* [PATCH 0/6] Substract TME-MK KEY_ID_BITS from CPU max PA
@ 2023-03-21 23:56 Ni, Ray
2023-03-21 23:56 ` [PATCH 1/6] MdePkg: Add TME-MK related CPUID and MSR definitions Ni, Ray
` (5 more replies)
0 siblings, 6 replies; 14+ messages in thread
From: Ni, Ray @ 2023-03-21 23:56 UTC (permalink / raw)
To: devel
Ray Ni (6):
MdePkg: Add TME-MK related CPUID and MSR definitions
UefiCpuPkg/MtrrTest: Only claim CPUID max leaf as 1
UefiCpuPkg/MtrrLib: Substract TME-MK KEY_ID_BITS from CPU max PA
UefiCpuPkg/CpuDxe: Refactor to use CPUID definitions
UefiCpuPkg/CpuDxe: Substract TME-MK KEY_ID_BITS from CPU max PA
UefiCpuPkg/MtrrTest: Add test cases for TME-MK enable case
.../Include/Register/Intel/ArchitecturalMsr.h | 106 ++++++++++++++-
MdePkg/Include/Register/Intel/Cpuid.h | 9 +-
UefiCpuPkg/CpuDxe/CpuDxe.c | 38 ++++--
UefiCpuPkg/CpuDxe/CpuDxe.h | 3 +-
UefiCpuPkg/Library/MtrrLib/MtrrLib.c | 24 +++-
.../MtrrLib/UnitTest/MtrrLibUnitTest.c | 18 +--
.../MtrrLib/UnitTest/MtrrLibUnitTest.h | 3 +-
UefiCpuPkg/Library/MtrrLib/UnitTest/Support.c | 126 ++++++++++++++----
8 files changed, 278 insertions(+), 49 deletions(-)
--
2.39.1.windows.1
^ permalink raw reply [flat|nested] 14+ messages in thread
* [PATCH 1/6] MdePkg: Add TME-MK related CPUID and MSR definitions
2023-03-21 23:56 [PATCH 0/6] Substract TME-MK KEY_ID_BITS from CPU max PA Ni, Ray
@ 2023-03-21 23:56 ` Ni, Ray
2023-03-29 22:14 ` Michael D Kinney
2023-03-21 23:56 ` [PATCH 2/6] UefiCpuPkg/MtrrTest: Only claim CPUID max leaf as 1 Ni, Ray
` (4 subsequent siblings)
5 siblings, 1 reply; 14+ messages in thread
From: Ni, Ray @ 2023-03-21 23:56 UTC (permalink / raw)
To: devel; +Cc: Michael D Kinney, Liming Gao, Zhiguang Liu
TME (Total Memory Encryption) is the capability to encrypt
the entirety of physical memory of a system.
TME-MK (Total Memory Encryption-Multi-Key) builds on TME and adds
support for multiple encryption keys.
The patch adds some necessary CPUID/MSR definitions for TME-MK.
Signed-off-by: Ray Ni <ray.ni@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
---
.../Include/Register/Intel/ArchitecturalMsr.h | 106 +++++++++++++++++-
MdePkg/Include/Register/Intel/Cpuid.h | 9 +-
2 files changed, 112 insertions(+), 3 deletions(-)
diff --git a/MdePkg/Include/Register/Intel/ArchitecturalMsr.h b/MdePkg/Include/Register/Intel/ArchitecturalMsr.h
index 071a8c689c..76d80660da 100644
--- a/MdePkg/Include/Register/Intel/ArchitecturalMsr.h
+++ b/MdePkg/Include/Register/Intel/ArchitecturalMsr.h
@@ -6,7 +6,7 @@
returned is a single 32-bit or 64-bit value, then a data structure is not
provided for that MSR.
- Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2016 - 2023, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@par Specification Reference:
@@ -5679,6 +5679,110 @@ typedef union {
**/
#define MSR_IA32_X2APIC_SELF_IPI 0x0000083F
+/**
+ Memory Encryption Activation MSR. If CPUID.07H:ECX.[13] = 1.
+
+ @param ECX MSR_IA32_TME_ACTIVATE (0x00000982)
+ @param EAX Lower 32-bits of MSR value.
+ Described by the type MSR_IA32_TME_ACTIVATE_REGISTER.
+ @param EDX Upper 32-bits of MSR value.
+ Described by the type MSR_IA32_TME_ACTIVATE_REGISTER.
+
+ <b>Example usage</b>
+ @code
+ MSR_IA32_TME_ACTIVATE_REGISTER Msr;
+
+ Msr.Uint64 = AsmReadMsr64 (MSR_IA32_TME_ACTIVATE);
+ AsmWriteMsr64 (MSR_IA32_TME_ACTIVATE, Msr.Uint64);
+ @endcode
+ @note MSR_IA32_TME_ACTIVATE is defined as IA32_TME_ACTIVATE in SDM.
+**/
+#define MSR_IA32_TME_ACTIVATE 0x00000982
+
+/**
+ MSR information returned for MSR index #MSR_IA32_TME_ACTIVATE
+**/
+typedef union {
+ ///
+ /// Individual bit fields
+ ///
+ struct {
+ ///
+ /// [Bit 0] Lock R/O: Will be set upon successful WRMSR (or first SMI);
+ /// written value ignored..
+ ///
+ UINT32 Lock : 1;
+ ///
+ /// [Bit 1] Hardware Encryption Enable: This bit also enables MKTME; MKTME
+ /// cannot be enabled without enabling encryption hardware.
+ ///
+ UINT32 TmeEnable : 1;
+ ///
+ /// [Bit 2] Key Select:
+ /// 0: Create a new TME key (expected cold/warm boot).
+ /// 1: Restore the TME key from storage (Expected when resume from standby).
+ ///
+ UINT32 KeySelect : 1;
+ ///
+ /// [Bit 3] Save TME Key for Standby: Save key into storage to be used when
+ /// resume from standby.
+ /// Note: This may not be supported in all processors.
+ ///
+ UINT32 SaveKeyForStandby : 1;
+ ///
+ /// [Bit 7:4] TME Policy/Encryption Algorithm: Only algorithms enumerated in
+ /// IA32_TME_CAPABILITY are allowed.
+ /// For example:
+ /// 0000 – AES-XTS-128.
+ /// 0001 – AES-XTS-128 with integrity.
+ /// 0010 – AES-XTS-256.
+ /// Other values are invalid.
+ ///
+ UINT32 TmePolicy : 4;
+ UINT32 Reserved : 23;
+ ///
+ /// [Bit 31] TME Encryption Bypass Enable: When encryption hardware is enabled:
+ /// * Total Memory Encryption is enabled using a CPU generated ephemeral key
+ /// based on a hardware random number generator when this bit is set to 0.
+ /// * Total Memory Encryption is bypassed (no encryption/decryption for KeyID0)
+ /// when this bit is set to 1.
+ /// Software must inspect Hardware Encryption Enable (bit 1) and TME encryption
+ /// bypass Enable (bit 31) to determine if TME encryption is enabled.
+ ///
+ UINT32 TmeBypassMode : 1;
+ ///
+ /// [Bit 35:32] MK_TME_KEYID_BITS: Reserved if MKTME is not enumerated, otherwise:
+ /// The number of key identifier bits to allocate to MKTME usage.
+ /// Similar to enumeration, this is an encoded value.
+ /// Writing a value greater than MK_TME_MAX_KEYID_BITS will result in #GP.
+ /// Writing a non-zero value to this field will #GP if bit 1 of EAX (Hardware
+ /// Encryption Enable) is not also set to ‘1, as encryption hardware must be
+ /// enabled to use MKTME.
+ /// Example: To support 255 keys, this field would be set to a value of 8.
+ ///
+ UINT32 MkTmeKeyidBits : 4;
+ UINT32 Reserved2 : 12;
+ ///
+ /// [Bit 63:48] MK_TME_CRYPTO_ALGS: Reserved if MKTME is not enumerated, otherwise:
+ /// Bit 48: AES-XTS 128.
+ /// Bit 49: AES-XTS 128 with integrity.
+ /// Bit 50: AES-XTS 256.
+ /// Bit 63:51: Reserved (#GP)
+ /// Bitmask for BIOS to set which encryption algorithms are allowed for MKTME, would
+ /// be later enforced by the key loading ISA ('1= allowed)
+ ///
+ UINT32 MkTmeCryptoAlgs : 16;
+ } Bits;
+ ///
+ /// All bit fields as a 32-bit value
+ ///
+ UINT32 Uint32;
+ ///
+ /// All bit fields as a 64-bit value
+ ///
+ UINT64 Uint64;
+} MSR_IA32_TME_ACTIVATE_REGISTER;
+
/**
Silicon Debug Feature Control (R/W). If CPUID.01H:ECX.[11] = 1.
diff --git a/MdePkg/Include/Register/Intel/Cpuid.h b/MdePkg/Include/Register/Intel/Cpuid.h
index 350bf60252..1fb880c85c 100644
--- a/MdePkg/Include/Register/Intel/Cpuid.h
+++ b/MdePkg/Include/Register/Intel/Cpuid.h
@@ -6,7 +6,7 @@
If a register returned is a single 32-bit value, then a data structure is
not provided for that register.
- Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2015 - 2023, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@par Specification Reference:
@@ -1490,7 +1490,12 @@ typedef union {
/// RDPKRU/WRPKRU instructions).
///
UINT32 OSPKE : 1;
- UINT32 Reserved5 : 9;
+ UINT32 Reserved8 : 8;
+ ///
+ /// [Bit 13] If 1, the following MSRs are supported: IA32_TME_CAPABILITY, IA32_TME_ACTIVATE,
+ /// IA32_TME_EXCLUDE_MASK, and IA32_TME_EXCLUDE_BASE.
+ ///
+ UINT32 TME_EN : 1;
///
/// [Bits 14] AVX512_VPOPCNTDQ. (Intel Xeon Phi only.).
///
--
2.39.1.windows.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH 2/6] UefiCpuPkg/MtrrTest: Only claim CPUID max leaf as 1
2023-03-21 23:56 [PATCH 0/6] Substract TME-MK KEY_ID_BITS from CPU max PA Ni, Ray
2023-03-21 23:56 ` [PATCH 1/6] MdePkg: Add TME-MK related CPUID and MSR definitions Ni, Ray
@ 2023-03-21 23:56 ` Ni, Ray
2023-03-29 22:22 ` Michael D Kinney
2023-03-21 23:56 ` [PATCH 3/6] UefiCpuPkg/MtrrLib: Substract TME-MK KEY_ID_BITS from CPU max PA Ni, Ray
` (3 subsequent siblings)
5 siblings, 1 reply; 14+ messages in thread
From: Ni, Ray @ 2023-03-21 23:56 UTC (permalink / raw)
To: devel
Cc: Eric Dong, Rahul Kumar, Gerd Hoffmann, Michael D Kinney,
Ahmad Anadani
MtrrLib code queries the CPUID leaf 7h result if support.
Update Test code temporary to claim the CPUID only
supports max leaf as 1 so MtrrLib skips to query CPUID leaf 7h.
Signed-off-by: Ray Ni <ray.ni@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Ahmad Anadani <ahmad.anadani@intel.com>
---
UefiCpuPkg/Library/MtrrLib/UnitTest/Support.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/UefiCpuPkg/Library/MtrrLib/UnitTest/Support.c b/UefiCpuPkg/Library/MtrrLib/UnitTest/Support.c
index 748c403281..260966e7b6 100644
--- a/UefiCpuPkg/Library/MtrrLib/UnitTest/Support.c
+++ b/UefiCpuPkg/Library/MtrrLib/UnitTest/Support.c
@@ -1,7 +1,7 @@
/** @file
Unit tests of the MtrrLib instance of the MtrrLib class
- Copyright (c) 2018 - 2020, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2018 - 2023, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -122,6 +122,13 @@ UnitTestMtrrLibAsmCpuid (
)
{
switch (Index) {
+ case CPUID_SIGNATURE:
+ if (Eax != NULL) {
+ *Eax = CPUID_VERSION_INFO;
+ }
+
+ return Index;
+ break;
case CPUID_VERSION_INFO:
if (Edx != NULL) {
*Edx = mCpuidVersionInfoEdx.Uint32;
--
2.39.1.windows.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH 3/6] UefiCpuPkg/MtrrLib: Substract TME-MK KEY_ID_BITS from CPU max PA
2023-03-21 23:56 [PATCH 0/6] Substract TME-MK KEY_ID_BITS from CPU max PA Ni, Ray
2023-03-21 23:56 ` [PATCH 1/6] MdePkg: Add TME-MK related CPUID and MSR definitions Ni, Ray
2023-03-21 23:56 ` [PATCH 2/6] UefiCpuPkg/MtrrTest: Only claim CPUID max leaf as 1 Ni, Ray
@ 2023-03-21 23:56 ` Ni, Ray
2023-03-29 22:22 ` Michael D Kinney
2023-03-21 23:56 ` [PATCH 4/6] UefiCpuPkg/CpuDxe: Refactor to use CPUID definitions Ni, Ray
` (2 subsequent siblings)
5 siblings, 1 reply; 14+ messages in thread
From: Ni, Ray @ 2023-03-21 23:56 UTC (permalink / raw)
To: devel
Cc: Eric Dong, Rahul Kumar, Gerd Hoffmann, Michael D Kinney,
Ahmad Anadani
CPUID enumeration of MAX_PA is unaffected by TME-MK activation and
will continue to report the maximum physical address bits available
for software to use, irrespective of the number of KeyID bits.
