From e73ef5b21d71ad83afb3f098d21a6a9f6b03bfa8 Mon Sep 17 00:00:00 2001
From: Keir Fraser <keir.fraser@citrix.com>
Date: Thu, 29 Jan 2009 11:36:09 +0000
Subject: [PATCH] tboot: hypervisor integrity on S3

When launched from tboot, utilise tboot interface to provide integrity
protection to the hypervisor during S3

Signed-off-by: Joseph Cihula <joseph.cihula@intel.com>
ACKed-by: Shane Wang <shane.wang@intel.com>
---
 xen/arch/x86/tboot.c        | 21 +++++++++++++++++++++
 xen/include/asm-x86/tboot.h |  9 +++++++++
 2 files changed, 30 insertions(+)

diff --git a/xen/arch/x86/tboot.c b/xen/arch/x86/tboot.c
index 9e1419646d..1952ad5db1 100644
--- a/xen/arch/x86/tboot.c
+++ b/xen/arch/x86/tboot.c
@@ -17,6 +17,8 @@ tboot_shared_t *g_tboot_shared;
 
 static const uuid_t tboot_shared_uuid = TBOOT_SHARED_UUID;
 
+extern char __init_begin[], __per_cpu_start[], __per_cpu_end[], __bss_start[];
+
 void __init tboot_probe(void)
 {
     tboot_shared_t *tboot_shared;
@@ -59,6 +61,25 @@ void tboot_shutdown(uint32_t shutdown_type)
 
     local_irq_disable();
 
+    /* if this is S3 then set regions to MAC */
+    if ( shutdown_type == TB_SHUTDOWN_S3 ) {
+        g_tboot_shared->num_mac_regions = 4;
+        /* S3 resume code (and other real mode trampoline code) */
+        g_tboot_shared->mac_regions[0].start =
+            (uint64_t)bootsym_phys(trampoline_start);
+        g_tboot_shared->mac_regions[0].end =
+            (uint64_t)bootsym_phys(trampoline_end);
+        /* hypervisor code + data */
+        g_tboot_shared->mac_regions[1].start = (uint64_t)__pa(&_stext);
+        g_tboot_shared->mac_regions[1].end = (uint64_t)__pa(&__init_begin);
+        /* per-cpu data */
+        g_tboot_shared->mac_regions[2].start = (uint64_t)__pa(&__per_cpu_start);
+        g_tboot_shared->mac_regions[2].end = (uint64_t)__pa(&__per_cpu_end);
+        /* bss */
+        g_tboot_shared->mac_regions[3].start = (uint64_t)__pa(&__bss_start);
+        g_tboot_shared->mac_regions[3].end = (uint64_t)__pa(&_end);
+    }
+
     /* Create identity map for tboot shutdown code. */
     map_base = PFN_DOWN(g_tboot_shared->tboot_base);
     map_size = PFN_UP(g_tboot_shared->tboot_size);
diff --git a/xen/include/asm-x86/tboot.h b/xen/include/asm-x86/tboot.h
index 07ee9a734a..8d5bbd0803 100644
--- a/xen/include/asm-x86/tboot.h
+++ b/xen/include/asm-x86/tboot.h
@@ -51,6 +51,12 @@ typedef struct __packed {
 
 /* used to communicate between tboot and the launched kernel (i.e. Xen) */
 
+#define MAX_TB_MAC_REGIONS      32
+typedef struct __packed {
+    uint64_t  start;
+    uint64_t  end;
+} tboot_mac_region_t;
+
 /* GAS - Generic Address Structure (ACPI 2.0+) */
 typedef struct __packed {
 	uint8_t  space_id;
@@ -83,6 +89,9 @@ typedef struct __packed {
               acpi_sinfo;        /* where kernel put acpi sleep info in Sx */
     uint32_t  tboot_base;        /* starting addr for tboot */
     uint32_t  tboot_size;        /* size of tboot */
+    uint8_t   num_mac_regions;   /* number mem regions to MAC on S3 */
+                                 /* contig regions memory to MAC on S3 */
+    tboot_mac_region_t mac_regions[MAX_TB_MAC_REGIONS];
 } tboot_shared_t;
 
 #define TB_SHUTDOWN_REBOOT      0
-- 
2.30.2