|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen-unstable] txt: Xen per-domain S3 integrity config
# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1236081164 0
# Node ID 43019597f85c8bf98a3d8ca8f8a34e27a6e89e8d
# Parent 9c5b4efc934d7ce0f5750670b73e20a98a6ca5b0
txt: Xen per-domain S3 integrity config
This patch adds a per-domain flag to specify whether a domain will be
S3 integrity protected when Xen is launched using tboot/TXT.
The tools now support an integer domain configuration parameter called
's3_integrity', which defaults to 1, to enable S3 integrity protection.
The struct arch_domain structure has been extended to have an
's3_integrity' field that represents this setting.
Signed-off-by: Shane Wang <shane.wang@xxxxxxxxx>
Signed-off-by: Joseph Cihula <joseph.cihula@xxxxxxxxx>
---
tools/python/xen/xend/XendConfig.py | 1 +
tools/python/xen/xend/XendDomainInfo.py | 5 ++++-
tools/python/xen/xm/create.py | 10 ++++++++++
tools/python/xen/xm/xenapi_create.py | 4 ++++
xen/arch/x86/domain.c | 2 ++
xen/arch/x86/setup.c | 4 ++--
xen/common/domctl.c | 5 ++++-
xen/include/asm-x86/domain.h | 2 ++
xen/include/public/domctl.h | 11 +++++++----
xen/include/xen/sched.h | 16 ++++++++++------
10 files changed, 46 insertions(+), 14 deletions(-)
diff -r 9c5b4efc934d -r 43019597f85c tools/python/xen/xend/XendConfig.py
--- a/tools/python/xen/xend/XendConfig.py Tue Mar 03 11:46:52 2009 +0000
+++ b/tools/python/xen/xend/XendConfig.py Tue Mar 03 11:52:44 2009 +0000
@@ -216,6 +216,7 @@ XENAPI_CFG_TYPES = {
'cpuid_check' : dict,
'machine_address_size': int,
'suppress_spurious_page_faults': bool0,
+ 's3_integrity' : int,
}
# List of legacy configuration keys that have no equivalent in the
diff -r 9c5b4efc934d -r 43019597f85c tools/python/xen/xend/XendDomainInfo.py
--- a/tools/python/xen/xend/XendDomainInfo.py Tue Mar 03 11:46:52 2009 +0000
+++ b/tools/python/xen/xend/XendDomainInfo.py Tue Mar 03 11:52:44 2009 +0000
@@ -2212,12 +2212,15 @@ class XendDomainInfo:
if security.has_authorization(ssidref) == False:
raise VmError("VM is not authorized to run.")
+ s3_integrity = self.info['s3_integrity']
+ flags = (int(hvm) << 0) | (int(hap) << 1) | (int(s3_integrity) << 2)
+
try:
self.domid = xc.domain_create(
domid = 0,
ssidref = ssidref,
handle = uuid.fromString(self.info['uuid']),
- flags = (int(hvm) << 0) | (int(hap) << 1),
+ flags = flags,
target = self.info.target())
except Exception, e:
# may get here if due to ACM the operation is not permitted
diff -r 9c5b4efc934d -r 43019597f85c tools/python/xen/xm/create.py
--- a/tools/python/xen/xm/create.py Tue Mar 03 11:46:52 2009 +0000
+++ b/tools/python/xen/xm/create.py Tue Mar 03 11:52:44 2009 +0000
@@ -578,6 +578,11 @@ gopts.var('hap', val='HAP',
fn=set_int, default=1,
use="""Hap status (0=hap is disabled;
1=hap is enabled.""")
+
+gopts.var('s3_integrity', val='TBOOT_MEMORY_PROTECT',
+ fn=set_int, default=1,
+ use="""Should domain memory integrity be verified during S3?
+ (0=protection is disabled; 1=protection is enabled.""")
gopts.var('cpuid', val="IN[,SIN]:eax=EAX,ebx=EBX,ecx=ECX,edx=EDX",
fn=append_value, default=[],
@@ -832,6 +837,10 @@ def configure_security(config, vals):
elif num > 1:
err("VM config error: Multiple access_control definitions!")
+def configure_mem_prot(config_image, vals):
+ """Create the config for S3 memory integrity verification under tboot.
+ """
+ config_image.append(['s3_integrity', vals.s3_integrity])
def configure_vtpm(config_devs, vals):
"""Create the config for virtual TPM interfaces.
