sl_header: limit amount of measured data

With reordered sections and most of the data structures built at runtime, size of actual code that has to be measured by TPM can be reduced. As that size field used to specify offset to bootloader data, a new field was added to the header for that purpose. Signed-off-by: Krystian Hebel <[email protected]>
TrenchBoot · Feb 22, 2024 · 4a43680 · 4a43680
1 parent e623ad8
commit 4a43680
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 9 deletions.
diff --git a/head.S b/head.S
@@ -33,8 +33,9 @@
 
 GLOBAL(sl_header)
 	.word	_entry           /* SL header SKL offset to code start */
-	.word	bootloader_data  /* SL header SKL measured length */
-	.word	skl_info
+	.word	_end_of_measured /* SL header SKL measured length */
+	.word	skl_info         /* Offset to SKL info with UUID and version */
+	.word	bootloader_data  /* Offset to SLRT filled by the bootloader */
 ENDDATA(sl_header)
 
 	.text

diff --git a/include/boot.h b/include/boot.h
@@ -43,8 +43,9 @@ extern const char _start[];
 
 typedef struct __packed sl_header {
     u16 skl_entry_point;
-    u16 bootloader_data_offset;
+    u16 skl_measured_size;
     u16 skl_info_offset;
+    u16 bootloader_data_offset;
 } sl_header_t;
 extern sl_header_t sl_header;
 

diff --git a/link.lds b/link.lds
@@ -35,6 +35,13 @@ SECTIONS
 	.data : {
 		*(SORT_BY_ALIGNMENT(.data*))
 	}
+
+	.skl_info : {
+		*(.skl_info)
+	}
+
+	_end_of_measured = .;
+
 	.bss : {
 		. = ALIGN(4096);
 		_bss = .;
@@ -49,18 +56,13 @@ SECTIONS
 		_ebss = .;
 	}
 
-	.skl_info : {
-		*(.skl_info)
-	}
-
-	. = ALIGN(8);
-
 	/*
 	 * Bootloader must pass non-constant data (e.g. address of zeropage). Keep
 	 * it in separate section, outside of measured part of SL. This must be
 	 * done in order to keep hashes constant, it also allows us to measure SL
 	 * offline.
 	 */
+	. = ALIGN(4);
 	.bootloader_data : {
 		*(.bootloader_data)
 	}