From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from out01.mta.xmission.com (out01.mta.xmission.com [166.70.13.231]) by mx.groups.io with SMTP id smtpd.web10.355.1605159136138034606 for ; Wed, 11 Nov 2020 21:32:16 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@bsdio.com header.s=xmission header.b=BYuMddQA; spf=none, err=SPF record not found (domain: bsdio.com, ip: 166.70.13.231, mailfrom: rebecca@bsdio.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=simple/simple; d=bsdio.com; s=xmission; h=Subject:Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=s1lOdOSVggHuxmkJkNzJx124Lhvm4ma5IFBjmGH9V40=; b=BYuMddQApnOu8ri5eOkX8zZwJg CPi6mvRZprmvUJEIxrjMT0tZFTWctNmQF91FsFIccaENqV80Zm2MMFVvbjHJu4KsoUhpV1K2jVgUB zXRTIapInACJ5fZLPzrRbKZx5FCxvtuV2D3FTJ7m5wNEtdnXhWT2BxFx+VjgWjepvTXc=; Received: from in02.mta.xmission.com ([166.70.13.52]) by out01.mta.xmission.com with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from ) id 1kd5DT-005NVn-9r; Wed, 11 Nov 2020 22:32:15 -0700 Received: from mta5.zcs.xmission.com ([166.70.13.69]) by in02.mta.xmission.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from ) id 1kd5DR-00HAXK-6M; Wed, 11 Nov 2020 22:32:14 -0700 Received: from localhost (localhost [127.0.0.1]) by mta5.zcs.xmission.com (Postfix) with ESMTP id EADB21280B27; Wed, 11 Nov 2020 22:32:12 -0700 (MST) X-Amavis-Modified: Mail body modified (using disclaimer) - mta5.zcs.xmission.com Received: from mta5.zcs.xmission.com ([127.0.0.1]) by localhost (mta5.zcs.xmission.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id JT5tFyC3jYXb; Wed, 11 Nov 2020 22:32:12 -0700 (MST) Received: from photon.int.bluestop.org (c-174-52-16-57.hsd1.ut.comcast.net [174.52.16.57]) by mta5.zcs.xmission.com (Postfix) with ESMTPSA id A6A2A1280B66; Wed, 11 Nov 2020 22:32:12 -0700 (MST) From: "Rebecca Cran" To: devel@edk2.groups.io Cc: Rebecca Cran , Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Peter Grehan Date: Wed, 11 Nov 2020 22:31:52 -0700 Message-Id: <20201112053153.22038-2-rebecca@bsdio.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201112053153.22038-1-rebecca@bsdio.com> References: <20201112053153.22038-1-rebecca@bsdio.com> MIME-Version: 1.0 X-XM-SPF: eid=1kd5DR-00HAXK-6M;;;mid=<20201112053153.22038-2-rebecca@bsdio.com>;;;hst=in02.mta.xmission.com;;;ip=166.70.13.69;;;frm=rebecca@bsdio.com;;;spf=none X-SA-Exim-Connect-IP: 166.70.13.69 X-SA-Exim-Mail-From: rebecca@bsdio.com X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on sa01.xmission.com X-Spam-Level: ** X-Spam-Status: No, score=2.1 required=8.0 tests=ALL_TRUSTED,BAYES_50, DCC_CHECK_NEGATIVE,FVGT_m_MULTI_ODD,LotsOfNums_01,T_TooManySym_01, XMSubLong autolearn=disabled version=3.4.2 X-Spam-Virus: No X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5000] * 0.7 XMSubLong Long Subject * 1.2 LotsOfNums_01 BODY: Lots of long strings of numbers * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa01 1397; IP=ok Body=1 Fuz1=1] [Fuz2=1] * 0.0 T_TooManySym_01 4+ unique symbols in subject * 0.4 FVGT_m_MULTI_ODD Contains multiple odd letter combinations X-Spam-DCC: XMission; sa01 1397; IP=ok Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: **;devel@edk2.groups.io X-Spam-Relay-Country: X-Spam-Timing: total 1650 ms - load_scoreonly_sql: 0.04 (0.0%), signal_user_changed: 4.4 (0.3%), b_tie_ro: 3.0 (0.2%), parse: 1.75 (0.1%), extract_message_metadata: 13 (0.8%), get_uri_detail_list: 3.5 (0.2%), tests_pri_-1000: 10 (0.6%), tests_pri_-950: 0.98 (0.1%), tests_pri_-900: 0.78 (0.0%), tests_pri_-90: 98 (5.9%), check_bayes: 94 (5.7%), b_tokenize: 14 (0.8%), b_tok_get_all: 14 (0.9%), b_comp_prob: 3.3 (0.2%), b_tok_touch_all: 60 (3.6%), b_finish: 0.82 (0.0%), tests_pri_0: 1507 (91.3%), check_dkim_signature: 0.53 (0.0%), check_dkim_adsp: 3.0 (0.2%), poll_dns_idle: 1.34 (0.1%), tests_pri_10: 2.9 (0.2%), tests_pri_500: 8 (0.5%), rewrite_mail: 