mbox series

[0/3] x86: Initial Trenchboot/SKINIT support

Message ID 20210115231046.31785-1-andrew.cooper3@citrix.com (mailing list archive)
Headers show
Series x86: Initial Trenchboot/SKINIT support | expand


Andrew Cooper Jan. 15, 2021, 11:10 p.m. UTC
The Trenchboot project[0][1] project aims to develop and upstream support for
TCG DRTM support into various open source projects in the ecosystem, to
improve boot security.  Trenchboot has been discussed at previous
XenSummits[2], and the work across the ecosystem is extensively blogged

This series forms the start of the work within Xen, and for now simply covers
the ability to boot in the AMD SKINIT/Secure Startup environment.

Full details are available in AMD APM Vol2 15.27 "Secure Startup with SKINIT"

Future work will cover related support for Intel TXT in a non-tboot system,
and the common logic to interact with the TPM and extend the hardware measured
chain of trust into dom0.

[0] https://trenchboot.org/
[1] https://github.com/TrenchBoot/documentation
[2] https://www.youtube.com/watch?v=SwByVrw7-08&list=PLYyw7IQjL-zFYmEoZEYswoVuXrHvXAWxj&index=13
[3] https://blog.3mdeb.com/tags/trenchboot/

Andrew Cooper (2):
  x86/smpboot: Re-position the call to tboot_wake_ap()
  x86/smpboot: Allow making an INIT IPI conditional

Norbert KamiƄski (1):
  x86: Support booting under Secure Startup via SKINIT

 xen/arch/x86/cpu/common.c        | 32 +++++++++++++
 xen/arch/x86/smpboot.c           | 98 ++++++++++++++++++++++++----------------
 xen/include/asm-x86/cpufeature.h |  1 +
 xen/include/asm-x86/msr-index.h  |  1 +
 xen/include/asm-x86/processor.h  |  6 +++
 5 files changed, 99 insertions(+), 39 deletions(-)