From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id E1D29D8094F for ; Mon, 26 Feb 2024 05:18:54 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=8JpiRRnorqkG1T9Y2YY0AYbxhCMHcVTv4tF4aCn2YZk=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1708924733; v=1; b=sjxr3En/YNI2oEgf27FwBv9IH53jvFjHL+Ys22iFLjRCdY4R8/XD7LsPGuw9JFcFlmLplMzd 15aecbcs9uGk6NFGkwCNd8b2FDtV6gyptnXL3fwpAflLozHkI12WJJRvYYeMZBVgrjYV+Xt/A3J F+Y2Nbhh64xika3WBIg4ERZ0= X-Received: by 127.0.0.2 with SMTP id zMAHYY7687511xNywODRizRx; Sun, 25 Feb 2024 21:18:53 -0800 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.15]) by mx.groups.io with SMTP id smtpd.web11.14421.1708924732948892503 for ; Sun, 25 Feb 2024 21:18:53 -0800 X-IronPort-AV: E=McAfee;i="6600,9927,10995"; a="3344931" X-IronPort-AV: E=Sophos;i="6.06,185,1705392000"; d="scan'208";a="3344931" X-Received: from orviesa008.jf.intel.com ([10.64.159.148]) by fmvoesa109.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Feb 2024 21:18:53 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.06,185,1705392000"; d="scan'208";a="7051876" X-Received: from tdvf-default-string.sh.intel.com ([10.239.49.7]) by orviesa008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Feb 2024 21:18:49 -0800 From: "sunceping" To: devel@edk2.groups.io Cc: Ceping Sun , Liming Gao , Michael D Kinney , Erdem Aktas , James Bottomley , Jiewen Yao , Min Xu , Tom Lendacky , Michael Roth , Gerd Hoffmann , Isaku Yamahata Subject: [edk2-devel] [PATCH V1 0/3] OvmfPkg: Update TDVMCALL to avoid leaking secrets to the VMM Date: Tue, 27 Feb 2024 05:18:30 +0800 Message-Id: <20240226211833.3156606-1-cepingx.sun@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,cepingx.sun@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 8FaaYDjMHjMKrj1IOCdQFZ70x7686176AA= Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b="sjxr3En/"; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none) REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4696 According to section 2.4.1 of [GHCI] spec, RBP register is usually used as a frame pointer according to the C language calling convention. The software should not use RBP as an input/output parameter and should clear BIT5 (RBP) in the GPR mask in RCX. Reference: [GHCI]: TDX Guest-Host-Communication Interface v1.5 https://cdrdv2.intel.com/v1/dl/getContent/726792 Cc: Liming Gao Cc: Michael D Kinney Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Cc: Michael Roth Cc: Gerd Hoffmann Cc: Isaku Yamahata Signed-off-by: Ceping Sun Ceping Sun (3): MdePkg/BaseLib: Update TDVMCALL_EXPOSE_REGS_MASK OvmfPkg/CcExitLib: Update TDVMCALL_EXPOSE_REGS_MASK OvmfPkg/TdxDxe: Clear the registers before tdcall MdePkg/Library/BaseLib/X64/TdVmcall.nasm | 2 +- .../Library/CcExitLib/X64/TdVmcallCpuid.nasm | 2 +- OvmfPkg/TdxDxe/X64/ApRunLoop.nasm | 30 ++++++++++++++++--- 3 files changed, 28 insertions(+), 6 deletions(-) -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#115941): https://edk2.groups.io/g/devel/message/115941 Mute This Topic: https://groups.io/mt/104577516/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-