github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-10-31 01:09:28 +00:00
Code Issues Projects Releases Wiki Activity

trusty: initialize tsc_offset to zero

Browse Source 
Per trusty design, trusty requires a monotonic increasing
secure tick(TSC) at run time. This secure tick will used
to mitigate password/pin force attack, control key expiration,
etc.

Currently, the TSC_OFFSET is enabled. And guest will got
(host_tsc + tsc_offset) when execute rdtsc/rdtscp/rdmsr to
aquire tsc value. The host_tsc is always keeping increasing
during the runtime.

So initialize tsc_offset of trusty to 0 will ensure the
secure tick feature.

Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This commit is contained in:
Qi Yadong
2018-04-04 14:42:01 +08:00
committed by lijinxia
parent d937dd09df
commit 4c8c7cc8d1
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
arch/x86/trusty.c
View File

@@ -387,8 +387,12 @@ static bool init_secure_world_env(struct vcpu *vcpu,
vcpu->arch_vcpu.contexts[SECURE_WORLD].rip = entry_gpa; vcpu->arch_vcpu.contexts[SECURE_WORLD].rip = entry_gpa;
vcpu->arch_vcpu.contexts[SECURE_WORLD].rsp = vcpu->arch_vcpu.contexts[SECURE_WORLD].rsp =
TRUSTY_EPT_REBASE_GPA + size; TRUSTY_EPT_REBASE_GPA + size;
vcpu->arch_vcpu.contexts[SECURE_WORLD].tsc_offset = 0;
exec_vmwrite(VMX_GUEST_RSP, exec_vmwrite(VMX_GUEST_RSP,
TRUSTY_EPT_REBASE_GPA + size); TRUSTY_EPT_REBASE_GPA + size);
exec_vmwrite(VMX_TSC_OFFSET_FULL,
vcpu->arch_vcpu.contexts[SECURE_WORLD].tsc_offset);
return setup_trusty_info(vcpu, size, base_hpa); return setup_trusty_info(vcpu, size, base_hpa);
} }