x86: Secure Launch kernel early boot stub

The Secure Launch (SL) stub provides the entry point for Intel TXT to
jump to during the dynamic launch. The symbol sl_stub_entry is that entry
point and its offset into the kernel is conveyed to the launching code using
the Measured Launch Environment (MLE) header in the structure named mle_header.
The offset of the MLE header is set in the kernel_info.

The startup SL routines (in sl_stub.S) contain the very early dynamic launch setup
code responsible for setting up the basic operating environment to allow the normal
kernel startup_32 code to proceed. It is also responsible for properly waking
and handling the APs on Intel platforms.

The routine sl_main() runs after entering 64b mode in the setup kernel. It
is responsible for measuring configuration and module information before
it is used. An example of entities measured on Intel x86 are the boot params,
the kernel command line, the TXT heap, any external initramfs, etc. In addition
this routine does some early setup and validation of the environment like
locating the TPM event log and validating the location of various buffers to
ensure they are protected and not overlapping.

Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
Signed-off-by: Ross Philipson <ross.philipson@oracle.com>

Author: rossphilipson

Documentation/arch/x86/boot.rst

@@ -482,6 +482,14 @@ Protocol:	2.00+
 	    - If 1, KASLR enabled.
 	    - If 0, KASLR disabled.
 
+  Bit 2 (kernel internal): SLAUNCH_FLAG
+
+	- Used internally by the setup kernel to communicate
+	  Secure Launch status to the kernel proper.
+
+	    - If 1, Secure Launch enabled.
+	    - If 0, Secure Launch disabled.
+
   Bit 5 (write): QUIET_FLAG
 
 	- If 0, print early messages.
@@ -1037,6 +1045,19 @@ Offset/size:	0x000c/4
 
   This field contains maximal allowed type for setup_data and setup_indirect structs.
 
+============	=================
+Field name:	mle_header_offset
+Offset/size:	0x0010/4
+============	=================
+
+  This field contains the offset to the Secure Launch Measured Launch Environment
+  (MLE) header. This offset is used to locate information needed during a secure
+  late launch using Intel TXT. If the offset is zero, the kernel does not have
+  Secure Launch capabilities. The MLE entry point is called from TXT on the BSP
+  following a successful measured launch. The specific state of the processors is
+  outlined in the TXT Software Development Guide, the latest can be found here:
+  https://www.intel.com/content/dam/www/public/us/en/documents/guides/intel-txt-software-development-guide.pdf
+
 
 The Kernel Command Line
 =======================

arch/x86/boot/compressed/Makefile

@@ -115,6 +115,8 @@ endif
 slaunch-objs += $(obj)/sha1.o
 slaunch-objs += $(obj)/sha256.o
 slaunch-objs += $(obj)/early_tpm_extend.o
+slaunch-objs += $(obj)/sl_main.o
+slaunch-objs += $(obj)/sl_stub.o
 
 vmlinux-objs-$(CONFIG_SECURE_LAUNCH) += $(slaunch-objs)
 

arch/x86/boot/compressed/head_64.S

@@ -412,6 +412,13 @@ SYM_CODE_START(startup_64)
 	pushq	$0
 	popfq
 
+#ifdef CONFIG_SECURE_LAUNCH
+	/* Ensure the relocation region is covered by a PMR */
+	movq	%rbx, %rdi
+	movl	$(_bss - startup_32), %esi
+	callq	sl_check_region
+#endif
+
 /*
  * Copy the compressed kernel to the end of our buffer
  * where decompression in place becomes safe.
@@ -454,6 +461,28 @@ SYM_FUNC_START_LOCAL_NOALIGN(.Lrelocated)
 	shrq	$3, %rcx
 	rep	stosq
 
+#ifdef CONFIG_SECURE_LAUNCH
+	/*
+	 * Have to do the final early sl stub work in 64b area.
+	 *
+	 * *********** NOTE ***********
+	 *
+	 * Several boot params get used before we get a chance to measure
+	 * them in this call. This is a known issue and we currently don't
+	 * have a solution. The scratch field doesn't matter. There is no
+	 * obvious way to do anything about the use of kernel_alignment or
+	 * init_size though these seem low risk with all the PMR and overlap
+	 * checks in place.
+	 */
+	movq	%r15, %rdi
+	callq	sl_main
+
+	/* Ensure the decompression location is covered by a PMR */
+	movq	%rbp, %rdi
+	movq	output_len(%rip), %rsi
+	callq	sl_check_region
+#endif
+
 	call	load_stage2_idt
 
 	/* Pass boot_params to initialize_identity_maps() */