From 81f61bb1be97b53886a6298b8143e9c8542b07da Mon Sep 17 00:00:00 2001 From: Andrew Boie Date: Mon, 18 Apr 2016 09:39:22 -0700 Subject: [PATCH] x86: make GDT setup optional For some security scenarios the GDT may already be setup and locked, in which case the kernel trying to set it again could lead to problems. Change-Id: I727c1d213479f46a4bb6f0c04a9096131e10b3e7 Signed-off-by: Andrew Boie --- arch/x86/core/Kconfig | 12 ++++++++++++ arch/x86/core/crt0.S | 6 ++++-- arch/x86/include/gdt.h | 2 ++ 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/arch/x86/core/Kconfig b/arch/x86/core/Kconfig index 43eff44eef1..e059d4a6e28 100644 --- a/arch/x86/core/Kconfig +++ b/arch/x86/core/Kconfig @@ -92,9 +92,21 @@ config ROM_SIZE The default value is specified by the platform. +config SET_GDT + bool + prompt "Setup GDT as part of boot process" + default y + help + This option sets up the GDT as part of the boot process. However, + this may conflict with some security scenarios where the GDT is + already appropriately set by an earlier bootloader stage, in which + case this should be disabled. If disabled, the global _gdt pointer + will not be available. + config GDT_DYNAMIC bool prompt "Store GDT in RAM so that it can be modified" + depends on SET_GDT default n help This option stores the GDT in RAM instead of ROM, so that it may diff --git a/arch/x86/core/crt0.S b/arch/x86/core/crt0.S index 8fb6f17c876..ca2f19b4e25 100644 --- a/arch/x86/core/crt0.S +++ b/arch/x86/core/crt0.S @@ -89,8 +89,9 @@ SECTION_FUNC(TEXT_START, __start) * and a Global Descriptor Table (GDT), the specification encourages * booted operating systems to setup their own IDT and GDT. */ - +#if CONFIG_SET_GDT lgdt _gdt_rom /* load 32-bit operand size GDT */ +#endif lidt _Idt /* load 32-bit operand size IDT */ @@ -358,7 +359,7 @@ _Idt: .long -(0x1BADB002 + 0) #endif /* CONFIG_BOOTLOADER_UNKNOWN */ - +#ifdef CONFIG_SET_GDT #ifndef CONFIG_GDT_DYNAMIC _gdt: #endif @@ -414,3 +415,4 @@ _gdt_rom_entries: .byte 0x00 /* base : 00xxxxxx */ _gdt_rom_end: +#endif diff --git a/arch/x86/include/gdt.h b/arch/x86/include/gdt.h index c0bc27b8518..3ebf9b24485 100644 --- a/arch/x86/include/gdt.h +++ b/arch/x86/include/gdt.h @@ -63,10 +63,12 @@ typedef struct __packed s_gdtHeader /* externs */ +#ifdef CONFIG_SET_GDT /* This is either the ROM-based GDT in crt0.S or RAM-based in gdt.c, * depending on CONFIG_GDT_DYNAMIC */ extern tGdtHeader _gdt; +#endif #endif /* _ASMLANGUAGE */