@@ -964,6 +973,7 @@ def make_config(vals):
else:
config.append(['bootloader_args', '-q'])
config.append(['image', config_image])
+ configure_mem_prot(config, vals);
config_devs = []
configure_disks(config_devs, vals)
diff -r 9c5b4efc934d -r 43019597f85c tools/python/xen/xm/xenapi_create.py
--- a/tools/python/xen/xm/xenapi_create.py Tue Mar 03 11:46:52 2009 +0000
+++ b/tools/python/xen/xm/xenapi_create.py Tue Mar 03 11:52:44 2009 +0000
@@ -269,6 +269,8 @@ class xenapi_create:
vm.attributes["is_a_template"].value == 'true',
"auto_power_on":
vm.attributes["auto_power_on"].value == 'true',
+ "s3_integrity":
+ vm.attributes["s3_integrity"].value,
"memory_static_max":
get_child_node_attribute(vm, "memory", "static_max"),
"memory_static_min":
@@ -650,6 +652,8 @@ class sxp2xml:
= str(get_child_by_name(config, "vcpus", 1))
vm.attributes["vcpus_at_startup"] \
= str(get_child_by_name(config, "vcpus", 1))
+ vm.attributes["s3_integrity"] \
+ = str(get_child_by_name(config, "s3_integrity", 0))
sec_data = get_child_by_name(config, "security")
if sec_data:
diff -r 9c5b4efc934d -r 43019597f85c xen/arch/x86/domain.c
--- a/xen/arch/x86/domain.c Tue Mar 03 11:46:52 2009 +0000
+++ b/xen/arch/x86/domain.c Tue Mar 03 11:52:44 2009 +0000
@@ -386,6 +386,8 @@ int arch_domain_create(struct domain *d,
hvm_funcs.hap_supported &&
(domcr_flags & DOMCRF_hap);
+ d->arch.s3_integrity = !!(domcr_flags & DOMCRF_s3_integrity);
+
INIT_LIST_HEAD(&d->arch.pdev_list);
d->arch.relmem = RELMEM_not_started;
diff -r 9c5b4efc934d -r 43019597f85c xen/arch/x86/setup.c
--- a/xen/arch/x86/setup.c Tue Mar 03 11:46:52 2009 +0000
+++ b/xen/arch/x86/setup.c Tue Mar 03 11:52:44 2009 +0000
@@ -97,6 +97,7 @@ cpumask_t cpu_present_map;
cpumask_t cpu_present_map;
unsigned long xen_phys_start;
+unsigned long allocator_bitmap_end;
#ifdef CONFIG_X86_32
/* Limits of Xen heap, used to initialise the allocator. */
@@ -418,7 +419,6 @@ void __init __start_xen(unsigned long mb
multiboot_info_t *mbi = __va(mbi_p);
module_t *mod = (module_t *)__va(mbi->mods_addr);
unsigned long nr_pages, modules_length, modules_headroom;
- unsigned long allocator_bitmap_end;
int i, e820_warn = 0, bytes = 0;
struct ns16550_defaults ns16550 = {
.data_bits = 8,
@@ -990,7 +990,7 @@ void __init __start_xen(unsigned long mb
panic("Could not protect TXT memory regions\n");
/* Create initial domain 0. */
- dom0 = domain_create(0, 0, DOM0_SSIDREF);
+ dom0 = domain_create(0, DOMCRF_s3_integrity, DOM0_SSIDREF);
if ( (dom0 == NULL) || (alloc_vcpu(dom0, 0, 0) == NULL) )
panic("Error creating domain 0\n");
diff -r 9c5b4efc934d -r 43019597f85c xen/common/domctl.c
--- a/xen/common/domctl.c Tue Mar 03 11:46:52 2009 +0000
+++ b/xen/common/domctl.c Tue Mar 03 11:52:44 2009 +0000
@@ -339,7 +339,8 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
ret = -EINVAL;
if ( supervisor_mode_kernel ||
(op->u.createdomain.flags &
- ~(XEN_DOMCTL_CDF_hvm_guest | XEN_DOMCTL_CDF_hap)) )
+ ~(XEN_DOMCTL_CDF_hvm_guest | XEN_DOMCTL_CDF_hap |
+ XEN_DOMCTL_CDF_s3_integrity)) )
break;
dom = op->domain;
