head.S: make state on entry to the kernel similar to that used by TXT

[krystian-hebel]

Intel TXT provides physical address of kernel entry point in %ebx. This is due to the fact that %ss is undefined there, so the kernel can't use the call/pop pair to obtain its load address. Even though it is possible on AMD with this implementation of SKL, keep things consistent and move the entry point address to %ebx as well.

%ebp points to base of SLB, the kernel can use it to obtain offset to SLRT, and through it, bootloader context and payload argument saved within.

Note that this commit (temporarily) breaks booting to non-Linux payloads.

[SergiiDmytruk]

Note that this commit (temporarily) breaks booting to non-Linux payloads.

As well as Linux payloads :) sl_stub.S needs new code to find SLRT and extract boot params address out of it, which wasn't necessary before. Is making TXT and SKINIT environments more similar worth the trouble? Or the idea was that both paths in a payload will do the same? At present, Linux gets boot params from OS2MLE data heap in case of TXT.

[rossphilipson]

The plan is to move the boot params addr to the Intel SLRT table for v12. We were worried this would cause a bunch of changes to the asm code in sl_stub.S on the brink of getting things into the upstream kernel. It turns out this is a minor one liner in the asm code so it will almost certainly go in v12. I think the general consensus is that yes, it is worth it.

[krystian-hebel]

The plan is to move the boot params addr to the Intel SLRT table for v12.

I still think that some common place (dl_info?) would be better, as this will be used by all architectures and vendors. In addition, Intel entry is measured, putting an address there would make the measurements potentially not consistent between boots, if the memory layout changes e.g. because of new kernel/initramfs with different size.

[rossphilipson]

The entire SLRT is measured and there are already addresses in the dl_info structure. Also boot_params are an x86 legacy construct, e.g. Arm does not use them.

In addition, moving it the Intel information turns out to only introduce very minimal changes to the code and puts it in line with how it is passed for AMD. This is what the GRUB maintainers would like to see also.

[SergiiDmytruk]

The entire SLRT is measured

Only Intel-specific entry is measured:

	/*
	 * In revision one of the SLRT, the only table that needs to be
	 * measured is the Intel info table. Everything else is meta-data,
	 * addresses and sizes. Note the size of what to measure is not set.
	 * The flag SLR_POLICY_IMPLICIT_SIZE leaves it to the measuring code
	 * to sort out.
	 */