0.00 (0.0%) Subject: [PATCH v2 1/2] OvmfPkg/Bhyve: detach ResetVector from before the SEV-ES changes X-SA-Exim-Version: 4.2.1 (built Sat, 08 Feb 2020 21:53:50 +0000) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Content-Transfer-Encoding: 8bit Commits 6995a1b79bab, 8a2732186a53 and 30937f2f98c4 modified all four regular files under "OvmfPkg/ResetVector" with SEV-ES dependencies. These are not relevant for Bhyve. Detach the pre-SEV-ES version of ResetVector for Bhyve. Signed-off-by: Rebecca Cran --- OvmfPkg/Bhyve/ResetVector/ResetVector.inf | 38 +++++ .../Bhyve/ResetVector/Ia32/PageTables64.asm | 149 ++++++++++++++++++ OvmfPkg/Bhyve/ResetVector/ResetVector.nasmb | 68 ++++++++ 3 files changed, 255 insertions(+) create mode 100644 OvmfPkg/Bhyve/ResetVector/ResetVector.inf create mode 100644 OvmfPkg/Bhyve/ResetVector/Ia32/PageTables64.asm create mode 100644 OvmfPkg/Bhyve/ResetVector/ResetVector.nasmb diff --git a/OvmfPkg/Bhyve/ResetVector/ResetVector.inf b/OvmfPkg/Bhyve/ResetVector/ResetVector.inf new file mode 100644 index 000000000000..772dda540490 --- /dev/null +++ b/OvmfPkg/Bhyve/ResetVector/ResetVector.inf @@ -0,0 +1,38 @@ +## @file +# Reset Vector +# +# Copyright (c) 2020, Rebecca Cran +# Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 1.29 + BASE_NAME = ResetVector + FILE_GUID = 1BA0062E-C779-4582-8566-336AE8F78F09 + MODULE_TYPE = SEC + VERSION_STRING = 1.1 + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + ResetVector.nasmb + +[Packages] + OvmfPkg/OvmfPkg.dec + MdePkg/MdePkg.dec + UefiCpuPkg/UefiCpuPkg.dec + +[BuildOptions] + *_*_IA32_NASMB_FLAGS = -I$(WORKSPACE)/UefiCpuPkg/ResetVector/Vtf0/ + *_*_X64_NASMB_FLAGS = -I$(WORKSPACE)/UefiCpuPkg/ResetVector/Vtf0/ + +[Pcd] + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize diff --git a/OvmfPkg/Bhyve/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/Bhyve/ResetVector/Ia32/PageTables64.asm new file mode 100644 index 000000000000..d60cbfd8a30c --- /dev/null +++ b/OvmfPkg/Bhyve/ResetVector/Ia32/PageTables64.asm @@ -0,0 +1,149 @@ +;------------------------------------------------------------------------------ +; @file +; Sets the CR3 register for 64-bit paging +; +; Copyright (c) 2020, Rebecca Cran +; Copyright (c) 2008 - 2013, Intel Corporation. All rights reserved.
+; SPDX-License-Identifier: BSD-2-Clause-Patent +; +;------------------------------------------------------------------------------ + +BITS 32 + +%define PAGE_PRESENT 0x01 +%define PAGE_READ_WRITE 0x02 +%define PAGE_USER_SUPERVISOR 0x04 +%define PAGE_WRITE_THROUGH 0x08 +%define PAGE_CACHE_DISABLE 0x010 +%define PAGE_ACCESSED 0x020 +%define PAGE_DIRTY 0x040 +%define PAGE_PAT 0x080 +%define PAGE_GLOBAL 0x0100 +%define PAGE_2M_MBO 0x080 +%define PAGE_2M_PAT 0x01000 + +%define PAGE_2M_PDE_ATTR (PAGE_2M_MBO + \ + PAGE_ACCESSED + \ + PAGE_DIRTY + \ + PAGE_READ_WRITE + \ + PAGE_PRESENT) + +%define PAGE_PDP_ATTR (PAGE_ACCESSED + \ + PAGE_READ_WRITE + \ + PAGE_PRESENT) + +; Check if Secure Encrypted Virtualization (SEV) feature is enabled +; +; If SEV is enabled then EAX will be at least 32 +; If SEV is disabled then EAX will be zero. +; +CheckSevFeature: + ; Check if we have a valid (0x8000_001F) CPUID leaf + mov eax, 0x80000000 + cpuid + + ; This check should fail on Intel or Non SEV AMD CPUs. In future if + ; Intel CPUs supports this CPUID leaf then we are guranteed to have exact + ; same bit definition. + cmp eax, 0x8000001f + jl NoSev + + ; Check for memory encryption feature: + ; CPUID Fn8000_001F[EAX] - Bit 1 + ; + mov eax, 0x8000001f + cpuid + bt eax, 1 + jnc NoSev + + ; Check if memory encryption is enabled + ; MSR_0xC0010131 - Bit 0 (SEV enabled) + mov ecx, 0xc0010131 + rdmsr + bt eax, 0 + jnc NoSev + + ; Get pte bit position to enable memory encryption + ; CPUID Fn8000_001F[EBX] - Bits 5:0 + ; + mov eax, ebx + and eax, 0x3f + jmp SevExit + +NoSev: + xor