[6.6] HYGON:Support Trusted computing(TC) feature #366

hygon inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I9B9XS CVE: NA --------------------------- TDM（Trusted Dynamic Measurement) is a module designed and implemented by HYGON in its X86 CPU's embedded secure processor, providing dynamical measurement service to X86 side aiming at memory that needs to be protected, e.g. the memory area kernel code resides. With this new feature, the goal of protecting any specified memory dynamically in the runtime can be achieved. When the protected memory is modified illegally, TDM will detect the event immediately and give an alarm in the form of an exception, meantime, the abnormal information is recorded inside the TDM for subsequent audit or remote attestation. The TDM driver mainly implements the following functions: (1) Send the required memory block information and configuration information to TDM device for protection; (2) Manage the further distribution of exceptions when TDM detects illegal memory modification and an exception is triggered. (3) Record abnormal information for subsequent audit or attestation. Signed-off-by: chench <[email protected]>

hygon inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I9B9XS CVE: NA --------------------------- tdm_kernel_guard is an application that uses HYGON TDM technology to protect important data in the kernel. Through this application, the dynamic protection of SCT and IDT is completed in the system. In the future, more protection objects can be expanded based on this application Signed-off-by: chench <[email protected]>

hygon inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I9B9XS CVE: NA --------------------------- Hygon CPU implemented a firmware-based TPM2 device, which runs on its internal secure processor named PSP. The device is fully compatible with TCG TPM2.0 spec (part 1 ~ 4) in the commands level, but underlying uses an unique private interface in the form of some hardware mailbox between X86 cores and PSP, which is for sure different from the TIS or CRB interfaces defined in the PTP spec. As such, to support this device we need a specialized driver which handles the basic send and receive operations required by the kernel TPM core layer. ACPI device info passed from underlying BIOS indicates the device presence by setting the _HID field (see TCG ACPI Sepcification, Family 1.2 and 2.0, Chapter 8 "ACPI Device") to "HYGT0101", which distinguishes it from the rest of devices. If the BIOS does not support this setting, the driver will not be activated and thus has no impact to the system at all. Signed-off-by: chench <[email protected]>

hygon inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I9B9XS CVE: NA --------------------------- Hygon CPU implemented a firmware-based TCM2 device, which runs on its internal secure processor named PSP. The device underlying uses an unique private interface in the form of some hardware mailbox between X86 cores and PSP, which is for sure different from the TIS or CRB interfaces defined in the PTP spec. As such, to support this device we need a specialized driver which handles the basic send and receive operations required by the kernel TPM core layer. ACPI device info passed from underlying BIOS indicates the device presence by setting the _HID field to "HYGT0201", which distinguishes it from the rest of devices. If the BIOS does not support this setting, the driver will not be activated and thus has no impact to the system at all. Signed-off-by: chench <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[6.6] HYGON:Support Trusted computing(TC) feature #366

[6.6] HYGON:Support Trusted computing(TC) feature #366

Commits on Aug 15, 2024