So, we need to check if TME is enabled and adjust the PA size
accordingly.
Signed-off-by: Ray Ni <ray.ni@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Ahmad Anadani <ahmad.anadani@intel.com>
---
UefiCpuPkg/Library/MtrrLib/MtrrLib.c | 24 ++++++++++++++++++++++--
1 file changed, 22 insertions(+), 2 deletions(-)
diff --git a/UefiCpuPkg/Library/MtrrLib/MtrrLib.c b/UefiCpuPkg/Library/MtrrLib/MtrrLib.c
index e5c862c83d..a66357e305 100644
--- a/UefiCpuPkg/Library/MtrrLib/MtrrLib.c
+++ b/UefiCpuPkg/Library/MtrrLib/MtrrLib.c
@@ -756,8 +756,11 @@ MtrrLibInitializeMtrrMask (
OUT UINT64 *MtrrValidAddressMask
)
{
- UINT32 MaxExtendedFunction;
- CPUID_VIR_PHY_ADDRESS_SIZE_EAX VirPhyAddressSize;
+ UINT32 MaxExtendedFunction;
+ CPUID_VIR_PHY_ADDRESS_SIZE_EAX VirPhyAddressSize;
+ UINT32 MaxFunction;
+ CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS_ECX ExtendedFeatureFlagsEcx;
+ MSR_IA32_TME_ACTIVATE_REGISTER TmeActivate;
AsmCpuid (CPUID_EXTENDED_FUNCTION, &MaxExtendedFunction, NULL, NULL, NULL);
@@ -767,6 +770,23 @@ MtrrLibInitializeMtrrMask (
VirPhyAddressSize.Bits.PhysicalAddressBits = 36;
}
+ //
+ // CPUID enumeration of MAX_PA is unaffected by TME-MK activation and will continue
+ // to report the maximum physical address bits available for software to use,
+ // irrespective of the number of KeyID bits.
+ // So, we need to check if TME is enabled and adjust the PA size accordingly.
+ //
+ AsmCpuid (CPUID_SIGNATURE, &MaxFunction, NULL, NULL, NULL);
+ if (MaxFunction >= CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS) {
+ AsmCpuidEx (CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS, 0, NULL, NULL, &ExtendedFeatureFlagsEcx.Uint32, NULL);
+ if (ExtendedFeatureFlagsEcx.Bits.TME_EN == 1) {
+ TmeActivate.Uint64 = AsmReadMsr64 (MSR_IA32_TME_ACTIVATE);
+ if (TmeActivate.Bits.TmeEnable == 1) {
+ VirPhyAddressSize.Bits.PhysicalAddressBits -= TmeActivate.Bits.MkTmeKeyidBits;
+ }
+ }
+ }
+
*MtrrValidBitsMask = LShiftU64 (1, VirPhyAddressSize.Bits.PhysicalAddressBits) - 1;
*MtrrValidAddressMask = *MtrrValidBitsMask & 0xfffffffffffff000ULL;
}
--
2.39.1.windows.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH 4/6] UefiCpuPkg/CpuDxe: Refactor to use CPUID definitions
2023-03-21 23:56 [PATCH 0/6] Substract TME-MK KEY_ID_BITS from CPU max PA Ni, Ray
` (2 preceding siblings ...)
2023-03-21 23:56 ` [PATCH 3/6] UefiCpuPkg/MtrrLib: Substract TME-MK KEY_ID_BITS from CPU max PA Ni, Ray
@ 2023-03-21 23:56 ` Ni, Ray
2023-03-29 22:22 ` Michael D Kinney
2023-03-21 23:56 ` [PATCH 5/6] UefiCpuPkg/CpuDxe: Substract TME-MK KEY_ID_BITS from CPU max PA Ni, Ray
2023-03-21 23:56 ` [PATCH 6/6] UefiCpuPkg/MtrrTest: Add test cases for TME-MK enable case Ni, Ray
5 siblings, 1 reply; 14+ messages in thread
From: Ni, Ray @ 2023-03-21 23:56 UTC (permalink / raw)
To: devel
Cc: Eric Dong, Rahul Kumar, Gerd Hoffmann, Michael D Kinney,
Ahmad Anadani
The patch does not change any code behavior but only refactors by:
* replaces the hardcode 0x80000000 with CPUID_EXTENDED_FUNCTION
* replaces the hardcode 0x80000008 with CPUID_VIR_PHY_ADDRESS_SIZE
* replace "UINT32 Eax" with
"CPUID_VIR_PHY_ADDRESS_SIZE_EAX VirPhyAddressSize"
Signed-off-by: Ray Ni <ray.ni@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Ahmad Anadani <ahmad.anadani@intel.com>
---
UefiCpuPkg/CpuDxe/CpuDxe.c | 18 ++++++++----------
UefiCpuPkg/CpuDxe/CpuDxe.h | 3 ++-
2 files changed, 10 insertions(+), 11 deletions(-)
diff --git a/UefiCpuPkg/CpuDxe/CpuDxe.c b/UefiCpuPkg/CpuDxe/CpuDxe.c
index a6a91507f6..920976c576 100644
--- a/UefiCpuPkg/CpuDxe/CpuDxe.c
+++ b/UefiCpuPkg/CpuDxe/CpuDxe.c
@@ -1,7 +1,7 @@
/** @file
CPU DXE Module to produce CPU ARCH Protocol.
- Copyright (c) 2008 - 2022, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2008 - 2023, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -505,20 +505,18 @@ InitializeMtrrMask (
VOID
)
{
- UINT32 RegEax;
- UINT8 PhysicalAddressBits;
+ UINT32 MaxExtendedFunction;
+ CPUID_VIR_PHY_ADDRESS_SIZE_EAX VirPhyAddressSize;
- AsmCpuid (0x80000000, &RegEax, NULL, NULL, NULL);
+ AsmCpuid (CPUID_EXTENDED_FUNCTION, &MaxExtendedFunction, NULL, NULL, NULL);
- if (RegEax >= 0x80000008) {
- AsmCpuid (0x80000008, &RegEax, NULL, NULL, NULL);
-
- PhysicalAddressBits = (UINT8)RegEax;
+ if (MaxExtendedFunction >= CPUID_VIR_PHY_ADDRESS_SIZE) {
+ AsmCpuid (CPUID_VIR_PHY_ADDRESS_SIZE, &VirPhyAddressSize.Uint32, NULL, NULL, NULL);
} else {
- PhysicalAddressBits = 36;
+ VirPhyAddressSize.Bits.PhysicalAddressBits = 36;
}
- mValidMtrrBitsMask = LShiftU64 (1, PhysicalAddressBits) - 1;
+ mValidMtrrBitsMask = LShiftU64 (1, VirPhyAddressSize.Bits.PhysicalAddressBits) - 1;
mValidMtrrAddressMask = mValidMtrrBitsMask & 0xfffffffffffff000ULL;
}
diff --git a/UefiCpuPkg/CpuDxe/CpuDxe.h b/UefiCpuPkg/CpuDxe/CpuDxe.h
index 49a390b4c4..0e7d88dd35 100644
--- a/UefiCpuPkg/CpuDxe/CpuDxe.h
+++ b/UefiCpuPkg/CpuDxe/CpuDxe.h
@@ -1,7 +1,7 @@
/** @file
CPU DXE Module to produce CPU ARCH Protocol and CPU MP Protocol.
- Copyright (c) 2008 - 2019, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2008 - 2023, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -13,6 +13,7 @@
#include <Protocol/Cpu.h>
#include <Protocol/MpService.h>
+#include <Register/Intel/Cpuid.h>
#include <Register/Intel/Msr.h>
#include <Ppi/SecPlatformInformation.h>
--
2.39.1.windows.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH 5/6] UefiCpuPkg/CpuDxe: Substract TME-MK KEY_ID_BITS from CPU max PA
2023-03-21 23:56 [PATCH 0/6] Substract TME-MK KEY_ID_BITS from CPU max PA Ni, Ray
` (3 preceding siblings ...)
2023-03-21 23:56 ` [PATCH 4/6] UefiCpuPkg/CpuDxe: Refactor to use CPUID definitions Ni, Ray
@ 2023-03-21 23:56 ` Ni, Ray
2023-03-29 22:23 ` Michael D Kinney
2023-03-21 23:56 ` [PATCH 6/6] UefiCpuPkg/MtrrTest: Add test cases for TME-MK enable case Ni, Ray
5 siblings, 1 reply; 14+ messages in thread
From: Ni, Ray @ 2023-03-21 23:56 UTC (permalink / raw)
To: devel
Cc: Eric Dong, Rahul Kumar, Gerd Hoffmann, Michael D Kinney,
Ahmad Anadani
CPUID enumeration of MAX_PA is unaffected by TME-MK activation and
will continue to report the maximum physical address bits available
for software to use, irrespective of the number of KeyID bits.
So, we need to check if TME is enabled and adjust the PA size
accordingly.
Signed-off-by: Ray Ni <ray.ni@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Ahmad Anadani <ahmad.anadani@intel.com>
---
UefiCpuPkg/CpuDxe/CpuDxe.c | 24 ++++++++++++++++++++++--
1 file changed, 22 insertions(+), 2 deletions(-)
diff --git a/UefiCpuPkg/CpuDxe/CpuDxe.c b/UefiCpuPkg/CpuDxe/CpuDxe.c
index 920976c576..3febd59d99 100644
--- a/UefiCpuPkg/CpuDxe/CpuDxe.c
+++ b/UefiCpuPkg/CpuDxe/CpuDxe.c
@@ -505,8 +505,11 @@ InitializeMtrrMask (
VOID
)
{
- UINT32 MaxExtendedFunction;
- CPUID_VIR_PHY_ADDRESS_SIZE_EAX VirPhyAddressSize;
+ UINT32 MaxExtendedFunction;
+ CPUID_VIR_PHY_ADDRESS_SIZE_EAX VirPhyAddressSize;
+ UINT32 MaxFunction;
+ CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS_ECX ExtendedFeatureFlagsEcx;
+ MSR_IA32_TME_ACTIVATE_REGISTER TmeActivate;
AsmCpuid (CPUID_EXTENDED_FUNCTION, &MaxExtendedFunction, NULL, NULL, NULL);
@@ -516,6 +519,23 @@ InitializeMtrrMask (
VirPhyAddressSize.Bits.PhysicalAddressBits = 36;
}
+ //
+ // CPUID enumeration of MAX_PA is unaffected by TME-MK activation and will continue
+ // to report the maximum physical address bits available for software to use,
+ // irrespective of the number of KeyID bits.
+ // So, we need to check if TME is enabled and adjust the PA size accordingly.
+ //
+ AsmCpuid (CPUID_SIGNATURE, &MaxFunction, NULL, NULL, NULL);
+ if (MaxFunction >= CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS) {
+ AsmCpuidEx (CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS, 0, NULL, NULL, &ExtendedFeatureFlagsEcx.Uint32, NULL);
+ if (ExtendedFeatureFlagsEcx.Bits.TME_EN == 1) {
+ TmeActivate.Uint64 = AsmReadMsr64 (MSR_IA32_TME_ACTIVATE);
+ if (TmeActivate.Bits.TmeEnable == 1) {
+ VirPhyAddressSize.Bits.PhysicalAddressBits -= TmeActivate.Bits.MkTmeKeyidBits;
+ }
+ }
+ }
+
mValidMtrrBitsMask = LShiftU64 (1, VirPhyAddressSize.Bits.PhysicalAddressBits) - 1;
mValidMtrrAddressMask = mValidMtrrBitsMask & 0xfffffffffffff000ULL;
}
--
2.39.1.windows.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH 6/6] UefiCpuPkg/MtrrTest: Add test cases for TME-MK enable case
2023-03-21 23:56 [PATCH 0/6] Substract TME-MK KEY_ID_BITS from CPU max PA Ni, Ray
` (4 preceding siblings ...)
