'cpuid_check' : dict,
'machine_address_size': int,
'suppress_spurious_page_faults': bool0,
+ 's3_integrity' : int,
}
# List of legacy configuration keys that have no equivalent in the
if security.has_authorization(ssidref) == False:
raise VmError("VM is not authorized to run.")
+ s3_integrity = self.info['s3_integrity']
+ flags = (int(hvm) << 0) | (int(hap) << 1) | (int(s3_integrity) << 2)
+
try:
self.domid = xc.domain_create(
domid = 0,
ssidref = ssidref,
handle = uuid.fromString(self.info['uuid']),
- flags = (int(hvm) << 0) | (int(hap) << 1),
+ flags = flags,
target = self.info.target())
except Exception, e:
# may get here if due to ACM the operation is not permitted
use="""Hap status (0=hap is disabled;
1=hap is enabled.""")
+gopts.var('s3_integrity', val='TBOOT_MEMORY_PROTECT',
+ fn=set_int, default=1,
+ use="""Should domain memory integrity be verified during S3?
+ (0=protection is disabled; 1=protection is enabled.""")
+
gopts.var('cpuid', val="IN[,SIN]:eax=EAX,ebx=EBX,ecx=ECX,edx=EDX",
fn=append_value, default=[],
use="""Cpuid description.""")
elif num > 1:
err("VM config error: Multiple access_control definitions!")
+def configure_mem_prot(config_image, vals):
+ """Create the config for S3 memory integrity verification under tboot.
+ """
+ config_image.append(['s3_integrity', vals.s3_integrity])
def configure_vtpm(config_devs, vals):
"""Create the config for virtual TPM interfaces.
else:
config.append(['bootloader_args', '-q'])
config.append(['image', config_image])
+ configure_mem_prot(config, vals);
config_devs = []
configure_disks(config_devs, vals)
vm.attributes["is_a_template"].value == 'true',
"auto_power_on":
vm.attributes["auto_power_on"].value == 'true',
+ "s3_integrity":
+ vm.attributes["s3_integrity"].value,
"memory_static_max":
get_child_node_attribute(vm, "memory", "static_max"),
"memory_static_min":
= str(get_child_by_name(config, "vcpus", 1))
vm.attributes["vcpus_at_startup"] \
= str(get_child_by_name(config, "vcpus", 1))
+ vm.attributes["s3_integrity"] \
+ = str(get_child_by_name(config, "s3_integrity", 0))
sec_data = get_child_by_name(config, "security")
if sec_data:
hvm_funcs.hap_supported &&
(domcr_flags & DOMCRF_hap);
+ d->arch.s3_integrity = !!(domcr_flags & DOMCRF_s3_integrity);
+
INIT_LIST_HEAD(&d->arch.pdev_list);
d->arch.relmem = RELMEM_not_started;
cpumask_t cpu_present_map;
unsigned long xen_phys_start;
+unsigned long allocator_bitmap_end;
#ifdef CONFIG_X86_32
/* Limits of Xen heap, used to initialise the allocator. */
multiboot_info_t *mbi = __va(mbi_p);
module_t *mod = (module_t *)__va(mbi->mods_addr);
unsigned long nr_pages, modules_length, modules_headroom;
- unsigned long allocator_bitmap_end;
int i, e820_warn = 0, bytes = 0;
struct ns16550_defaults ns16550 = {
.data_bits = 8,
panic("Could not protect TXT memory regions\n");
/* Create initial domain 0. */
- dom0 = domain_create(0, 0, DOM0_SSIDREF);
+ dom0 = domain_create(0, DOMCRF_s3_integrity, DOM0_SSIDREF);
if ( (dom0 == NULL) || (alloc_vcpu(dom0, 0, 0) == NULL) )
panic("Error creating domain 0\n");
ret = -EINVAL;
if ( supervisor_mode_kernel ||
(op->u.createdomain.flags &
- ~(XEN_DOMCTL_CDF_hvm_guest | XEN_DOMCTL_CDF_hap)) )
+ ~(XEN_DOMCTL_CDF_hvm_guest | XEN_DOMCTL_CDF_hap |
+ XEN_DOMCTL_CDF_s3_integrity)) )
break;
dom = op->domain;
domcr_flags |= DOMCRF_hvm;
if ( op->u.createdomain.flags & XEN_DOMCTL_CDF_hap )
domcr_flags |= DOMCRF_hap;
+ if ( op->u.createdomain.flags & XEN_DOMCTL_CDF_s3_integrity )
+ domcr_flags |= DOMCRF_s3_integrity;
ret = -ENOMEM;
d = domain_create(dom, domcr_flags, op->u.createdomain.ssidref);
unsigned int hv_compat_vstart;
#endif
+ bool_t s3_integrity;
+
/* I/O-port admin-specified access capabilities. */
struct rangeset *ioport_caps;
uint32_t pci_cf8;
uint32_t ssidref;
xen_domain_handle_t handle;
/* Is this an HVM guest (as opposed to a PV guest)? */
-#define _XEN_DOMCTL_CDF_hvm_guest 0
-#define XEN_DOMCTL_CDF_hvm_guest (1U<<_XEN_DOMCTL_CDF_hvm_guest)
+#define _XEN_DOMCTL_CDF_hvm_guest 0
+#define XEN_DOMCTL_CDF_hvm_guest (1U<<_XEN_DOMCTL_CDF_hvm_guest)
/* Use hardware-assisted paging if available? */
-#define _XEN_DOMCTL_CDF_hap 1
-#define XEN_DOMCTL_CDF_hap (1U<<_XEN_DOMCTL_CDF_hap)
+#define _XEN_DOMCTL_CDF_hap 1
+#define XEN_DOMCTL_CDF_hap (1U<<_XEN_DOMCTL_CDF_hap)
+ /* Should domain memory integrity be verifed by tboot during Sx? */
+#define _XEN_DOMCTL_CDF_s3_integrity 2
+#define XEN_DOMCTL_CDF_s3_integrity (1U<<_XEN_DOMCTL_CDF_s3_integrity)
uint32_t flags;
};
typedef struct xen_domctl_createdomain xen_domctl_createdomain_t;
struct domain *domain_create(
domid_t domid, unsigned int domcr_flags, ssidref_t ssidref);
/* DOMCRF_hvm: Create an HVM domain, as opposed to a PV domain. */
-#define _DOMCRF_hvm 0
-#define DOMCRF_hvm (1U<<_DOMCRF_hvm)
+#define _DOMCRF_hvm 0
+#define DOMCRF_hvm (1U<<_DOMCRF_hvm)
/* DOMCRF_hap: Create a domain with hardware-assisted paging. */
-#define _DOMCRF_hap 1
-#define DOMCRF_hap (1U<<_DOMCRF_hap)
+#define _DOMCRF_hap 1
+#define DOMCRF_hap (1U<<_DOMCRF_hap)
+ /* DOMCRF_s3_integrity: Create a domain with tboot memory integrity protection
+ by tboot */
+#define _DOMCRF_s3_integrity 2
+#define DOMCRF_s3_integrity (1U<<_DOMCRF_s3_integrity)
/* DOMCRF_dummy: Create a dummy domain (not scheduled; not on domain list) */
-#define _DOMCRF_dummy 2
-#define DOMCRF_dummy (1U<<_DOMCRF_dummy)
+#define _DOMCRF_dummy 3
+#define DOMCRF_dummy (1U<<_DOMCRF_dummy)
/*
* rcu_lock_domain_by_id() is more efficient than get_domain_by_id().
projects / xen.git / commitdiff