqifsGnxdfdyjgPswtQwowhXodovga9nzIvbCDPcW/MdWbkgNirjyFw1qCRpwb2AZ HTtQ== X-Gm-Message-State: AOAM530q1hycvUEeMasnXH9PqVdGlq2fyge6A1ugq1STG/zU7lp9xJ9F 3j6g3Z8wt1kawflq4uIOpdE9NC5N4QJlyUNx X-Google-Smtp-Source: ABdhPJxXk4Hknfu/PliLzQt2PC5CBl2DWL5AqmZU1vN/pKxbXtUGA2ySIMNzR/vsNViM+lSaY3yg7w== X-Received: by 2002:aa7:9736:0:b029:1b9:c4f5:54d5 with SMTP id k22-20020aa797360000b02901b9c4f554d5mr2043978pfg.47.1611276921417; Thu, 21 Jan 2021 16:55:21 -0800 (PST) From: Bobby Eshleman To: Xen-devel Cc: Bobby Eshleman , Daniel Kiper , Andrew Cooper , George Dunlap , Ian Jackson , Jan Beulich , Julien Grall , Stefano Stabellini , Wei Liu , Olivier Lambert Subject: [PATCH v3 0/5] Support Secure Boot for multiboot2 Xen Date: Thu, 21 Jan 2021 16:51:39 -0800 Message-Id: X-Mailer: git-send-email 2.30.0 MIME-Version: 1.0 This is version 3 for a patch set sent out to the ML in 2018 [1] to support UEFI Secure Boot for Xen on multiboot2 platforms. A new binary, xen.mb.efi, is built. It contains the mb2 header as well as a hand-crafted PE/COFF header. The dom0 kernel is verified using the shim lock protocol. I followed with v2 feedback and attempted to convert the PE/COFF header into C instead of ASM. Unfortunately, this was only possible for the first part (Legacy) of the PE/COFF header. The other parts required addresses only available at link time (such as __2M_rwdata_end, __pe_SizeOfImage, efi_mb_start address, etc...), which effectively ruled out C. The biggest difference between v2 and v3 is that in v3 we do not attempt to merge xen.mb.efi and xen.efi into a single binary. Instead, this will be left to a future patch set, unless requested otherwise. [1]: https://lists.xen.org/archives/html/xen-devel/2018-06/msg01292.html Changes in v3: - add requested comment clarification - remove unnecessary fake data from PE/COFF head (like linker versions) - macro-ize and refactor Makefile according to Jan's feedback - break PE/COFF header into its own file - shrink the PE/COFF to start 0x40 instead of 0x80 (my tests showed this function with no problem, on a live nested vm or using objdump/objcopy) - support SOURCE_EPOCH for posix time - removed `date` invocation that would break on FreeBSD - style changes - And obviously, ported to current HEAD Daniel Kiper (5): xen: add XEN_BUILD_POSIX_TIME xen/x86: manually build xen.mb.efi binary xen/x86: add some addresses to the Multiboot header xen/x86: add some addresses to the Multiboot2 header xen/x86/efi: Verify dom0 kernel with SHIM_LOCK protocol in efi_multiboot2() xen/Makefile | 22 ++++--- xen/arch/x86/Makefile | 7 +- xen/arch/x86/arch.mk | 2 + xen/arch/x86/boot/Makefile | 1 + xen/arch/x86/boot/head.S | 53 +++++++++++++-- xen/arch/x86/boot/pecoff.S | 123 +++++++++++++++++++++++++++++++++++ xen/arch/x86/efi/efi-boot.h | 30 ++++++++- xen/arch/x86/efi/stub.c | 17 ++++- xen/arch/x86/xen.lds.S | 34 ++++++++++ xen/common/efi/boot.c | 19 ++++-- xen/include/xen/compile.h.in | 1 + xen/include/xen/efi.h | 1 + 12 files changed, 283 insertions(+), 27 deletions(-) create mode 100644 xen/arch/x86/boot/pecoff.S