2023-03-21 23:56 ` [PATCH 5/6] UefiCpuPkg/CpuDxe: Substract TME-MK KEY_ID_BITS from CPU max PA Ni, Ray
@ 2023-03-21 23:56 ` Ni, Ray
2023-03-29 22:23 ` Michael D Kinney
5 siblings, 1 reply; 14+ messages in thread
From: Ni, Ray @ 2023-03-21 23:56 UTC (permalink / raw)
To: devel
Cc: Eric Dong, Rahul Kumar, Gerd Hoffmann, Michael D Kinney,
Ahmad Anadani
When TME-MK is enabled, the MtrrLib should substract the TME-MK
reserved bits from the max PA returned from CPUID instruction.
The new test case guarantees such behavior in MtrrLib.
Signed-off-by: Ray Ni <ray.ni@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Ahmad Anadani <ahmad.anadani@intel.com>
---
.../MtrrLib/UnitTest/MtrrLibUnitTest.c | 18 +--
.../MtrrLib/UnitTest/MtrrLibUnitTest.h | 3 +-
UefiCpuPkg/Library/MtrrLib/UnitTest/Support.c | 119 ++++++++++++++----
3 files changed, 107 insertions(+), 33 deletions(-)
diff --git a/UefiCpuPkg/Library/MtrrLib/UnitTest/MtrrLibUnitTest.c b/UefiCpuPkg/Library/MtrrLib/UnitTest/MtrrLibUnitTest.c
index b9a97dee09..1409ae27bb 100644
--- a/UefiCpuPkg/Library/MtrrLib/UnitTest/MtrrLibUnitTest.c
+++ b/UefiCpuPkg/Library/MtrrLib/UnitTest/MtrrLibUnitTest.c
@@ -1,7 +1,7 @@
/** @file
Unit tests of the MtrrLib instance of the MtrrLib class
- Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2020 - 2023, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -30,6 +30,8 @@ STATIC MTRR_LIB_SYSTEM_PARAMETER mSystemParameters[] = {
{ 48, TRUE, TRUE, CacheWriteThrough, 12 },
{ 48, TRUE, TRUE, CacheWriteProtected, 12 },
{ 48, TRUE, TRUE, CacheWriteCombining, 12 },
+
+ { 48, TRUE, TRUE, CacheWriteBack, 12, 7}, // 7 bits for MKTME
};
UINT32 mFixedMtrrsIndex[] = {
@@ -219,7 +221,7 @@ UnitTestMtrrSetMemoryAttributesInMtrrSettings (
&WcCount
);
GenerateValidAndConfigurableMtrrPairs (
- SystemParameter->PhysicalAddressBits,
+ SystemParameter->PhysicalAddressBits - SystemParameter->MkTmeKeyidBits,
RawMtrrRange,
UcCount,
WtCount,
@@ -232,7 +234,7 @@ UnitTestMtrrSetMemoryAttributesInMtrrSettings (
ExpectedMemoryRangesCount = ARRAY_SIZE (ExpectedMemoryRanges);
GetEffectiveMemoryRanges (
SystemParameter->DefaultCacheType,
- SystemParameter->PhysicalAddressBits,
+ SystemParameter->PhysicalAddressBits - SystemParameter->MkTmeKeyidBits,
RawMtrrRange,
ExpectedVariableMtrrUsage,
ExpectedMemoryRanges,
@@ -278,7 +280,7 @@ UnitTestMtrrSetMemoryAttributesInMtrrSettings (
ActualMemoryRangesCount = ARRAY_SIZE (ActualMemoryRanges);
CollectTestResult (
SystemParameter->DefaultCacheType,
- SystemParameter->PhysicalAddressBits,
+ SystemParameter->PhysicalAddressBits - SystemParameter->MkTmeKeyidBits,
SystemParameter->VariableMtrrCount,
&LocalMtrrs,
ActualMemoryRanges,
@@ -325,7 +327,7 @@ UnitTestInvalidMemoryLayouts (
SystemParameter = (MTRR_LIB_SYSTEM_PARAMETER *)Context;
RangeCount = Random32 (1, ARRAY_SIZE (Ranges));
- MaxAddress = 1ull << SystemParameter->PhysicalAddressBits;
+ MaxAddress = 1ull << (SystemParameter->PhysicalAddressBits - SystemParameter->MkTmeKeyidBits);
for (Index = 0; Index < RangeCount; Index++) {
do {
@@ -967,7 +969,7 @@ UnitTestMtrrSetMemoryAttributeInMtrrSettings (
&WcCount
);
GenerateValidAndConfigurableMtrrPairs (
- SystemParameter->PhysicalAddressBits,
+ SystemParameter->PhysicalAddressBits - SystemParameter->MkTmeKeyidBits,
RawMtrrRange,
UcCount,
WtCount,
@@ -980,7 +982,7 @@ UnitTestMtrrSetMemoryAttributeInMtrrSettings (
ExpectedMemoryRangesCount = ARRAY_SIZE (ExpectedMemoryRanges);
GetEffectiveMemoryRanges (
SystemParameter->DefaultCacheType,
- SystemParameter->PhysicalAddressBits,
+ SystemParameter->PhysicalAddressBits - SystemParameter->MkTmeKeyidBits,
RawMtrrRange,
ExpectedVariableMtrrUsage,
ExpectedMemoryRanges,
@@ -1019,7 +1021,7 @@ UnitTestMtrrSetMemoryAttributeInMtrrSettings (
ActualMemoryRangesCount = ARRAY_SIZE (ActualMemoryRanges);
CollectTestResult (
SystemParameter->DefaultCacheType,
- SystemParameter->PhysicalAddressBits,
+ SystemParameter->PhysicalAddressBits - SystemParameter->MkTmeKeyidBits,
SystemParameter->VariableMtrrCount,
&LocalMtrrs,
ActualMemoryRanges,
diff --git a/UefiCpuPkg/Library/MtrrLib/UnitTest/MtrrLibUnitTest.h b/UefiCpuPkg/Library/MtrrLib/UnitTest/MtrrLibUnitTest.h
index 57e656c555..4471c1dcf7 100644
--- a/UefiCpuPkg/Library/MtrrLib/UnitTest/MtrrLibUnitTest.h
+++ b/UefiCpuPkg/Library/MtrrLib/UnitTest/MtrrLibUnitTest.h
@@ -1,6 +1,6 @@
/** @file
- Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2020 - 2023, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -40,6 +40,7 @@ typedef struct {
BOOLEAN FixedMtrrSupported;
MTRR_MEMORY_CACHE_TYPE DefaultCacheType;
UINT32 VariableMtrrCount;
+ UINT8 MkTmeKeyidBits;
} MTRR_LIB_SYSTEM_PARAMETER;
extern UINT32 mFixedMtrrsIndex[];
diff --git a/UefiCpuPkg/Library/MtrrLib/UnitTest/Support.c b/UefiCpuPkg/Library/MtrrLib/UnitTest/Support.c
index 260966e7b6..ba1de10034 100644
--- a/UefiCpuPkg/Library/MtrrLib/UnitTest/Support.c
+++ b/UefiCpuPkg/Library/MtrrLib/UnitTest/Support.c
@@ -12,13 +12,15 @@ MTRR_MEMORY_CACHE_TYPE mMemoryCacheTypes[] = {
CacheUncacheable, CacheWriteCombining, CacheWriteThrough, CacheWriteProtected, CacheWriteBack
};
-UINT64 mFixedMtrrsValue[MTRR_NUMBER_OF_FIXED_MTRR];
-MSR_IA32_MTRR_PHYSBASE_REGISTER mVariableMtrrsPhysBase[MTRR_NUMBER_OF_VARIABLE_MTRR];
-MSR_IA32_MTRR_PHYSMASK_REGISTER mVariableMtrrsPhysMask[MTRR_NUMBER_OF_VARIABLE_MTRR];
-MSR_IA32_MTRR_DEF_TYPE_REGISTER mDefTypeMsr;
-MSR_IA32_MTRRCAP_REGISTER mMtrrCapMsr;
-CPUID_VERSION_INFO_EDX mCpuidVersionInfoEdx;
-CPUID_VIR_PHY_ADDRESS_SIZE_EAX mCpuidVirPhyAddressSizeEax;
+UINT64 mFixedMtrrsValue[MTRR_NUMBER_OF_FIXED_MTRR];
+MSR_IA32_MTRR_PHYSBASE_REGISTER mVariableMtrrsPhysBase[MTRR_NUMBER_OF_VARIABLE_MTRR];
+MSR_IA32_MTRR_PHYSMASK_REGISTER mVariableMtrrsPhysMask[MTRR_NUMBER_OF_VARIABLE_MTRR];
+MSR_IA32_MTRR_DEF_TYPE_REGISTER mDefTypeMsr;
+MSR_IA32_MTRRCAP_REGISTER mMtrrCapMsr;
+MSR_IA32_TME_ACTIVATE_REGISTER mTmeActivateMsr;
+CPUID_VERSION_INFO_EDX mCpuidVersionInfoEdx;
+CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS_ECX mCpuidExtendedFeatureFlagsEcx;
+CPUID_VIR_PHY_ADDRESS_SIZE_EAX mCpuidVirPhyAddressSizeEax;
BOOLEAN mRandomInput;
UINTN mNumberIndex = 0;
@@ -87,34 +89,42 @@ GenerateRandomNumbers (
}
/**
- Retrieves CPUID information.
+ Retrieves CPUID information using an extended leaf identifier.
+
+ Executes the CPUID instruction with EAX set to the value specified by Index
+ and ECX set to the value specified by SubIndex. This function always returns
+ Index. This function is only available on IA-32 and x64.
- Executes the CPUID instruction with EAX set to the value specified by Index.
- This function always returns Index.
If Eax is not NULL, then the value of EAX after CPUID is returned in Eax.
If Ebx is not NULL, then the value of EBX after CPUID is returned in Ebx.
If Ecx is not NULL, then the value of ECX after CPUID is returned in Ecx.
If Edx is not NULL, then the value of EDX after CPUID is returned in Edx.
- This function is only available on IA-32 and x64.
- @param Index The 32-bit value to load into EAX prior to invoking the CPUID
- instruction.
- @param Eax The pointer to the 32-bit EAX value returned by the CPUID
- instruction. This is an optional parameter that may be NULL.
- @param Ebx The pointer to the 32-bit EBX value returned by the CPUID
- instruction. This is an optional parameter that may be NULL.
- @param Ecx The pointer to the 32-bit ECX value returned by the CPUID
- instruction. This is an optional parameter that may be NULL.
- @param Edx The pointer to the 32-bit EDX value returned by the CPUID
- instruction. This is an optional parameter that may be NULL.
+ @param Index The 32-bit value to load into EAX prior to invoking the
+ CPUID instruction.
+ @param SubIndex The 32-bit value to load into ECX prior to invoking the
+ CPUID instruction.
+ @param Eax The pointer to the 32-bit EAX value returned by the CPUID
+ instruction. This is an optional parameter that may be
+ NULL.
+ @param Ebx The pointer to the 32-bit EBX value returned by the CPUID
+ instruction. This is an optional parameter that may be
+ NULL.
+ @param Ecx The pointer to the 32-bit ECX value returned by the CPUID
+ instruction. This is an optional parameter that may be
+ NULL.
+ @param Edx The pointer to the 32-bit EDX value returned by the CPUID
+ instruction. This is an optional parameter that may be
+ NULL.
@return Index.
**/
UINT32
EFIAPI
-UnitTestMtrrLibAsmCpuid (
+UnitTestMtrrLibAsmCpuidEx (
IN UINT32 Index,
+ IN UINT32 SubIndex,
OUT UINT32 *Eax OPTIONAL,
OUT UINT32 *Ebx OPTIONAL,
OUT UINT32 *Ecx OPTIONAL,
@@ -124,7 +134,7 @@ UnitTestMtrrLibAsmCpuid (
switch (Index) {
case CPUID_SIGNATURE:
if (Eax != NULL) {
- *Eax = CPUID_VERSION_INFO;
+ *Eax = CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS;
}
return Index;
@@ -134,6 +144,13 @@ UnitTestMtrrLibAsmCpuid (
*Edx = mCpuidVersionInfoEdx.Uint32;
}
+ return Index;
+ break;
+ case CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS:
+ if (Ecx != NULL) {
+ *Ecx = mCpuidExtendedFeatureFlagsEcx.Uint32;
+ }
+
return Index;
break;
case CPUID_EXTENDED_FUNCTION:
@@ -159,6 +176,44 @@ UnitTestMtrrLibAsmCpuid (
return Index;
}
+/**
+ Retrieves CPUID information.