@@ -371,6 +372,8 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc
domcr_flags |= DOMCRF_hvm;
if ( op->u.createdomain.flags & XEN_DOMCTL_CDF_hap )
domcr_flags |= DOMCRF_hap;
+ if ( op->u.createdomain.flags & XEN_DOMCTL_CDF_s3_integrity )
+ domcr_flags |= DOMCRF_s3_integrity;
ret = -ENOMEM;
d = domain_create(dom, domcr_flags, op->u.createdomain.ssidref);
diff -r 9c5b4efc934d -r 43019597f85c xen/include/asm-x86/domain.h
--- a/xen/include/asm-x86/domain.h Tue Mar 03 11:46:52 2009 +0000
+++ b/xen/include/asm-x86/domain.h Tue Mar 03 11:52:44 2009 +0000
@@ -220,6 +220,8 @@ struct arch_domain
#ifdef CONFIG_COMPAT
unsigned int hv_compat_vstart;
#endif
+
+ bool_t s3_integrity;
/* I/O-port admin-specified access capabilities. */
struct rangeset *ioport_caps;
diff -r 9c5b4efc934d -r 43019597f85c xen/include/public/domctl.h
--- a/xen/include/public/domctl.h Tue Mar 03 11:46:52 2009 +0000
+++ b/xen/include/public/domctl.h Tue Mar 03 11:52:44 2009 +0000
@@ -51,11 +51,14 @@ struct xen_domctl_createdomain {
uint32_t ssidref;
xen_domain_handle_t handle;
/* Is this an HVM guest (as opposed to a PV guest)? */
-#define _XEN_DOMCTL_CDF_hvm_guest 0
-#define XEN_DOMCTL_CDF_hvm_guest (1U<<_XEN_DOMCTL_CDF_hvm_guest)
+#define _XEN_DOMCTL_CDF_hvm_guest 0
+#define XEN_DOMCTL_CDF_hvm_guest (1U<<_XEN_DOMCTL_CDF_hvm_guest)
/* Use hardware-assisted paging if available? */
-#define _XEN_DOMCTL_CDF_hap 1
-#define XEN_DOMCTL_CDF_hap (1U<<_XEN_DOMCTL_CDF_hap)
+#define _XEN_DOMCTL_CDF_hap 1
+#define XEN_DOMCTL_CDF_hap (1U<<_XEN_DOMCTL_CDF_hap)
+ /* Should domain memory integrity be verifed by tboot during Sx? */
+#define _XEN_DOMCTL_CDF_s3_integrity 2
+#define XEN_DOMCTL_CDF_s3_integrity (1U<<_XEN_DOMCTL_CDF_s3_integrity)
uint32_t flags;
};
typedef struct xen_domctl_createdomain xen_domctl_createdomain_t;
diff -r 9c5b4efc934d -r 43019597f85c xen/include/xen/sched.h
--- a/xen/include/xen/sched.h Tue Mar 03 11:46:52 2009 +0000
+++ b/xen/include/xen/sched.h Tue Mar 03 11:52:44 2009 +0000
@@ -341,14 +341,18 @@ struct domain *domain_create(
struct domain *domain_create(
domid_t domid, unsigned int domcr_flags, ssidref_t ssidref);
/* DOMCRF_hvm: Create an HVM domain, as opposed to a PV domain. */
-#define _DOMCRF_hvm 0
-#define DOMCRF_hvm (1U<<_DOMCRF_hvm)
+#define _DOMCRF_hvm 0
+#define DOMCRF_hvm (1U<<_DOMCRF_hvm)
/* DOMCRF_hap: Create a domain with hardware-assisted paging. */
-#define _DOMCRF_hap 1
-#define DOMCRF_hap (1U<<_DOMCRF_hap)
+#define _DOMCRF_hap 1
+#define DOMCRF_hap (1U<<_DOMCRF_hap)
+ /* DOMCRF_s3_integrity: Create a domain with tboot memory integrity protection
+ by tboot */
+#define _DOMCRF_s3_integrity 2
+#define DOMCRF_s3_integrity (1U<<_DOMCRF_s3_integrity)
/* DOMCRF_dummy: Create a dummy domain (not scheduled; not on domain list) */
-#define _DOMCRF_dummy 2
-#define DOMCRF_dummy (1U<<_DOMCRF_dummy)
+#define _DOMCRF_dummy 3
+#define DOMCRF_dummy (1U<<_DOMCRF_dummy)
/*
* rcu_lock_domain_by_id() is more efficient than get_domain_by_id().
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |