acpi: add ACPI memory clear interface

qemu with hax to log dma reads & writes jcs.org/2018/11/12/vfio

The interface is described in the "TCG Platform Reset Attack
Mitigation Specification", chapter 6 "ACPI _DSM Function". According
to Laszlo, it's not so easy to implement in OVMF, he suggested to do
it in qemu instead.

See specification documentation for more details, and next commit for
memory clear on reset handling.

The underlying TCG specification is accessible from the following
page.

https://trustedcomputinggroup.org/resource/pc-client-work-group-platform-reset-attack-mitigation-specification-version-1-0/

This patch implements version 1.0.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

authored by

Marc-André Lureau and committed by

Michael S. Tsirkin 7 years ago ec86c0f6 ac6dd31e

+57

2 changed files

expand all

docs

specs

tpm.txt

acpi

tpm.c

docs/specs/tpm.txt

··· 136 136 | next_step| 0x1 | 0x159 | Operation to execute after reboot by | 137 137 | | | | firmware. Used by firmware. | 138 138 +----------+--------+--------+-------------------------------------------+ 139 + | movv | 0x1 | 0x15a | Memory overwrite variable | 140 + +----------+--------+--------+-------------------------------------------+ 139 141 140 142 The following values are supported for the 'func' field. They correspond 141 143 to the values used by ACPI function index 8.

+55

hw/acpi/tpm.c

··· 53 53 pprq = aml_name("PPRQ"); 54 54 pprm = aml_name("PPRM"); 55 55 56 + aml_append(dev, 57 + aml_operation_region( 58 + "TPP3", AML_SYSTEM_MEMORY, 59 + aml_int(TPM_PPI_ADDR_BASE + 60 + 0x15a /* movv, docs/specs/tpm.txt */), 61 + 0x1)); 62 + field = aml_field("TPP3", AML_BYTE_ACC, AML_NOLOCK, AML_PRESERVE); 63 + aml_append(field, aml_named_field("MOVV", 8)); 64 + aml_append(dev, field); 65 + 56 66 /* 57 67 * DerefOf in Windows is broken with SYSTEM_MEMORY. Use a dynamic 58 68 * operation region inside of a method for getting FUNC[op]. ··· 397 407 aml_append(ifctx, ifctx2); 398 408 399 409 aml_append(ifctx, aml_return(aml_buffer(1, zerobyte))); 410 + } 411 + aml_append(method, ifctx); 412 + 413 + /* 414 + * "TCG Platform Reset Attack Mitigation Specification 1.00", 415 + * Chapter 6 "ACPI _DSM Function" 416 + */ 417 + ifctx = aml_if( 418 + aml_equal(uuid, 419 + aml_touuid("376054ED-CC13-4675-901C-4756D7F2D45D"))); 420 + { 421 + /* standard DSM query function */ 422 + ifctx2 = aml_if(aml_equal(function, zero)); 423 + { 424 + uint8_t byte_list[1] = { 0x03 }; /* functions 1-2 supported */ 425 + 426 + aml_append(ifctx2, 427 + aml_return(aml_buffer(sizeof(byte_list), 428 + byte_list))); 429 + } 430 + aml_append(ifctx, ifctx2); 431 + 432 + /* 433 + * TCG Platform Reset Attack Mitigation Specification 1.0 Ch.6 434 + * 435 + * Arg 2 (Integer): Function Index = 1 436 + * Arg 3 (Package): Arguments = Package: Type: Integer 437 + * Operation Value of the Request 438 + * Returns: Type: Integer 439 + * 0: Success 440 + * 1: General Failure 441 + */ 442 + ifctx2 = aml_if(aml_equal(function, one)); 443 + { 444 + aml_append(ifctx2, 445 + aml_store(aml_derefof(aml_index(arguments, zero)), 446 + op)); 447 + { 448 + aml_append(ifctx2, aml_store(op, aml_name("MOVV"))); 449 + 450 + /* 0: success */ 451 + aml_append(ifctx2, aml_return(zero)); 452 + } 453 + } 454 + aml_append(ifctx, ifctx2); 400 455 } 401 456 aml_append(method, ifctx); 402 457 }