+
+ Executes the CPUID instruction with EAX set to the value specified by Index.
+ This function always returns Index.
+ If Eax is not NULL, then the value of EAX after CPUID is returned in Eax.
+ If Ebx is not NULL, then the value of EBX after CPUID is returned in Ebx.
+ If Ecx is not NULL, then the value of ECX after CPUID is returned in Ecx.
+ If Edx is not NULL, then the value of EDX after CPUID is returned in Edx.
+ This function is only available on IA-32 and x64.
+
+ @param Index The 32-bit value to load into EAX prior to invoking the CPUID
+ instruction.
+ @param Eax The pointer to the 32-bit EAX value returned by the CPUID
+ instruction. This is an optional parameter that may be NULL.
+ @param Ebx The pointer to the 32-bit EBX value returned by the CPUID
+ instruction. This is an optional parameter that may be NULL.
+ @param Ecx The pointer to the 32-bit ECX value returned by the CPUID
+ instruction. This is an optional parameter that may be NULL.
+ @param Edx The pointer to the 32-bit EDX value returned by the CPUID
+ instruction. This is an optional parameter that may be NULL.
+
+ @return Index.
+
+**/
+UINT32
+EFIAPI
+UnitTestMtrrLibAsmCpuid (
+ IN UINT32 Index,
+ OUT UINT32 *Eax OPTIONAL,
+ OUT UINT32 *Ebx OPTIONAL,
+ OUT UINT32 *Ecx OPTIONAL,
+ OUT UINT32 *Edx OPTIONAL
+ )
+{
+ return UnitTestMtrrLibAsmCpuidEx (Index, 0, Eax, Ebx, Ecx, Edx);
+}
+
/**
Returns a 64-bit Machine Specific Register(MSR).
@@ -207,6 +262,10 @@ UnitTestMtrrLibAsmReadMsr64 (
return mMtrrCapMsr.Uint64;
}
+ if (MsrIndex == MSR_IA32_TME_ACTIVATE) {
+ return mTmeActivateMsr.Uint64;
+ }
+
//
// Should never fall through to here
//
@@ -324,10 +383,22 @@ InitializeMtrrRegs (
//
// Hook BaseLib functions used by MtrrLib that require some emulation.
//
- gUnitTestHostBaseLib.X86->AsmCpuid = UnitTestMtrrLibAsmCpuid;
+ gUnitTestHostBaseLib.X86->AsmCpuid = UnitTestMtrrLibAsmCpuid;
+ gUnitTestHostBaseLib.X86->AsmCpuidEx = UnitTestMtrrLibAsmCpuidEx;
+
gUnitTestHostBaseLib.X86->AsmReadMsr64 = UnitTestMtrrLibAsmReadMsr64;
gUnitTestHostBaseLib.X86->AsmWriteMsr64 = UnitTestMtrrLibAsmWriteMsr64;
+ if (SystemParameter->MkTmeKeyidBits != 0) {
+ mCpuidExtendedFeatureFlagsEcx.Bits.TME_EN = 1;
+ mTmeActivateMsr.Bits.TmeEnable = 1;
+ mTmeActivateMsr.Bits.MkTmeKeyidBits = SystemParameter->MkTmeKeyidBits;
+ } else {
+ mCpuidExtendedFeatureFlagsEcx.Bits.TME_EN = 0;
+ mTmeActivateMsr.Bits.TmeEnable = 0;
+ mTmeActivateMsr.Bits.MkTmeKeyidBits = 0;
+ }
+
return UNIT_TEST_PASSED;
}
--
2.39.1.windows.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: [PATCH 1/6] MdePkg: Add TME-MK related CPUID and MSR definitions
2023-03-21 23:56 ` [PATCH 1/6] MdePkg: Add TME-MK related CPUID and MSR definitions Ni, Ray
@ 2023-03-29 22:14 ` Michael D Kinney
2023-03-29 22:24 ` Michael D Kinney
0 siblings, 1 reply; 14+ messages in thread
From: Michael D Kinney @ 2023-03-29 22:14 UTC (permalink / raw)
To: Ni, Ray, devel@edk2.groups.io
Cc: Gao, Liming, Liu, Zhiguang, Kinney, Michael D
Hi Ray,
One comment below.
Mike
> -----Original Message-----
> From: Ni, Ray <ray.ni@intel.com>
> Sent: Tuesday, March 21, 2023 4:57 PM
> To: devel@edk2.groups.io
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>; Liu, Zhiguang
> <zhiguang.liu@intel.com>
> Subject: [PATCH 1/6] MdePkg: Add TME-MK related CPUID and MSR definitions
>
> TME (Total Memory Encryption) is the capability to encrypt
> the entirety of physical memory of a system.
> TME-MK (Total Memory Encryption-Multi-Key) builds on TME and adds
> support for multiple encryption keys.
>
> The patch adds some necessary CPUID/MSR definitions for TME-MK.
>
> Signed-off-by: Ray Ni <ray.ni@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
> ---
> .../Include/Register/Intel/ArchitecturalMsr.h | 106 +++++++++++++++++-
> MdePkg/Include/Register/Intel/Cpuid.h | 9 +-
> 2 files changed, 112 insertions(+), 3 deletions(-)
>
> diff --git a/MdePkg/Include/Register/Intel/ArchitecturalMsr.h b/MdePkg/Include/Register/Intel/ArchitecturalMsr.h
> index 071a8c689c..76d80660da 100644
> --- a/MdePkg/Include/Register/Intel/ArchitecturalMsr.h
> +++ b/MdePkg/Include/Register/Intel/ArchitecturalMsr.h
> @@ -6,7 +6,7 @@
> returned is a single 32-bit or 64-bit value, then a data structure is not
>
> provided for that MSR.
>
>
>
> - Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.<BR>
>
> + Copyright (c) 2016 - 2023, Intel Corporation. All rights reserved.<BR>
>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
>
>
> @par Specification Reference:
>
> @@ -5679,6 +5679,110 @@ typedef union {
> **/
>
> #define MSR_IA32_X2APIC_SELF_IPI 0x0000083F
>
>
>
> +/**
>
> + Memory Encryption Activation MSR. If CPUID.07H:ECX.[13] = 1.
>
> +
>
> + @param ECX MSR_IA32_TME_ACTIVATE (0x00000982)
>
> + @param EAX Lower 32-bits of MSR value.
>
> + Described by the type MSR_IA32_TME_ACTIVATE_REGISTER.
>
> + @param EDX Upper 32-bits of MSR value.
>
> + Described by the type MSR_IA32_TME_ACTIVATE_REGISTER.
>
> +
>
> + <b>Example usage</b>
>
> + @code
>
> + MSR_IA32_TME_ACTIVATE_REGISTER Msr;
>
> +
>
> + Msr.Uint64 = AsmReadMsr64 (MSR_IA32_TME_ACTIVATE);
>
> + AsmWriteMsr64 (MSR_IA32_TME_ACTIVATE, Msr.Uint64);
>
> + @endcode
>
> + @note MSR_IA32_TME_ACTIVATE is defined as IA32_TME_ACTIVATE in SDM.
>
> +**/
>
> +#define MSR_IA32_TME_ACTIVATE 0x00000982
>
> +
>
> +/**
>
> + MSR information returned for MSR index #MSR_IA32_TME_ACTIVATE
>
> +**/
>
> +typedef union {
>
> + ///
>
> + /// Individual bit fields
>
> + ///
>
> + struct {
>
> + ///
>
> + /// [Bit 0] Lock R/O: Will be set upon successful WRMSR (or first SMI);
>
> + /// written value ignored..
>
> + ///
>
> + UINT32 Lock : 1;
>
> + ///
>
> + /// [Bit 1] Hardware Encryption Enable: This bit also enables MKTME; MKTME
>
> + /// cannot be enabled without enabling encryption hardware.
>
> + ///
>
> + UINT32 TmeEnable : 1;
>
> + ///
>
> + /// [Bit 2] Key Select:
>
> + /// 0: Create a new TME key (expected cold/warm boot).
>
> + /// 1: Restore the TME key from storage (Expected when resume from standby).
>
> + ///
>
> + UINT32 KeySelect : 1;
>
> + ///
>
> + /// [Bit 3] Save TME Key for Standby: Save key into storage to be used when
>
> + /// resume from standby.
>
> + /// Note: This may not be supported in all processors.
>
> + ///
>
> + UINT32 SaveKeyForStandby : 1;
>
> + ///
>
> + /// [Bit 7:4] TME Policy/Encryption Algorithm: Only algorithms enumerated in
>
> + /// IA32_TME_CAPABILITY are allowed.
>
> + /// For example:
>
> + /// 0000 – AES-XTS-128.
>
> + /// 0001 – AES-XTS-128 with integrity.
>
> + /// 0010 – AES-XTS-256.
>
> + /// Other values are invalid.
>
> + ///
>
> + UINT32 TmePolicy : 4;
>
> + UINT32 Reserved : 23;
>
> + ///
>
> + /// [Bit 31] TME Encryption Bypass Enable: When encryption hardware is enabled:
>
> + /// * Total Memory Encryption is enabled using a CPU generated ephemeral key
>
> + /// based on a hardware random number generator when this bit is set to 0.
>
> + /// * Total Memory Encryption is bypassed (no encryption/decryption for KeyID0)
>
> + /// when this bit is set to 1.
>
> + /// Software must inspect Hardware Encryption Enable (bit 1) and TME encryption
>
> + /// bypass Enable (bit 31) to determine if TME encryption is enabled.
>
> + ///
>
> + UINT32 TmeBypassMode : 1;
>
> + ///
>
> + /// [Bit 35:32] MK_TME_KEYID_BITS: Reserved if MKTME is not enumerated, otherwise:
>
> + /// The number of key identifier bits to allocate to MKTME usage.
>
> + /// Similar to enumeration, this is an encoded value.
>
> + /// Writing a value greater than MK_TME_MAX_KEYID_BITS will result in #GP.
>
> + /// Writing a non-zero value to this field will #GP if bit 1 of EAX (Hardware
>
> + /// Encryption Enable) is not also set to ‘1, as encryption hardware must be
>
> + /// enabled to use MKTME.
>
> + /// Example: To support 255 keys, this field would be set to a value of 8.
>
> + ///
>
> + UINT32 MkTmeKeyidBits : 4;
>
> + UINT32 Reserved2 : 12;
>
> + ///
>
> + /// [Bit 63:48] MK_TME_CRYPTO_ALGS: Reserved if MKTME is not enumerated, otherwise:
>
> + /// Bit 48: AES-XTS 128.
>
> + /// Bit 49: AES-XTS 128 with integrity.
>
> + /// Bit 50: AES-XTS 256.
>
> + /// Bit 63:51: Reserved (#GP)
>
> + /// Bitmask for BIOS to set which encryption algorithms are allowed for MKTME, would
>
> + /// be later enforced by the key loading ISA ('1= allowed)
>
> + ///
>
> + UINT32 MkTmeCryptoAlgs : 16;
>
> + } Bits;
>
> + ///
>
> + /// All bit fields as a 32-bit value
>
> + ///
>
> + UINT32 Uint32;
This is the first MSR in these include files that has defined bits in the range 32..63.
This Uint32 union member can only access the lower 32-bits of the MSR.
Should this be changed to Uint32[2]?
>
> + ///
>
> + /// All bit fields as a 64-bit value
>
> + ///
>
> + UINT64 Uint64;
>
> +} MSR_IA32_TME_ACTIVATE_REGISTER;
>
> +
>
> /**
>
> Silicon Debug Feature Control (R/W). If CPUID.01H:ECX.[11] = 1.
>
>
>
> diff --git a/MdePkg/Include/Register/Intel/Cpuid.h b/MdePkg/Include/Register/Intel/Cpuid.h
> index 350bf60252..1fb880c85c 100644
> --- a/MdePkg/Include/Register/Intel/Cpuid.h
> +++ b/MdePkg/Include/Register/Intel/Cpuid.h
> @@ -6,7 +6,7 @@
> If a register returned is a single 32-bit value, then a data structure is
>
> not provided for that register.
