Shrink measured size #15
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
At least GNU ld 2.30 and earlier fail to discard the generic part of .got.plt when no actual entries were allocated. As this section can't be discarded, linker script checks if section's size is what we expect it to be (either empty or 3 * sizeof(long)) and fails otherwise. .got.plt is removed by objcopy when final binary is built. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
krystian-hebel
requested review from
andyhhp,
rossphilipson and
SergiiDmytruk
andyhhp
reviewed
Feb 23, 2024
| add %edx, %ebx | ||
| add $MAX_STACK_SIZE, %ebx | ||
| cmp %ebx, %esp | ||
| jge .Lenough_stack |
There was a problem hiding this comment.
So you can actually use the fact that the SKL size is 64k to your advantage here:
movzwl booloader_data+2(%ebp), %eax
add $MAX_STACK_SIZE, %ax
jno .Lenough_stackought to be equivalent, I think ?
There was a problem hiding this comment.
booloader_data+2(%ebp) has just the size from booloader_data to the end of that data, not from start of SLB, so booloader_data offset would still have to be added to that.
Using halfword trick is nice, but it won't matter for SLRT because it's size field is u32.
There was a problem hiding this comment.
Modified in 65e9d93 in next PR
krystian-hebel
force-pushed
the
shrink_measured_size
branch
from
3b4f2ca
to
e2f93ca
Compare
dpsmith
reviewed
Feb 23, 2024
link.lds
Outdated
|
|
||
| /* | ||
| * This section is expected to be empty. To keep amount of data sent to the | ||
| * TPM by SINIT instruction low, all data is either read-only (.rodata), or |
There was a problem hiding this comment.
krystian-hebel
force-pushed
the
shrink_measured_size
branch
2 times, most recently
from
602004f
to
1019f11
Compare
krystian-hebel
force-pushed
the
shrink_measured_size
branch
from
1019f11
to
cb2b08a
Compare
Big, sparsely filled structures don't have to be in measured part of SLB. This change moves them to .bss where they are filled at runtime, after .bss is cleared. Note that pagetables are not moved yet, it will be done in following commit. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Pagetables take 7*4K = 28K of space. Building them at runtime means that they won't have to be measured, as long as the code creating them is measured and proper memory protections are in place. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
To keep amount of data sent to the TPM by SKINIT instruction low, .data section is made empty by moving its contents which is either turned read-only (.rodata), or uninitialized and built at run time (.bss). Linker script asserts that there is no leftover .data. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Stack area doesn't need to be measured by SKINIT. Initial %esp always points to the end of SLB, there is no reason to move it from there. Minimal stack size is checked by the code as the amount of available space depends on size of SLRT passed by the bootloader. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
krystian-hebel
force-pushed
the
shrink_measured_size
branch
from
cb2b08a
to
d8ac246
Compare
SergiiDmytruk
approved these changes
Apr 8, 2024
|
Loosely related to the commit that moves non-RO data to |
With reordered sections and most of the data structures built at runtime, size of actual code that has to be measured by TPM can be reduced. As that size field used to specify offset to bootloader data, a new field was added to the header for that purpose. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Far return is used, so segment selector and relocated instruction pointer are build on the stack, instead of modifying the code. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
krystian-hebel
force-pushed
the
shrink_measured_size
branch
from
d8ac246
to
67853db
Compare
pm_kernel_entry and zero_page were renamed to dlme_entry and dlme_arg, respectively. Their previous names were valid only for Linux. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Linux, Multiboot2 and simple payload don't have overlapping uses for values passed through registers or stack. All of those can be set at the same time. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
SKL hashes are no longer passed from the bootloader. Measured code and read-only data are not changed, and all other data is created at runtime so SKL is able to measure itself, which it now does. Those hashes are only used for event log entries, PCR was extended as a result of SKINIT instruction on Dynamic Launch Event. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
This removes different handling between boot protocols. Everything is reduced to one range of consecutive memory for DLME, as well as pointer to the entry point, which is measured to PCR 17 as an offset from DLME base to avoid attacks based on jumping to different parts of DLME. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
MULTIBOOT2_BOOTLOADER_MAGIC has been moved to defs.h as it is still used in head.S. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
It used to be defined in boot.h, even though it isn't expected to be ever needed anywhere but in code for handling event log internally. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Test for INVALIDATE_ALL completion is now done inside the initialization function, instead of main.c. Function names were changed to better describe what the function does. Comment describing window in anti-DMA security was updated with new finds. Some bugs were fixed: - EventLogInt wasn't properly cleared (it is write-1-to-clear bit) - CmdBufEn was set on transition to the kernel, which didn't clear it before setting up head/tail pointers, which in turn lead to hang (it is listed as undefined behavior in IOMMU specification) - Command buffer tail/head pointer registers were incorrectly masked Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Release versions of SKL hanged in tis_send(), while versions with serial output worked, most likely thanks to increased delay between DRTM sequence and next TPM command. Apparently, some TPMs don't properly handle setting STS.commandReady when all of the following conditions are met: - TPM has recently finished DRTM sequence (internal work may still be happening at that point, there is no way to be sure), - TPM just transitioned to Idle state (e.g. by changing locality), - STS.commandReady is written periodically before TPM reports it is in Ready state. When all of the above applies, STS.commandReady is always read as 0, as if the TPM restarted transition from Idle to Ready each time it is asked to do so. To work around this, set this bit once and keep checking in a loop until TIMEOUT_B (2 seconds). Well behaving TPM must be able to enter Ready state before that time, if it doesn't, error is returned. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
This enables SHA tests to check if different compilers produce the same results. Definitions in string.h were moved outside of __STDC_HOSTED__ to avoid compiler warnings (promoted to errors because of -Werror) due to incompatible implicit declaration of built-in functions. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
-fstrict-aliasing is enabled by default when using optimization levels higher than 1, including -Os. With that option, compiler may assume that object of one type never resides at the same address as object of a different type. Both sha1_final() and sha256_final() used to write message length by casting a pointer to buffer into a pointer to u64, while surrounding code operated on the buffer directly. The problem manifests in GCC 11 and later versions. The commit fixes this issue and another UB caused by unaligned access at the beginning of transformation step by using memcpy() in both cases. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com> Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
…ssors" This reverts commit 335c103. Without -march=btver2 SKL can be used on AMD 15h or earlier and now that SKL more than fits into 64KiB limit, no need for such options to save a bit of space. Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
DEV is specific to a northbridge, so there are multiple of them on systems with several CPU sockets. 0x18 is the device number of the first one with the rest using successive numbers (0x19, 0x1A, etc.). Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
|
Just FYI, I have modified the SLRT to make everything 8b aligned in the SLRT in Linux. The PR to do this was pulled into the linux-sl-6.7 working branch. I am also adding a TXT heap address to the Intel info table. This should go up as a PR soon. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This set of changes makes the measured size of SKL smaller by making all the non-const data built at runtime and moving sections around. Size changes, calculated as offset to
bootloader_datasymbol:Increase in size for 32b is caused mostly due to measured size being just above multiply of 4K in size, and next variable is 4K-aligned.
Not tested on hardware, I'm planning to do so after switching from current tags format to SLRT.