[Skiboot] [RFC PATCH 0/8] PEF support in Skiboot

Ryan Grimm grimm at linux.ibm.com
Thu Sep 5 23:29:11 AEST 2019 

Hi,

These are RFC patches for Protected Execution Facility (PEF) support in
Skiboot.  They are based off of Skiboot v6.4.

Some documentation for PEF has been posted here:
https://lists.ozlabs.org/pipermail/linuxppc-dev/2019-August/195606.html

Maddy and Santosh wrote the initial code at the end of last year through the
beginning of this year.  All the following fixes, comments, and enhancements by
other authors were squashed into the appropriate commit.  I was careful to put
notes on who did what in the commit log and each contributor has a
Signed-off-by.

With these patches, Skiboot comes up in secure mode, loads and initializes the
Ultravisor (UV) in secure memory, and then performs ultracalls for XSCOMs.

They have been tested in Mambo, BML, and Hostboot.  In their current state they
boot in Mambo and BML but require some hacks for Hostboot because Skiboot tries
to probe OCC areas which are in secure memory.

Some TODOs:

-documentation, how about we put something in doc/ultravisor.rst?

-clean up device tree names.  Claudio got some feedback from Michael about
removing ibm,uv from the child nodes of ibm,ultravisor and we plan on doing it.

-OCC patches, currently in development

-security and integrity checks on the UV image

Thanks,
Ryan

Madhavan Srinivasan (6):
  Add ultravisor support in OPAL
  pef: Ultravisor initialisation
  pef: Add memcons support for ultravisor
  pef: ultra-call support for skiboot
  xscoms: read/write xscoms using ucall
  skiboot/imc: Disable IMC node when UV enabled

Santosh Sivaraj (2):
  Add pef memory ranges to device tree
  pef: Load ultravisor from pnor/flash

 asm/head.S                 |  54 ++++
 core/flash.c               |   1 +
 core/init.c                |  13 +
 hdata/memory.c             |  17 +-
 hw/Makefile.inc            |   1 +
 hw/fsp/fsp.c               |   2 +
 hw/imc.c                   |  11 +
 hw/ultravisor.c            | 521 +++++++++++++++++++++++++++++++++++++
 include/console.h          |   3 +
 include/debug_descriptor.h |   1 +
 include/mem-map.h          |  16 +-
 include/platform.h         |   1 +
 include/processor.h        |  12 +
 include/ultravisor-api.h   |  31 +++
 include/ultravisor.h       |  69 +++++
 include/xscom.h            |  11 +-
 16 files changed, 754 insertions(+), 10 deletions(-)
 create mode 100644 hw/ultravisor.c
 create mode 100644 include/ultravisor-api.h
 create mode 100644 include/ultravisor.h

-- 
2.21.0

More information about the Skiboot mailing list