>
>
>
> - Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.<BR>
>
> + Copyright (c) 2015 - 2023, Intel Corporation. All rights reserved.<BR>
>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
>
>
> @par Specification Reference:
>
> @@ -1490,7 +1490,12 @@ typedef union {
> /// RDPKRU/WRPKRU instructions).
>
> ///
>
> UINT32 OSPKE : 1;
>
> - UINT32 Reserved5 : 9;
>
> + UINT32 Reserved8 : 8;
>
> + ///
>
> + /// [Bit 13] If 1, the following MSRs are supported: IA32_TME_CAPABILITY, IA32_TME_ACTIVATE,
>
> + /// IA32_TME_EXCLUDE_MASK, and IA32_TME_EXCLUDE_BASE.
>
> + ///
>
> + UINT32 TME_EN : 1;
>
> ///
>
> /// [Bits 14] AVX512_VPOPCNTDQ. (Intel Xeon Phi only.).
>
> ///
>
> --
> 2.39.1.windows.1
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH 2/6] UefiCpuPkg/MtrrTest: Only claim CPUID max leaf as 1
2023-03-21 23:56 ` [PATCH 2/6] UefiCpuPkg/MtrrTest: Only claim CPUID max leaf as 1 Ni, Ray
@ 2023-03-29 22:22 ` Michael D Kinney
0 siblings, 0 replies; 14+ messages in thread
From: Michael D Kinney @ 2023-03-29 22:22 UTC (permalink / raw)
To: Ni, Ray, devel@edk2.groups.io
Cc: Dong, Eric, Kumar, Rahul R, Gerd Hoffmann, Anadani, Ahmad,
Kinney, Michael D
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
> -----Original Message-----
> From: Ni, Ray <ray.ni@intel.com>
> Sent: Tuesday, March 21, 2023 4:57 PM
> To: devel@edk2.groups.io
> Cc: Dong, Eric <eric.dong@intel.com>; Kumar, Rahul R <rahul.r.kumar@intel.com>; Gerd Hoffmann <kraxel@redhat.com>; Kinney,
> Michael D <michael.d.kinney@intel.com>; Anadani, Ahmad <ahmad.anadani@intel.com>
> Subject: [PATCH 2/6] UefiCpuPkg/MtrrTest: Only claim CPUID max leaf as 1
>
> MtrrLib code queries the CPUID leaf 7h result if support.
> Update Test code temporary to claim the CPUID only
> supports max leaf as 1 so MtrrLib skips to query CPUID leaf 7h.
>
> Signed-off-by: Ray Ni <ray.ni@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Ahmad Anadani <ahmad.anadani@intel.com>
> ---
> UefiCpuPkg/Library/MtrrLib/UnitTest/Support.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/UefiCpuPkg/Library/MtrrLib/UnitTest/Support.c b/UefiCpuPkg/Library/MtrrLib/UnitTest/Support.c
> index 748c403281..260966e7b6 100644
> --- a/UefiCpuPkg/Library/MtrrLib/UnitTest/Support.c
> +++ b/UefiCpuPkg/Library/MtrrLib/UnitTest/Support.c
> @@ -1,7 +1,7 @@
> /** @file
>
> Unit tests of the MtrrLib instance of the MtrrLib class
>
>
>
> - Copyright (c) 2018 - 2020, Intel Corporation. All rights reserved.<BR>
>
> + Copyright (c) 2018 - 2023, Intel Corporation. All rights reserved.<BR>
>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
>
>
> **/
>
> @@ -122,6 +122,13 @@ UnitTestMtrrLibAsmCpuid (
> )
>
> {
>
> switch (Index) {
>
> + case CPUID_SIGNATURE:
>
> + if (Eax != NULL) {
>
> + *Eax = CPUID_VERSION_INFO;
>
> + }
>
> +
>
> + return Index;
>
> + break;
>
> case CPUID_VERSION_INFO:
>
> if (Edx != NULL) {
>
> *Edx = mCpuidVersionInfoEdx.Uint32;
>
> --
> 2.39.1.windows.1
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH 3/6] UefiCpuPkg/MtrrLib: Substract TME-MK KEY_ID_BITS from CPU max PA
2023-03-21 23:56 ` [PATCH 3/6] UefiCpuPkg/MtrrLib: Substract TME-MK KEY_ID_BITS from CPU max PA Ni, Ray
@ 2023-03-29 22:22 ` Michael D Kinney
0 siblings, 0 replies; 14+ messages in thread
From: Michael D Kinney @ 2023-03-29 22:22 UTC (permalink / raw)
To: Ni, Ray, devel@edk2.groups.io
Cc: Dong, Eric, Kumar, Rahul R, Gerd Hoffmann, Anadani, Ahmad,
Kinney, Michael D
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
> -----Original Message-----
> From: Ni, Ray <ray.ni@intel.com>
> Sent: Tuesday, March 21, 2023 4:57 PM
> To: devel@edk2.groups.io
> Cc: Dong, Eric <eric.dong@intel.com>; Kumar, Rahul R <rahul.r.kumar@intel.com>; Gerd Hoffmann <kraxel@redhat.com>; Kinney,
> Michael D <michael.d.kinney@intel.com>; Anadani, Ahmad <ahmad.anadani@intel.com>
> Subject: [PATCH 3/6] UefiCpuPkg/MtrrLib: Substract TME-MK KEY_ID_BITS from CPU max PA
>
> CPUID enumeration of MAX_PA is unaffected by TME-MK activation and
> will continue to report the maximum physical address bits available
> for software to use, irrespective of the number of KeyID bits.
>
> So, we need to check if TME is enabled and adjust the PA size
> accordingly.
>
> Signed-off-by: Ray Ni <ray.ni@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Ahmad Anadani <ahmad.anadani@intel.com>
> ---
> UefiCpuPkg/Library/MtrrLib/MtrrLib.c | 24 ++++++++++++++++++++++--
> 1 file changed, 22 insertions(+), 2 deletions(-)
>
> diff --git a/UefiCpuPkg/Library/MtrrLib/MtrrLib.c b/UefiCpuPkg/Library/MtrrLib/MtrrLib.c
> index e5c862c83d..a66357e305 100644
> --- a/UefiCpuPkg/Library/MtrrLib/MtrrLib.c
> +++ b/UefiCpuPkg/Library/MtrrLib/MtrrLib.c
> @@ -756,8 +756,11 @@ MtrrLibInitializeMtrrMask (
> OUT UINT64 *MtrrValidAddressMask
>
> )
>
> {
>
> - UINT32 MaxExtendedFunction;
>
> - CPUID_VIR_PHY_ADDRESS_SIZE_EAX VirPhyAddressSize;
>
> + UINT32 MaxExtendedFunction;
>
> + CPUID_VIR_PHY_ADDRESS_SIZE_EAX VirPhyAddressSize;
>
> + UINT32 MaxFunction;
>
> + CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS_ECX ExtendedFeatureFlagsEcx;
>
> + MSR_IA32_TME_ACTIVATE_REGISTER TmeActivate;
>
>
>
> AsmCpuid (CPUID_EXTENDED_FUNCTION, &MaxExtendedFunction, NULL, NULL, NULL);
>
>
>
> @@ -767,6 +770,23 @@ MtrrLibInitializeMtrrMask (
> VirPhyAddressSize.Bits.PhysicalAddressBits = 36;
>
> }
>
>
>
> + //
>
> + // CPUID enumeration of MAX_PA is unaffected by TME-MK activation and will continue
>
> + // to report the maximum physical address bits available for software to use,
>
> + // irrespective of the number of KeyID bits.
>
> + // So, we need to check if TME is enabled and adjust the PA size accordingly.
>
> + //
>
> + AsmCpuid (CPUID_SIGNATURE, &MaxFunction, NULL, NULL, NULL);
>
> + if (MaxFunction >= CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS) {
>
> + AsmCpuidEx (CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS, 0, NULL, NULL, &ExtendedFeatureFlagsEcx.Uint32, NULL);
>
> + if (ExtendedFeatureFlagsEcx.Bits.TME_EN == 1) {
>
> + TmeActivate.Uint64 = AsmReadMsr64 (MSR_IA32_TME_ACTIVATE);
>
> + if (TmeActivate.Bits.TmeEnable == 1) {
>
> + VirPhyAddressSize.Bits.PhysicalAddressBits -= TmeActivate.Bits.MkTmeKeyidBits;
>
> + }
>
> + }
>
> + }
>
> +
>
> *MtrrValidBitsMask = LShiftU64 (1, VirPhyAddressSize.Bits.PhysicalAddressBits) - 1;
>
> *MtrrValidAddressMask = *MtrrValidBitsMask & 0xfffffffffffff000ULL;
>
> }
>
> --
> 2.39.1.windows.1
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH 4/6] UefiCpuPkg/CpuDxe: Refactor to use CPUID definitions
2023-03-21 23:56 ` [PATCH 4/6] UefiCpuPkg/CpuDxe: Refactor to use CPUID definitions Ni, Ray
@ 2023-03-29 22:22 ` Michael D Kinney
0 siblings, 0 replies; 14+ messages in thread
From: Michael D Kinney @ 2023-03-29 22:22 UTC (permalink / raw)
To: Ni, Ray, devel@edk2.groups.io
Cc: Dong, Eric, Kumar, Rahul R, Gerd Hoffmann, Anadani, Ahmad,
Kinney, Michael D
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
> -----Original Message-----
> From: Ni, Ray <ray.ni@intel.com>
> Sent: Tuesday, March 21, 2023 4:57 PM
> To: devel@edk2.groups.io
> Cc: Dong, Eric <eric.dong@intel.com>; Kumar, Rahul R <rahul.r.kumar@intel.com>; Gerd Hoffmann <kraxel@redhat.com>; Kinney,
> Michael D <michael.d.kinney@intel.com>; Anadani, Ahmad <ahmad.anadani@intel.com>
> Subject: [PATCH 4/6] UefiCpuPkg/CpuDxe: Refactor to use CPUID definitions
>
> The patch does not change any code behavior but only refactors by:
> * replaces the hardcode 0x80000000 with CPUID_EXTENDED_FUNCTION
> * replaces the hardcode 0x80000008 with CPUID_VIR_PHY_ADDRESS_SIZE
> * replace "UINT32 Eax" with
> "CPUID_VIR_PHY_ADDRESS_SIZE_EAX VirPhyAddressSize"
>
> Signed-off-by: Ray Ni <ray.ni@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Ahmad Anadani <ahmad.anadani@intel.com>
> ---
> UefiCpuPkg/CpuDxe/CpuDxe.c | 18 ++++++++----------
> UefiCpuPkg/CpuDxe/CpuDxe.h | 3 ++-
> 2 files changed, 10 insertions(+), 11 deletions(-)
>
> diff --git a/UefiCpuPkg/CpuDxe/CpuDxe.c b/UefiCpuPkg/CpuDxe/CpuDxe.c
> index a6a91507f6..920976c576 100644
> --- a/UefiCpuPkg/CpuDxe/CpuDxe.c
> +++ b/UefiCpuPkg/CpuDxe/CpuDxe.c
> @@ -1,7 +1,7 @@
> /** @file
>
> CPU DXE Module to produce CPU ARCH Protocol.
>
>
>
> - Copyright (c) 2008 - 2022, Intel Corporation. All rights reserved.<BR>
>
> + Copyright (c) 2008 - 2023, Intel Corporation. All rights reserved.<BR>
>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
>
>
> **/
>
> @@ -505,20 +505,18 @@ InitializeMtrrMask (
> VOID
>
> )
>
> {
>
> - UINT32 RegEax;
>
> - UINT8 PhysicalAddressBits;
>
> + UINT32 MaxExtendedFunction;
>
> + CPUID_VIR_PHY_ADDRESS_SIZE_EAX VirPhyAddressSize;
>
>
>
> - AsmCpuid (0x80000000, &RegEax, NULL, NULL, NULL);
>
> + AsmCpuid (CPUID_EXTENDED_FUNCTION, &MaxExtendedFunction, NULL, NULL, NULL);
>
>
>
> - if (RegEax >= 0x80000008) {
>
> - AsmCpuid (0x80000008, &RegEax, NULL, NULL, NULL);
>
> -
>
> - PhysicalAddressBits = (UINT8)RegEax;
>
> + if (MaxExtendedFunction >= CPUID_VIR_PHY_ADDRESS_SIZE) {
>
> + AsmCpuid (CPUID_VIR_PHY_ADDRESS_SIZE, &VirPhyAddressSize.Uint32, NULL, NULL, NULL);
>
> } else {
>
> - PhysicalAddressBits = 36;
>
> + VirPhyAddressSize.Bits.PhysicalAddressBits = 36;
>
> }
>
>
>
> - mValidMtrrBitsMask = LShiftU64 (1, PhysicalAddressBits) - 1;
>
> + mValidMtrrBitsMask = LShiftU64 (1, VirPhyAddressSize.Bits.PhysicalAddressBits) - 1;
>
> mValidMtrrAddressMask = mValidMtrrBitsMask & 0xfffffffffffff000ULL;
>
> }
>
>
>
> diff --git a/UefiCpuPkg/CpuDxe/CpuDxe.h b/UefiCpuPkg/CpuDxe/CpuDxe.h
> index 49a390b4c4..0e7d88dd35 100644
> --- a/UefiCpuPkg/CpuDxe/CpuDxe.h
> +++ b/UefiCpuPkg/CpuDxe/CpuDxe.h
> @@ -1,7 +1,7 @@
> /** @file
>
> CPU DXE Module to produce CPU ARCH Protocol and CPU MP Protocol.
