Open
Description
Affected component(s) or functionality
Working properly TrenchBoot D-RTM configuration: kernel + GRUB + Secure Kernel Loader
Brief summary
We tried to run D-RTM on PC Engines apu2 using latest versions from TrenchBoot repositories: SKL from master, GRUB from trenchboot_support_2.04, and kernel from linux-sl-5.13-amd branch.
Version
Firmware:
- coreboot build 20212712
- BIOS version v4.15.0.2
- SeaBIOS (version rel-1.14.0.1-0-g8610266a)
1st scenario: TrenchBoot latest version (from here):
- GRUB trenchboot_support_2.04
- kernel linux-sl-5.13-amd
- Secure Kernel Loader master, last commit at this day
3432f4398652727f402b710c2fea4e3f1efecce6
2nd scenario: previous scenario with:
- GRUB 3mdeb fork from here
3rd scenario: previous scenario with:
- Patch for secure-kernel-loader with IOMMU workaround - link
To Reproduce
- Build TrenchBoot using defconfigs from following versions, or use our branches
to build image with bitbake: meta-fobnail
(Pull requests with[NOT FOR MERGE]prefix) - Boot prepared system
Expected behavior
Booting from GRUB and SKL to Linux shell properly, without kernel panic on first
scenario
Actual behavior
In the 1st scenario: secure-kernel-loader is unable to run kernel because of
bad bootloader data format:
grub_cmd_slaunch:122: check for manufacturer
grub_cmd_slaunch:126: check for cpuid
grub_cmd_slaunch:136: set slaunch
grub_cmd_slaunch_module:156: check argc
grub_cmd_slaunch_module:161: check relocator
grub_cmd_slaunch_module:170: open file
grub_cmd_slaunch_module:175: get size
grub_cmd_slaunch_module:180: allocate memory
grub_cmd_slaunch_module:192: addr: 0x100000
grub_cmd_slaunch_module:194: target: 0x100000
grub_cmd_slaunch_module:196: add module
grub_cmd_slaunch_module:205: read file
grub_cmd_slaunch_module:215: close file
grub_slaunch_boot_skinit:41: real_mode_target: 0x8b000
grub_slaunch_boot_skinit:42: prot_mode_target: 0x1000000
grub_slaunch_boot_skinit:43: params: 0xcfdfb7c
Bad bootloader data format
Rebooting now..
In the 2nd scenario: secure-kernel-loader entry into an infinite loop during
flushing IOMMU cache and print dots endlessly:
shasum calculated:
0x001001dc: ff dc d4 84 73 07 f0 06 8a f3 eb 47 b5 ed 7e 09 ....s......G..~.
0x001001ec: 78 f5 a4 24 cc cc cc cc cc cc cc cc cc cc cc cc x..$............
shasum calculated:
0x001001f0: 03 94 76 22 df 42 8c 3b ac f5 cc e5 ea 60 c6 ef ..v".B.;.....`..
0x00100200: 50 52 55 ac 86 79 e3 5c 52 d5 84 8c 2d db 9c f0 PRU..y.\R...-...
PCR extended
IOMMU MMIO Base Address = 0xd0500000:
0x00000000: IOMMU_MMIO_STATUS_REGISTER
0x00106001: IOMMU_MMIO_DEVICE_TABLE_BA
0x00103000: IOMMU_MMIO_COMMAND_BUF_BA
0x00105000: IOMMU_MMIO_EVENT_LOG_BA
0x00000018: IOMMU_MMIO_STATUS_REGISTER
INVALIDATE_IOMMU_ALL
0x00290ad2: IOMMU_MMIO_EXTENDED_FEATURE
0x0000000a: IOMMU_MMIO_STATUS_REGISTER
0x0000000a: IOMMU_MMIO_STATUS_REGISTER
Disabling SLB protection
IOMMU MMIO Base Address = 0xd0500000:
0x0000000a: IOMMU_MMIO_STATUS_REGISTER
0x00106001: IOMMU_MMIO_DEVICE_TABLE_BA
0x00103000: IOMMU_MMIO_COMMAND_BUF_BA
0x00105000: IOMMU_MMIO_EVENT_LOG_BA
0x0000001a: IOMMU_MMIO_STATUS_REGISTER
INVALIDATE_IOMMU_ALL
0x00290ad2: IOMMU_MMIO_EXTENDED_FEATURE
0x0000000a: IOMMU_MMIO_STATUS_REGISTER
0x0000000a: IOMMU_MMIO_STATUS_REGISTER
Flushing IOMMU cache.....