eax, eax + +SevExit: + OneTimeCallRet CheckSevFeature + +; +; Modified: EAX, EBX, ECX, EDX +; +SetCr3ForPageTables64: + + OneTimeCall CheckSevFeature + xor edx, edx + test eax, eax + jz SevNotActive + + ; If SEV is enabled, C-bit is always above 31 + sub eax, 32 + bts edx, eax + +SevNotActive: + + ; + ; For OVMF, build some initial page tables at + ; PcdOvmfSecPageTablesBase - (PcdOvmfSecPageTablesBase + 0x6000). + ; + ; This range should match with PcdOvmfSecPageTablesSize which is + ; declared in the FDF files. + ; + ; At the end of PEI, the pages tables will be rebuilt into a + ; more permanent location by DxeIpl. + ; + + mov ecx, 6 * 0x1000 / 4 + xor eax, eax +clearPageTablesMemoryLoop: + mov dword[ecx * 4 + PT_ADDR (0) - 4], eax + loop clearPageTablesMemoryLoop + + ; + ; Top level Page Directory Pointers (1 * 512GB entry) + ; + mov dword[PT_ADDR (0)], PT_ADDR (0x1000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (4)], edx + + ; + ; Next level Page Directory Pointers (4 * 1GB entries => 4GB) + ; + mov dword[PT_ADDR (0x1000)], PT_ADDR (0x2000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (0x1004)], edx + mov dword[PT_ADDR (0x1008)], PT_ADDR (0x3000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (0x100C)], edx + mov dword[PT_ADDR (0x1010)], PT_ADDR (0x4000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (0x1014)], edx + mov dword[PT_ADDR (0x1018)], PT_ADDR (0x5000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (0x101C)], edx + + ; + ; Page Table Entries (2048 * 2MB entries => 4GB) + ; + mov ecx, 0x800 +pageTableEntriesLoop: + mov eax, ecx + dec eax + shl eax, 21 + add eax, PAGE_2M_PDE_ATTR + mov [ecx * 8 + PT_ADDR (0x2000 - 8)], eax + mov [(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], edx + loop pageTableEntriesLoop + + ; + ; Set CR3 now that the paging structures are available + ; + mov eax, PT_ADDR (0) + mov cr3, eax + + OneTimeCallRet SetCr3ForPageTables64 diff --git a/OvmfPkg/Bhyve/ResetVector/ResetVector.nasmb b/OvmfPkg/Bhyve/ResetVector/ResetVector.nasmb new file mode 100644 index 000000000000..ec869e84099b --- /dev/null +++ b/OvmfPkg/Bhyve/ResetVector/ResetVector.nasmb @@ -0,0 +1,68 @@ +;------------------------------------------------------------------------------ +; @file +; This file includes all other code files to assemble the reset vector code +; +; Copyright (c) 2020, Rebecca Cran . +; Copyright (c) 2008 - 2013, Intel Corporation. All rights reserved.
+; SPDX-License-Identifier: BSD-2-Clause-Patent +; +;------------------------------------------------------------------------------ + +; +; If neither ARCH_IA32 nor ARCH_X64 are defined, then try to include +; Base.h to use the C pre-processor to determine the architecture. +; +%ifndef ARCH_IA32 + %ifndef ARCH_X64 + #include + #if defined (MDE_CPU_IA32) + %define ARCH_IA32 + #elif defined (MDE_CPU_X64) + %define ARCH_X64 + #endif + %endif +%endif + +%ifdef ARCH_IA32 + %ifdef ARCH_X64 + %error "Only one of ARCH_IA32 or ARCH_X64 can be defined." + %endif +%elifdef ARCH_X64 +%else + %error "Either ARCH_IA32 or ARCH_X64 must be defined." +%endif + +%include "CommonMacros.inc" + +%include "PostCodes.inc" + +%ifdef DEBUG_PORT80 + %include "Port80Debug.asm" +%elifdef DEBUG_SERIAL + %include "SerialDebug.asm" +%else + %include "DebugDisabled.asm" +%endif + +%include "Ia32/SearchForBfvBase.asm" +%include "Ia32/SearchForSecEntry.asm" + +%ifdef ARCH_X64 + #include + + %if (FixedPcdGet32 (PcdOvmfSecPageTablesSize) != 0x6000) + %error "This implementation inherently depends on PcdOvmfSecPageTablesSize" + %endif + + %define PT_ADDR(Offset) (FixedPcdGet32 (PcdOvmfSecPageTablesBase) + (Offset)) +%include "Ia32/Flat32ToFlat64.asm" +%include "Ia32/PageTables64.asm" +%endif + +%include "Ia16/Real16ToFlat32.asm" +%include "Ia16/Init16.asm" + +%include "Main.asm" + +%include "Ia16/ResetVectorVtf0.asm" + -- 2.29.2