>
>
>
> - Copyright (c) 2008 - 2019, Intel Corporation. All rights reserved.<BR>
>
> + Copyright (c) 2008 - 2023, Intel Corporation. All rights reserved.<BR>
>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
>
>
> **/
>
> @@ -13,6 +13,7 @@
>
>
> #include <Protocol/Cpu.h>
>
> #include <Protocol/MpService.h>
>
> +#include <Register/Intel/Cpuid.h>
>
> #include <Register/Intel/Msr.h>
>
>
>
> #include <Ppi/SecPlatformInformation.h>
>
> --
> 2.39.1.windows.1
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH 5/6] UefiCpuPkg/CpuDxe: Substract TME-MK KEY_ID_BITS from CPU max PA
2023-03-21 23:56 ` [PATCH 5/6] UefiCpuPkg/CpuDxe: Substract TME-MK KEY_ID_BITS from CPU max PA Ni, Ray
@ 2023-03-29 22:23 ` Michael D Kinney
0 siblings, 0 replies; 14+ messages in thread
From: Michael D Kinney @ 2023-03-29 22:23 UTC (permalink / raw)
To: Ni, Ray, devel@edk2.groups.io
Cc: Dong, Eric, Kumar, Rahul R, Gerd Hoffmann, Anadani, Ahmad,
Kinney, Michael D
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
> -----Original Message-----
> From: Ni, Ray <ray.ni@intel.com>
> Sent: Tuesday, March 21, 2023 4:57 PM
> To: devel@edk2.groups.io
> Cc: Dong, Eric <eric.dong@intel.com>; Kumar, Rahul R <rahul.r.kumar@intel.com>; Gerd Hoffmann <kraxel@redhat.com>; Kinney,
> Michael D <michael.d.kinney@intel.com>; Anadani, Ahmad <ahmad.anadani@intel.com>
> Subject: [PATCH 5/6] UefiCpuPkg/CpuDxe: Substract TME-MK KEY_ID_BITS from CPU max PA
>
> CPUID enumeration of MAX_PA is unaffected by TME-MK activation and
> will continue to report the maximum physical address bits available
> for software to use, irrespective of the number of KeyID bits.
>
> So, we need to check if TME is enabled and adjust the PA size
> accordingly.
>
> Signed-off-by: Ray Ni <ray.ni@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Ahmad Anadani <ahmad.anadani@intel.com>
> ---
> UefiCpuPkg/CpuDxe/CpuDxe.c | 24 ++++++++++++++++++++++--
> 1 file changed, 22 insertions(+), 2 deletions(-)
>
> diff --git a/UefiCpuPkg/CpuDxe/CpuDxe.c b/UefiCpuPkg/CpuDxe/CpuDxe.c
> index 920976c576..3febd59d99 100644
> --- a/UefiCpuPkg/CpuDxe/CpuDxe.c
> +++ b/UefiCpuPkg/CpuDxe/CpuDxe.c
> @@ -505,8 +505,11 @@ InitializeMtrrMask (
> VOID
>
> )
>
> {
>
> - UINT32 MaxExtendedFunction;
>
> - CPUID_VIR_PHY_ADDRESS_SIZE_EAX VirPhyAddressSize;
>
> + UINT32 MaxExtendedFunction;
>
> + CPUID_VIR_PHY_ADDRESS_SIZE_EAX VirPhyAddressSize;
>
> + UINT32 MaxFunction;
>
> + CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS_ECX ExtendedFeatureFlagsEcx;
>
> + MSR_IA32_TME_ACTIVATE_REGISTER TmeActivate;
>
>
>
> AsmCpuid (CPUID_EXTENDED_FUNCTION, &MaxExtendedFunction, NULL, NULL, NULL);
>
>
>
> @@ -516,6 +519,23 @@ InitializeMtrrMask (
> VirPhyAddressSize.Bits.PhysicalAddressBits = 36;
>
> }
>
>
>
> + //
>
> + // CPUID enumeration of MAX_PA is unaffected by TME-MK activation and will continue
>
> + // to report the maximum physical address bits available for software to use,
>
> + // irrespective of the number of KeyID bits.
>
> + // So, we need to check if TME is enabled and adjust the PA size accordingly.
>
> + //
>
> + AsmCpuid (CPUID_SIGNATURE, &MaxFunction, NULL, NULL, NULL);
>
> + if (MaxFunction >= CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS) {
>
> + AsmCpuidEx (CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS, 0, NULL, NULL, &ExtendedFeatureFlagsEcx.Uint32, NULL);
>
> + if (ExtendedFeatureFlagsEcx.Bits.TME_EN == 1) {
>
> + TmeActivate.Uint64 = AsmReadMsr64 (MSR_IA32_TME_ACTIVATE);
>
> + if (TmeActivate.Bits.TmeEnable == 1) {
>
> + VirPhyAddressSize.Bits.PhysicalAddressBits -= TmeActivate.Bits.MkTmeKeyidBits;
>
> + }
>
> + }
>
> + }
>
> +
>
> mValidMtrrBitsMask = LShiftU64 (1, VirPhyAddressSize.Bits.PhysicalAddressBits) - 1;
>
> mValidMtrrAddressMask = mValidMtrrBitsMask & 0xfffffffffffff000ULL;
>
> }
>
> --
> 2.39.1.windows.1
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH 6/6] UefiCpuPkg/MtrrTest: Add test cases for TME-MK enable case
2023-03-21 23:56 ` [PATCH 6/6] UefiCpuPkg/MtrrTest: Add test cases for TME-MK enable case Ni, Ray
@ 2023-03-29 22:23 ` Michael D Kinney
0 siblings, 0 replies; 14+ messages in thread
From: Michael D Kinney @ 2023-03-29 22:23 UTC (permalink / raw)
To: Ni, Ray, devel@edk2.groups.io
Cc: Dong, Eric, Kumar, Rahul R, Gerd Hoffmann, Anadani, Ahmad,
Kinney, Michael D
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
> -----Original Message-----
> From: Ni, Ray <ray.ni@intel.com>
> Sent: Tuesday, March 21, 2023 4:57 PM
> To: devel@edk2.groups.io
> Cc: Dong, Eric <eric.dong@intel.com>; Kumar, Rahul R <rahul.r.kumar@intel.com>; Gerd Hoffmann <kraxel@redhat.com>; Kinney,
> Michael D <michael.d.kinney@intel.com>; Anadani, Ahmad <ahmad.anadani@intel.com>
> Subject: [PATCH 6/6] UefiCpuPkg/MtrrTest: Add test cases for TME-MK enable case
>
> When TME-MK is enabled, the MtrrLib should substract the TME-MK
> reserved bits from the max PA returned from CPUID instruction.
>
> The new test case guarantees such behavior in MtrrLib.
>
> Signed-off-by: Ray Ni <ray.ni@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Ahmad Anadani <ahmad.anadani@intel.com>
> ---
> .../MtrrLib/UnitTest/MtrrLibUnitTest.c | 18 +--
> .../MtrrLib/UnitTest/MtrrLibUnitTest.h | 3 +-
> UefiCpuPkg/Library/MtrrLib/UnitTest/Support.c | 119 ++++++++++++++----
> 3 files changed, 107 insertions(+), 33 deletions(-)
>
> diff --git a/UefiCpuPkg/Library/MtrrLib/UnitTest/MtrrLibUnitTest.c b/UefiCpuPkg/Library/MtrrLib/UnitTest/MtrrLibUnitTest.c
> index b9a97dee09..1409ae27bb 100644
> --- a/UefiCpuPkg/Library/MtrrLib/UnitTest/MtrrLibUnitTest.c
> +++ b/UefiCpuPkg/Library/MtrrLib/UnitTest/MtrrLibUnitTest.c
> @@ -1,7 +1,7 @@
> /** @file
>
> Unit tests of the MtrrLib instance of the MtrrLib class
>
>
>
> - Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
>
> + Copyright (c) 2020 - 2023, Intel Corporation. All rights reserved.<BR>
>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
>
>
> **/
>
> @@ -30,6 +30,8 @@ STATIC MTRR_LIB_SYSTEM_PARAMETER mSystemParameters[] = {
> { 48, TRUE, TRUE, CacheWriteThrough, 12 },
>
> { 48, TRUE, TRUE, CacheWriteProtected, 12 },
>
> { 48, TRUE, TRUE, CacheWriteCombining, 12 },
>
> +
>
> + { 48, TRUE, TRUE, CacheWriteBack, 12, 7}, // 7 bits for MKTME
>
> };
>
>
>
> UINT32 mFixedMtrrsIndex[] = {
>
> @@ -219,7 +221,7 @@ UnitTestMtrrSetMemoryAttributesInMtrrSettings (
> &WcCount
>
> );
>
> GenerateValidAndConfigurableMtrrPairs (
>
> - SystemParameter->PhysicalAddressBits,
>
> + SystemParameter->PhysicalAddressBits - SystemParameter->MkTmeKeyidBits,
>
> RawMtrrRange,
>
> UcCount,
>
> WtCount,
>
> @@ -232,7 +234,7 @@ UnitTestMtrrSetMemoryAttributesInMtrrSettings (
> ExpectedMemoryRangesCount = ARRAY_SIZE (ExpectedMemoryRanges);
>
> GetEffectiveMemoryRanges (
>
> SystemParameter->DefaultCacheType,
>
> - SystemParameter->PhysicalAddressBits,
>
> + SystemParameter->PhysicalAddressBits - SystemParameter->MkTmeKeyidBits,
>
> RawMtrrRange,
>
> ExpectedVariableMtrrUsage,
>
> ExpectedMemoryRanges,
>
> @@ -278,7 +280,7 @@ UnitTestMtrrSetMemoryAttributesInMtrrSettings (
> ActualMemoryRangesCount = ARRAY_SIZE (ActualMemoryRanges);
>
> CollectTestResult (
>
> SystemParameter->DefaultCacheType,
>
> - SystemParameter->PhysicalAddressBits,
>
> + SystemParameter->PhysicalAddressBits - SystemParameter->MkTmeKeyidBits,
>
> SystemParameter->VariableMtrrCount,
>
> &LocalMtrrs,
>
> ActualMemoryRanges,
>
> @@ -325,7 +327,7 @@ UnitTestInvalidMemoryLayouts (
> SystemParameter = (MTRR_LIB_SYSTEM_PARAMETER *)Context;
>
>
>
> RangeCount = Random32 (1, ARRAY_SIZE (Ranges));
>
> - MaxAddress = 1ull << SystemParameter->PhysicalAddressBits;
>
> + MaxAddress = 1ull << (SystemParameter->PhysicalAddressBits - SystemParameter->MkTmeKeyidBits);
>
>
>
> for (Index = 0; Index < RangeCount; Index++) {
>
> do {
>
> @@ -967,7 +969,7 @@ UnitTestMtrrSetMemoryAttributeInMtrrSettings (
> &WcCount
>
> );
>
> GenerateValidAndConfigurableMtrrPairs (
>
> - SystemParameter->PhysicalAddressBits,
>
> + SystemParameter->PhysicalAddressBits - SystemParameter->MkTmeKeyidBits,
>
> RawMtrrRange,
>
> UcCount,
>
> WtCount,
>
> @@ -980,7 +982,7 @@ UnitTestMtrrSetMemoryAttributeInMtrrSettings (
> ExpectedMemoryRangesCount = ARRAY_SIZE (ExpectedMemoryRanges);
>
> GetEffectiveMemoryRanges (
>
> SystemParameter->DefaultCacheType,
>
> - SystemParameter->PhysicalAddressBits,
>
> + SystemParameter->PhysicalAddressBits - SystemParameter->MkTmeKeyidBits,
>
> RawMtrrRange,
>
> ExpectedVariableMtrrUsage,
>
> ExpectedMemoryRanges,
>
> @@ -1019,7 +1021,7 @@ UnitTestMtrrSetMemoryAttributeInMtrrSettings (
> ActualMemoryRangesCount = ARRAY_SIZE (ActualMemoryRanges);
>
> CollectTestResult (
>
> SystemParameter->DefaultCacheType,
>
> - SystemParameter->PhysicalAddressBits,
>
> + SystemParameter->PhysicalAddressBits - SystemParameter->MkTmeKeyidBits,
>
> SystemParameter->VariableMtrrCount,
>
> &LocalMtrrs,
>
> ActualMemoryRanges,
>
> diff --git a/UefiCpuPkg/Library/MtrrLib/UnitTest/MtrrLibUnitTest.h b/UefiCpuPkg/Library/MtrrLib/UnitTest/MtrrLibUnitTest.h
> index 57e656c555..4471c1dcf7 100644
> --- a/UefiCpuPkg/Library/MtrrLib/UnitTest/MtrrLibUnitTest.h
> +++ b/UefiCpuPkg/Library/MtrrLib/UnitTest/MtrrLibUnitTest.h