In the 3rd scenario: kernel booting stops by TPM event log panic:
[ 0.000000] BIOS-provided physical RAM map:
[ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable
[ 0.000000] BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved
[ 0.000000] BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved
[ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x00000000cfe81fff] usable
[ 0.000000] BIOS-e820: [mem 0x00000000cfe82000-0x00000000cfffffff] reserved
[ 0.000000] BIOS-e820: [mem 0x00000000f8000000-0x00000000fbffffff] reserved
[ 0.000000] BIOS-e820: [mem 0x00000000fed40000-0x00000000fed44fff] reserved
[ 0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000012effffff] usable
[ 0.000000] BIOS-e820: [mem 0x000000012f000000-0x000000012fffffff] reserved
[...]
[ 3.120808] slaunch: Error failed to find TPM event log
[ 3.120808] - error: 0xc0008022
[ 3.120910] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
[ 3.121624] CPU: 3 PID: 1 Comm: swapper/0 Not tainted 5.13.0-yocto-standard #1
[ 3.121624] Hardware name: PC Engines apu2/apu2, BIOS v4.15.0.2 12/27/2021
[ 3.121624] RIP: 0010:slaunch_skinit_reset+0x1b/0x1d
[ 3.121624] Code: c7 c8 f6 bf ba e8 10 74 00 00 e9 89 14 4e ff 0f 1f 44 00 00 55 48 89 f2 48 89 fe 48 c7 c7 74 f8 bf ba 48 89 e5 e8 f0 73 00 00 <0f> 0b 83 c8 03 48 c7 c7 e0 f7 bf ba 89 05 e9 de c9 00 e8 d9 73 00
[ 3.121624] RSP: 0018:ffffa46800023e50 EFLAGS: 00010246
[ 3.121624] RAX: 0000000000000040 RBX: 0000000000000000 RCX: 0000000000000000
[ 3.121624] RDX: 0000000000000000 RSI: 00000000ffffffea RDI: 00000000ffffffff
[ 3.121624] RBP: ffffa46800023e50 R08: ffffffffbaec17e8 R09: 0000000000000003
[ 3.121624] R10: ffffffffbae51800 R11: ffffffffbae51800 R12: ffffffffbb070f67
[ 3.121624] R13: ffff8f4400160b40 R14: ffffffffbb1b1384 R15: 0000000000000000
[ 3.121624] FS: 0000000000000000(0000) GS:ffff8f442ad80000(0000) knlGS:0000000000000000
[ 3.121624] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3.226956] CR2: 0000000000000000 CR3: 000000001020a000 CR4: 00000000000406e0
[ 3.226956] Call Trace:
[ 3.226956] slaunch_module_init+0x40d/0x501
[ 3.226956] ? slaunch_setup_txt+0x4f4/0x4f4
[ 3.226956] do_one_initcall+0x51/0x220
[ 3.226956] kernel_init_freeable+0x1f2/0x241
[ 3.226956] ? rest_init+0xc3/0xc3
[ 3.226956] kernel_init+0xe/0x10d
[ 3.226956] ret_from_fork+0x22/0x30
[ 3.226956] Modules linked in:
[ 3.267166] ---[ end trace 4937f4e6d9634fb5 ]---
[ 3.271875] RIP: 0010:slaunch_skinit_reset+0x1b/0x1d
[ 3.276895] Code: c7 c8 f6 bf ba e8 10 74 00 00 e9 89 14 4e ff 0f 1f 44 00 00 55 48 89 f2 48 89 fe 48 c7 c7 74 f8 bf ba 48 89 e5 e8 f0 73 00 00 <0f> 0b 83 c8 03 48 c7 c7 e0 f7 bf ba 89 05 e9 de c9 00 e8 d9 73 00
[ 3.295697] RSP: 0018:ffffa46800023e50 EFLAGS: 00010246
[ 3.300999] RAX: 0000000000000040 RBX: 0000000000000000 RCX: 0000000000000000
[ 3.308180] RDX: 0000000000000000 RSI: 00000000ffffffea RDI: 00000000ffffffff
[ 3.315481] RBP: ffffa46800023e50 R08: ffffffffbaec17e8 R09: 0000000000000003
[ 3.322738] R10: ffffffffbae51800 R11: ffffffffbae51800 R12: ffffffffbb070f67
[ 3.329899] R13: ffff8f4400160b40 R14: ffffffffbb1b1384 R15: 0000000000000000
[ 3.337146] FS: 0000000000000000(0000) GS:ffff8f442ac80000(0000) knlGS:0000000000000000
[ 3.337203] hub 1-1:1.0: USB hub found
[ 3.345275] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3.349839] hub 1-1:1.0: 4 ports detected
[ 3.354806] CR2: 0000000000000000 CR3: 000000001020a000 CR4: 00000000000406e0
[ 3.366011] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
[ 3.366983] Kernel Offset: 0x38a00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 3.366983] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]---
Screenshots
Full bootlogs:
Scenario 1
Scenario 2
Scenario 3
Additional context
N/A
Solutions you've tried
All of the described scenarios
Relevant documentation you've consulted
N/A
Related, non-duplicate issues
N/A