> @@ -1,6 +1,6 @@
> /** @file
>
>
>
> - Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
>
> + Copyright (c) 2020 - 2023, Intel Corporation. All rights reserved.<BR>
>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
>
>
> **/
>
> @@ -40,6 +40,7 @@ typedef struct {
> BOOLEAN FixedMtrrSupported;
>
> MTRR_MEMORY_CACHE_TYPE DefaultCacheType;
>
> UINT32 VariableMtrrCount;
>
> + UINT8 MkTmeKeyidBits;
>
> } MTRR_LIB_SYSTEM_PARAMETER;
>
>
>
> extern UINT32 mFixedMtrrsIndex[];
>
> diff --git a/UefiCpuPkg/Library/MtrrLib/UnitTest/Support.c b/UefiCpuPkg/Library/MtrrLib/UnitTest/Support.c
> index 260966e7b6..ba1de10034 100644
> --- a/UefiCpuPkg/Library/MtrrLib/UnitTest/Support.c
> +++ b/UefiCpuPkg/Library/MtrrLib/UnitTest/Support.c
> @@ -12,13 +12,15 @@ MTRR_MEMORY_CACHE_TYPE mMemoryCacheTypes[] = {
> CacheUncacheable, CacheWriteCombining, CacheWriteThrough, CacheWriteProtected, CacheWriteBack
>
> };
>
>
>
> -UINT64 mFixedMtrrsValue[MTRR_NUMBER_OF_FIXED_MTRR];
>
> -MSR_IA32_MTRR_PHYSBASE_REGISTER mVariableMtrrsPhysBase[MTRR_NUMBER_OF_VARIABLE_MTRR];
>
> -MSR_IA32_MTRR_PHYSMASK_REGISTER mVariableMtrrsPhysMask[MTRR_NUMBER_OF_VARIABLE_MTRR];
>
> -MSR_IA32_MTRR_DEF_TYPE_REGISTER mDefTypeMsr;
>
> -MSR_IA32_MTRRCAP_REGISTER mMtrrCapMsr;
>
> -CPUID_VERSION_INFO_EDX mCpuidVersionInfoEdx;
>
> -CPUID_VIR_PHY_ADDRESS_SIZE_EAX mCpuidVirPhyAddressSizeEax;
>
> +UINT64 mFixedMtrrsValue[MTRR_NUMBER_OF_FIXED_MTRR];
>
> +MSR_IA32_MTRR_PHYSBASE_REGISTER mVariableMtrrsPhysBase[MTRR_NUMBER_OF_VARIABLE_MTRR];
>
> +MSR_IA32_MTRR_PHYSMASK_REGISTER mVariableMtrrsPhysMask[MTRR_NUMBER_OF_VARIABLE_MTRR];
>
> +MSR_IA32_MTRR_DEF_TYPE_REGISTER mDefTypeMsr;
>
> +MSR_IA32_MTRRCAP_REGISTER mMtrrCapMsr;
>
> +MSR_IA32_TME_ACTIVATE_REGISTER mTmeActivateMsr;
>
> +CPUID_VERSION_INFO_EDX mCpuidVersionInfoEdx;
>
> +CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS_ECX mCpuidExtendedFeatureFlagsEcx;
>
> +CPUID_VIR_PHY_ADDRESS_SIZE_EAX mCpuidVirPhyAddressSizeEax;
>
>
>
> BOOLEAN mRandomInput;
>
> UINTN mNumberIndex = 0;
>
> @@ -87,34 +89,42 @@ GenerateRandomNumbers (
> }
>
>
>
> /**
>
> - Retrieves CPUID information.
>
> + Retrieves CPUID information using an extended leaf identifier.
>
> +
>
> + Executes the CPUID instruction with EAX set to the value specified by Index
>
> + and ECX set to the value specified by SubIndex. This function always returns
>
> + Index. This function is only available on IA-32 and x64.
>
>
>
> - Executes the CPUID instruction with EAX set to the value specified by Index.
>
> - This function always returns Index.
>
> If Eax is not NULL, then the value of EAX after CPUID is returned in Eax.
>
> If Ebx is not NULL, then the value of EBX after CPUID is returned in Ebx.
>
> If Ecx is not NULL, then the value of ECX after CPUID is returned in Ecx.
>
> If Edx is not NULL, then the value of EDX after CPUID is returned in Edx.
>
> - This function is only available on IA-32 and x64.
>
>
>
> - @param Index The 32-bit value to load into EAX prior to invoking the CPUID
>
> - instruction.
>
> - @param Eax The pointer to the 32-bit EAX value returned by the CPUID
>
> - instruction. This is an optional parameter that may be NULL.
>
> - @param Ebx The pointer to the 32-bit EBX value returned by the CPUID
>
> - instruction. This is an optional parameter that may be NULL.
>
> - @param Ecx The pointer to the 32-bit ECX value returned by the CPUID
>
> - instruction. This is an optional parameter that may be NULL.
>
> - @param Edx The pointer to the 32-bit EDX value returned by the CPUID
>
> - instruction. This is an optional parameter that may be NULL.
>
> + @param Index The 32-bit value to load into EAX prior to invoking the
>
> + CPUID instruction.
>
> + @param SubIndex The 32-bit value to load into ECX prior to invoking the
>
> + CPUID instruction.
>
> + @param Eax The pointer to the 32-bit EAX value returned by the CPUID
>
> + instruction. This is an optional parameter that may be
>
> + NULL.
>
> + @param Ebx The pointer to the 32-bit EBX value returned by the CPUID
>
> + instruction. This is an optional parameter that may be
>
> + NULL.
>
> + @param Ecx The pointer to the 32-bit ECX value returned by the CPUID
>
> + instruction. This is an optional parameter that may be
>
> + NULL.
>
> + @param Edx The pointer to the 32-bit EDX value returned by the CPUID
>
> + instruction. This is an optional parameter that may be
>
> + NULL.
>
>
>
> @return Index.
>
>
>
> **/
>
> UINT32
>
> EFIAPI
>
> -UnitTestMtrrLibAsmCpuid (
>
> +UnitTestMtrrLibAsmCpuidEx (
>
> IN UINT32 Index,
>
> + IN UINT32 SubIndex,
>
> OUT UINT32 *Eax OPTIONAL,
>
> OUT UINT32 *Ebx OPTIONAL,
>
> OUT UINT32 *Ecx OPTIONAL,
>
> @@ -124,7 +134,7 @@ UnitTestMtrrLibAsmCpuid (
> switch (Index) {
>
> case CPUID_SIGNATURE:
>
> if (Eax != NULL) {
>
> - *Eax = CPUID_VERSION_INFO;
>
> + *Eax = CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS;
>
> }
>
>
>
> return Index;
>
> @@ -134,6 +144,13 @@ UnitTestMtrrLibAsmCpuid (
> *Edx = mCpuidVersionInfoEdx.Uint32;
>
> }
>
>
>
> + return Index;
>
> + break;
>
> + case CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS:
>
> + if (Ecx != NULL) {
>
> + *Ecx = mCpuidExtendedFeatureFlagsEcx.Uint32;
>
> + }
>
> +
>
> return Index;
>
> break;
>
> case CPUID_EXTENDED_FUNCTION:
>
> @@ -159,6 +176,44 @@ UnitTestMtrrLibAsmCpuid (
> return Index;
>
> }
>
>
>
> +/**
>
> + Retrieves CPUID information.
>
> +
>
> + Executes the CPUID instruction with EAX set to the value specified by Index.
>
> + This function always returns Index.
>
> + If Eax is not NULL, then the value of EAX after CPUID is returned in Eax.
>
> + If Ebx is not NULL, then the value of EBX after CPUID is returned in Ebx.
>
> + If Ecx is not NULL, then the value of ECX after CPUID is returned in Ecx.
>
> + If Edx is not NULL, then the value of EDX after CPUID is returned in Edx.
>
> + This function is only available on IA-32 and x64.
>
> +
>
> + @param Index The 32-bit value to load into EAX prior to invoking the CPUID
>
> + instruction.
>
> + @param Eax The pointer to the 32-bit EAX value returned by the CPUID
>
> + instruction. This is an optional parameter that may be NULL.
>
> + @param Ebx The pointer to the 32-bit EBX value returned by the CPUID
>
> + instruction. This is an optional parameter that may be NULL.
>
> + @param Ecx The pointer to the 32-bit ECX value returned by the CPUID
>
> + instruction. This is an optional parameter that may be NULL.
>
> + @param Edx The pointer to the 32-bit EDX value returned by the CPUID
>
> + instruction. This is an optional parameter that may be NULL.
>
> +
>
> + @return Index.
>
> +
>
> +**/
>
> +UINT32
>
> +EFIAPI
>
> +UnitTestMtrrLibAsmCpuid (
>
> + IN UINT32 Index,
>
> + OUT UINT32 *Eax OPTIONAL,
>
> + OUT UINT32 *Ebx OPTIONAL,
>
> + OUT UINT32 *Ecx OPTIONAL,
>
> + OUT UINT32 *Edx OPTIONAL
>
> + )
>
> +{
>
> + return UnitTestMtrrLibAsmCpuidEx (Index, 0, Eax, Ebx, Ecx, Edx);
>
> +}
>
> +
>
> /**
>
> Returns a 64-bit Machine Specific Register(MSR).
>
>
>
> @@ -207,6 +262,10 @@ UnitTestMtrrLibAsmReadMsr64 (
> return mMtrrCapMsr.Uint64;
>
> }
>
>
>
> + if (MsrIndex == MSR_IA32_TME_ACTIVATE) {
>
> + return mTmeActivateMsr.Uint64;
>
> + }
>
> +
>
> //
>
> // Should never fall through to here
>
> //
>
> @@ -324,10 +383,22 @@ InitializeMtrrRegs (
> //
>
> // Hook BaseLib functions used by MtrrLib that require some emulation.
>
> //
>
> - gUnitTestHostBaseLib.X86->AsmCpuid = UnitTestMtrrLibAsmCpuid;
>
> + gUnitTestHostBaseLib.X86->AsmCpuid = UnitTestMtrrLibAsmCpuid;
>
> + gUnitTestHostBaseLib.X86->AsmCpuidEx = UnitTestMtrrLibAsmCpuidEx;
>
> +
>
> gUnitTestHostBaseLib.X86->AsmReadMsr64 = UnitTestMtrrLibAsmReadMsr64;
>
> gUnitTestHostBaseLib.X86->AsmWriteMsr64 = UnitTestMtrrLibAsmWriteMsr64;
>
>
>
> + if (SystemParameter->MkTmeKeyidBits != 0) {
>
> + mCpuidExtendedFeatureFlagsEcx.Bits.TME_EN = 1;
>
> + mTmeActivateMsr.Bits.TmeEnable = 1;
>
> + mTmeActivateMsr.Bits.MkTmeKeyidBits = SystemParameter->MkTmeKeyidBits;
>
> + } else {
>
> + mCpuidExtendedFeatureFlagsEcx.Bits.TME_EN = 0;
>
> + mTmeActivateMsr.Bits.TmeEnable = 0;
>
> + mTmeActivateMsr.Bits.MkTmeKeyidBits = 0;
>
> + }
>
> +
>
> return UNIT_TEST_PASSED;
>
> }
>
>
>
> --
> 2.39.1.windows.1
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH 1/6] MdePkg: Add TME-MK related CPUID and MSR definitions
2023-03-29 22:14 ` Michael D Kinney
@ 2023-03-29 22:24 ` Michael D Kinney
0 siblings, 0 replies; 14+ messages in thread
From: Michael D Kinney @ 2023-03-29 22:24 UTC (permalink / raw)
To: Ni, Ray, devel@edk2.groups.io
Cc: Gao, Liming, Liu, Zhiguang, Kinney, Michael D
If you agree with the change from Uint32 -> Uint32[2], then with that change
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
> -----Original Message-----
> From: Kinney, Michael D <michael.d.kinney@intel.com>
> Sent: Wednesday, March 29, 2023 3:15 PM
> To: Ni, Ray <ray.ni@intel.com>; devel@edk2.groups.io
> Cc: Gao, Liming <gaoliming@byosoft.com.cn>; Liu, Zhiguang <zhiguang.liu@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>
> Subject: RE: [PATCH 1/6] MdePkg: Add TME-MK related CPUID and MSR definitions
>
> Hi Ray,
>
> One comment below.
>
> Mike
>
> > -----Original Message-----
> > From: Ni, Ray <ray.ni@intel.com>
> > Sent: Tuesday, March 21, 2023 4:57 PM
> > To: devel@edk2.groups.io
> > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>; Liu, Zhiguang
> > <zhiguang.liu@intel.com>
> > Subject: [PATCH 1/6] MdePkg: Add TME-MK related CPUID and MSR definitions
> >
> > TME (Total Memory Encryption) is the capability to encrypt
> > the entirety of physical memory of a system.
> > TME-MK (Total Memory Encryption-Multi-Key) builds on TME and adds
> > support for multiple encryption keys.
> >
> > The patch adds some necessary CPUID/MSR definitions for TME-MK.
> >
> > Signed-off-by: Ray Ni <ray.ni@intel.com>
> > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > Cc: Liming Gao <gaoliming@byosoft.com.cn>
> > Cc: Zhiguang Liu <zhiguang.liu@intel.com>
> > ---
> > .../Include/Register/Intel/ArchitecturalMsr.h | 106 +++++++++++++++++-
> > MdePkg/Include/Register/Intel/Cpuid.h | 9 +-
> > 2 files changed, 112 insertions(+), 3 deletions(-)
> >
> > diff --git a/MdePkg/Include/Register/Intel/ArchitecturalMsr.h b/MdePkg/Include/Register/Intel/ArchitecturalMsr.h
> > index 071a8c689c..76d80660da 100644
> > --- a/MdePkg/Include/Register/Intel/ArchitecturalMsr.h
> > +++ b/MdePkg/Include/Register/Intel/ArchitecturalMsr.h
> > @@ -6,7 +6,7 @@
> > returned is a single 32-bit or 64-bit value, then a data structure is not
> >
> > provided for that MSR.
> >
> >
> >
> > - Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.<BR>
> >
> > + Copyright (c) 2016 - 2023, Intel Corporation. All rights reserved.<BR>
> >
> > SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> >
> >
> > @par Specification Reference:
> >
> > @@ -5679,6 +5679,110 @@ typedef union {
> > **/
> >
> > #define MSR_IA32_X2APIC_SELF_IPI 0x0000083F
> >
> >
> >
> > +/**
> >
> > + Memory Encryption Activation MSR. If CPUID.07H:ECX.[13] = 1.
> >
> > +
> >
> > + @param ECX MSR_IA32_TME_ACTIVATE (0x00000982)
> >
> > + @param EAX Lower 32-bits of MSR value.
> >
> > + Described by the type MSR_IA32_TME_ACTIVATE_REGISTER.
> >
> > + @param EDX Upper 32-bits of MSR value.
> >
> > + Described by the type MSR_IA32_TME_ACTIVATE_REGISTER.
> >
> > +
> >
> > + <b>Example usage</b>
> >
> > + @code
> >
> > + MSR_IA32_TME_ACTIVATE_REGISTER Msr;
> >
> > +
> >
> > + Msr.Uint64 = AsmReadMsr64 (MSR_IA32_TME_ACTIVATE);
> >
> > + AsmWriteMsr64 (MSR_IA32_TME_ACTIVATE, Msr.Uint64);
> >
> > + @endcode
> >
> > + @note MSR_IA32_TME_ACTIVATE is defined as IA32_TME_ACTIVATE in SDM.
> >
> > +**/
> >
> > +#define MSR_IA32_TME_ACTIVATE 0x00000982
> >
> > +
> >
> > +/**
> >
> > + MSR information returned for MSR index #MSR_IA32_TME_ACTIVATE
> >
> > +**/
> >
> > +typedef union {
> >
> > + ///
> >
> > + /// Individual bit fields
> >
> > + ///
> >
> > + struct {
> >
> > + ///
> >
> > + /// [Bit 0] Lock R/O: Will be set upon successful WRMSR (or first SMI);
> >
> > + /// written value ignored..
> >
> > + ///
> >
> > + UINT32 Lock : 1;
> >
> > + ///
> >
> > + /// [Bit 1] Hardware Encryption Enable: This bit also enables MKTME; MKTME
> >
> > + /// cannot be enabled without enabling encryption hardware.
> >
> > + ///
> >
> > + UINT32 TmeEnable : 1;
> >
> > + ///
> >
> > + /// [Bit 2] Key Select:
> >
> > + /// 0: Create a new TME key (expected cold/warm boot).
> >
> > + /// 1: Restore the TME key from storage (Expected when resume from standby).
> >
> > + ///
> >
> > + UINT32 KeySelect : 1;
> >
> > + ///
> >
> > + /// [Bit 3] Save TME Key for Standby: Save key into storage to be used when
> >
> > + /// resume from standby.
> >
> > + /// Note: This may not be supported in all processors.
> >
> > + ///
> >
> > + UINT32 SaveKeyForStandby : 1;
> >
> > + ///
> >
> > + /// [Bit 7:4] TME Policy/Encryption Algorithm: Only algorithms enumerated in
> >
> > + /// IA32_TME_CAPABILITY are allowed.
> >
> > + /// For example:
> >
> > + /// 0000 – AES-XTS-128.
> >
> > + /// 0001 – AES-XTS-128 with integrity.
> >
> > + /// 0010 – AES-XTS-256.
> >
> > + /// Other values are invalid.
> >
> > + ///
> >
> > + UINT32 TmePolicy : 4;
> >
> > + UINT32 Reserved : 23;
> >
> > + ///
> >
> > + /// [Bit 31] TME Encryption Bypass Enable: When encryption hardware is enabled:
> >
> > + /// * Total Memory Encryption is enabled using a CPU generated ephemeral key
> >
> > + /// based on a hardware random number generator when this bit is set to 0.
> >
> > + /// * Total Memory Encryption is bypassed (no encryption/decryption for KeyID0)
> >
> > + /// when this bit is set to 1.
> >
> > + /// Software must inspect Hardware Encryption Enable (bit 1) and TME encryption
> >
> > + /// bypass Enable (bit 31) to determine if TME encryption is enabled.
> >
> > + ///
> >
> > + UINT32 TmeBypassMode : 1;
> >
> > + ///
> >
> > + /// [Bit 35:32] MK_TME_KEYID_BITS: Reserved if MKTME is not enumerated, otherwise:
> >
> > + /// The number of key identifier bits to allocate to MKTME usage.
> >
> > + /// Similar to enumeration, this is an encoded value.
> >
> > + /// Writing a value greater than MK_TME_MAX_KEYID_BITS will result in #GP.
> >
> > + /// Writing a non-zero value to this field will #GP if bit 1 of EAX (Hardware
> >
> > + /// Encryption Enable) is not also set to ‘1, as encryption hardware must be
> >
> > + /// enabled to use MKTME.
> >
> > + /// Example: To support 255 keys, this field would be set to a value of 8.
> >
> > + ///
> >
> > + UINT32 MkTmeKeyidBits : 4;
> >
> > + UINT32 Reserved2 : 12;
> >
> > + ///
> >
> > + /// [Bit 63:48] MK_TME_CRYPTO_ALGS: Reserved if MKTME is not enumerated, otherwise:
> >
> > + /// Bit 48: AES-XTS 128.
> >
> > + /// Bit 49: AES-XTS 128 with integrity.
> >
> > + /// Bit 50: AES-XTS 256.
> >
> > + /// Bit 63:51: Reserved (#GP)
> >
> > + /// Bitmask for BIOS to set which encryption algorithms are allowed for MKTME, would
> >
> > + /// be later enforced by the key loading ISA ('1= allowed)
> >
> > + ///
> >
> > + UINT32 MkTmeCryptoAlgs : 16;
> >
> > + } Bits;
> >
> > + ///
> >
> > + /// All bit fields as a 32-bit value
> >
> > + ///
> >
> > + UINT32 Uint32;
>
> This is the first MSR in these include files that has defined bits in the range 32..63.
> This Uint32 union member can only access the lower 32-bits of the MSR.
> Should this be changed to Uint32[2]?
>
> >
> > + ///
> >
> > + /// All bit fields as a 64-bit value
> >
> > + ///
> >
> > + UINT64 Uint64;
> >
> > +} MSR_IA32_TME_ACTIVATE_REGISTER;
> >
> > +
> >
> > /**
> >
> > Silicon Debug Feature Control (R/W). If CPUID.01H:ECX.[11] = 1.
> >
> >
> >
> > diff --git a/MdePkg/Include/Register/Intel/Cpuid.h b/MdePkg/Include/Register/Intel/Cpuid.h
> > index 350bf60252..1fb880c85c 100644
> > --- a/MdePkg/Include/Register/Intel/Cpuid.h
> > +++ b/MdePkg/Include/Register/Intel/Cpuid.h
> > @@ -6,7 +6,7 @@
> > If a register returned is a single 32-bit value, then a data structure is
> >
> > not provided for that register.
> >
> >
> >
> > - Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.<BR>
> >
> > + Copyright (c) 2015 - 2023, Intel Corporation. All rights reserved.<BR>
> >
> > SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> >
> >
> > @par Specification Reference:
> >
> > @@ -1490,7 +1490,12 @@ typedef union {
> > /// RDPKRU/WRPKRU instructions).
> >
> > ///
> >
> > UINT32 OSPKE : 1;
> >
> > - UINT32 Reserved5 : 9;
> >
> > + UINT32 Reserved8 : 8;
> >
> > + ///
> >
> > + /// [Bit 13] If 1, the following MSRs are supported: IA32_TME_CAPABILITY, IA32_TME_ACTIVATE,
> >
> > + /// IA32_TME_EXCLUDE_MASK, and IA32_TME_EXCLUDE_BASE.
> >
> > + ///
> >
> > + UINT32 TME_EN : 1;
> >
> > ///
> >
> > /// [Bits 14] AVX512_VPOPCNTDQ. (Intel Xeon Phi only.).
> >
> > ///
> >
> > --
> > 2.39.1.windows.1
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2023-03-29 22:24 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-03-21 23:56 [PATCH 0/6] Substract TME-MK KEY_ID_BITS from CPU max PA Ni, Ray
2023-03-21 23:56 ` [PATCH 1/6] MdePkg: Add TME-MK related CPUID and MSR definitions Ni, Ray
2023-03-29 22:14 ` Michael D Kinney
2023-03-29 22:24 ` Michael D Kinney
2023-03-21 23:56 ` [PATCH 2/6] UefiCpuPkg/MtrrTest: Only claim CPUID max leaf as 1 Ni, Ray
2023-03-29 22:22 ` Michael D Kinney
2023-03-21 23:56 ` [PATCH 3/6] UefiCpuPkg/MtrrLib: Substract TME-MK KEY_ID_BITS from CPU max PA Ni, Ray
2023-03-29 22:22 ` Michael D Kinney
2023-03-21 23:56 ` [PATCH 4/6] UefiCpuPkg/CpuDxe: Refactor to use CPUID definitions Ni, Ray
2023-03-29 22:22 ` Michael D Kinney
2023-03-21 23:56 ` [PATCH 5/6] UefiCpuPkg/CpuDxe: Substract TME-MK KEY_ID_BITS from CPU max PA Ni, Ray
2023-03-29 22:23 ` Michael D Kinney
2023-03-21 23:56 ` [PATCH 6/6] UefiCpuPkg/MtrrTest: Add test cases for TME-MK enable case Ni, Ray
2023-03-29 22:23 ` Michael D Kinney
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox