[edk2-devel] [PATCH V1 0/3] OvmfPkg: Update TDVMCALL to avoid leaking secrets to the VMM

[edk2-devel] [PATCH V1 0/3] OvmfPkg: Update TDVMCALL to avoid leaking secrets to the VMM

[sunceping]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4696

According to section 2.4.1 of [GHCI] spec,
RBP register is usually used as a frame pointer according to the C language calling convention. 
The software should not use RBP as an input/output parameter and should clear BIT5 (RBP) in
the GPR mask in RCX.

Reference:
[GHCI]: TDX Guest-Host-Communication Interface v1.5
https://cdrdv2.intel.com/v1/dl/getContent/726792


Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Isaku Yamahata <isaku.yamahata@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>

Ceping Sun (3):
  MdePkg/BaseLib: Update TDVMCALL_EXPOSE_REGS_MASK
  OvmfPkg/CcExitLib: Update TDVMCALL_EXPOSE_REGS_MASK
  OvmfPkg/TdxDxe: Clear the registers before tdcall

 MdePkg/Library/BaseLib/X64/TdVmcall.nasm      |  2 +-
 .../Library/CcExitLib/X64/TdVmcallCpuid.nasm  |  2 +-
 OvmfPkg/TdxDxe/X64/ApRunLoop.nasm             | 30 ++++++++++++++++---
 3 files changed, 28 insertions(+), 6 deletions(-)

-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115941): https://edk2.groups.io/g/devel/message/115941
Mute This Topic: https://groups.io/mt/104577516/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V1 1/3] MdePkg/BaseLib: Update TDVMCALL_EXPOSE_REGS_MASK

[sunceping]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4696

Refer to the [GHCI] spec, TDVF should clear the BIT5 for RBP in the mask.

Reference:
[GHCI]: TDX Guest-Host-Communication Interface v1.5
https://cdrdv2.intel.com/v1/dl/getContent/726792

Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Isaku Yamahata <isaku.yamahata@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
---
 MdePkg/Library/BaseLib/X64/TdVmcall.nasm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/MdePkg/Library/BaseLib/X64/TdVmcall.nasm b/MdePkg/Library/BaseLib/X64/TdVmcall.nasm
index 8dd9bfcbfa14..b20724a37015 100644
--- a/MdePkg/Library/BaseLib/X64/TdVmcall.nasm
+++ b/MdePkg/Library/BaseLib/X64/TdVmcall.nasm
@@ -9,7 +9,7 @@
 DEFAULT REL
 SECTION .text
 
-%define TDVMCALL_EXPOSE_REGS_MASK       0xffec
+%define TDVMCALL_EXPOSE_REGS_MASK       0xffcc
 %define TDVMCALL                        0x0
 
 %macro tdcall 0
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115942): https://edk2.groups.io/g/devel/message/115942
Mute This Topic: https://groups.io/mt/104577519/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V1 2/3] OvmfPkg/CcExitLib: Update TDVMCALL_EXPOSE_REGS_MASK

[sunceping]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4696

Refer to the [GHCI] spec, TDVF should clear the BIT5 for RBP in the mask.

Reference:
[GHCI]: TDX Guest-Host-Communication Interface v1.5
https://cdrdv2.intel.com/v1/dl/getContent/726792

Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Isaku Yamahata <isaku.yamahata@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
---
 OvmfPkg/Library/CcExitLib/X64/TdVmcallCpuid.nasm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/OvmfPkg/Library/CcExitLib/X64/TdVmcallCpuid.nasm b/OvmfPkg/Library/CcExitLib/X64/TdVmcallCpuid.nasm
index fa86440904fe..c9c007352e8d 100644
--- a/OvmfPkg/Library/CcExitLib/X64/TdVmcallCpuid.nasm
+++ b/OvmfPkg/Library/CcExitLib/X64/TdVmcallCpuid.nasm
@@ -9,7 +9,7 @@
 DEFAULT REL
 SECTION .text
 
-%define TDVMCALL_EXPOSE_REGS_MASK       0xffec
+%define TDVMCALL_EXPOSE_REGS_MASK       0xffcc
 %define TDVMCALL                        0x0
 %define EXIT_REASON_CPUID               0xa
 
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115943): https://edk2.groups.io/g/devel/message/115943
Mute This Topic: https://groups.io/mt/104577520/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V1 3/3] OvmfPkg/TdxDxe: Clear the registers before tdcall

[sunceping]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4696

Refer to the [GHCI] spec, TDVF should clear the BIT5 for RBP in the mask.
And TDVF should clear the regitsers to avoid leaking secrets to VMM.

Reference:
[GHCI]: TDX Guest-Host-Communication Interface v1.5
https://cdrdv2.intel.com/v1/dl/getContent/726792

Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Isaku Yamahata <isaku.yamahata@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
---
 OvmfPkg/TdxDxe/X64/ApRunLoop.nasm | 30 ++++++++++++++++++++++++++----
 1 file changed, 26 insertions(+), 4 deletions(-)

diff --git a/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm b/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
index 0bef89c48552..57560015f491 100644
--- a/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
+++ b/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
@@ -20,7 +20,7 @@ SECTION .text
 
 BITS 64
 
-%define TDVMCALL_EXPOSE_REGS_MASK       0xffec
+%define TDVMCALL_EXPOSE_REGS_MASK       0xffcc
 %define TDVMCALL                        0x0
 %define EXIT_REASON_CPUID               0xa
 
@@ -28,6 +28,30 @@ BITS 64
   db  0x66, 0x0f, 0x01, 0xcc
 %endmacro
 
+%macro tdcall_regs_preamble 2
+    mov rax, %1
+
+    xor rcx, rcx
+    mov ecx, %2
+
+    ; R10 = 0 (standard TDVMCALL)
+
+    xor r10d, r10d
+
+    ; Zero out unused (for standard TDVMCALL) registers to avoid leaking
+    ; secrets to the VMM.
+
+    xor esi, esi
+    xor edi, edi
+
+    xor edx, edx
+    xor ebp, ebp
+    xor r8d, r8d
+    xor r9d, r9d
+    xor r14, r14
+    xor r15, r15
+%endmacro
+
 ;
 ; Relocated Ap Mailbox loop
 ;
@@ -40,11 +64,9 @@ global ASM_PFX(AsmRelocateApMailBoxLoop)
 ASM_PFX(AsmRelocateApMailBoxLoop):
 AsmRelocateApMailBoxLoopStart:
 
-    mov         rax, TDVMCALL
-    mov         rcx, TDVMCALL_EXPOSE_REGS_MASK
-    xor         r10, r10
     mov         r11, EXIT_REASON_CPUID
     mov         r12, 0xb
+    tdcall_regs_preamble TDVMCALL, TDVMCALL_EXPOSE_REGS_MASK
     tdcall
     test        r10, r10
     jnz         Panic
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115944): https://edk2.groups.io/g/devel/message/115944
Mute This Topic: https://groups.io/mt/104577524/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH V1 0/3] OvmfPkg: Update TDVMCALL to avoid leaking secrets to the VMM

[Min Xu]

Reviewed-by: Min Xu <min.m.xu@intel.com>

> -----Original Message-----
> From: Sun, CepingX <cepingx.sun@intel.com>
> Sent: Tuesday, February 27, 2024 5:19 AM
> To: devel@edk2.groups.io
> Cc: Sun, CepingX <cepingx.sun@intel.com>; Liming Gao
> <gaoliming@byosoft.com.cn>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Aktas, Erdem <erdemaktas@google.com>;
> James Bottomley <jejb@linux.ibm.com>; Yao, Jiewen
> <jiewen.yao@intel.com>; Xu, Min M <min.m.xu@intel.com>; Tom Lendacky
> <thomas.lendacky@amd.com>; Michael Roth <michael.roth@amd.com>;
> Gerd Hoffmann <kraxel@redhat.com>; Yamahata, Isaku
> <isaku.yamahata@intel.com>
> Subject: [PATCH V1 0/3] OvmfPkg: Update TDVMCALL to avoid leaking secrets
> to the VMM
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4696
> 
> According to section 2.4.1 of [GHCI] spec, RBP register is usually used as a
> frame pointer according to the C language calling convention.
> The software should not use RBP as an input/output parameter and should
> clear BIT5 (RBP) in the GPR mask in RCX.
> 
> Reference:
> [GHCI]: TDX Guest-Host-Communication Interface v1.5
> https://cdrdv2.intel.com/v1/dl/getContent/726792
> 
> 
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Min Xu <min.m.xu@intel.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Michael Roth <michael.roth@amd.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Isaku Yamahata <isaku.yamahata@intel.com>
> Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
> 
> Ceping Sun (3):
>   MdePkg/BaseLib: Update TDVMCALL_EXPOSE_REGS_MASK
>   OvmfPkg/CcExitLib: Update TDVMCALL_EXPOSE_REGS_MASK
>   OvmfPkg/TdxDxe: Clear the registers before tdcall
> 
>  MdePkg/Library/BaseLib/X64/TdVmcall.nasm      |  2 +-
>  .../Library/CcExitLib/X64/TdVmcallCpuid.nasm  |  2 +-
>  OvmfPkg/TdxDxe/X64/ApRunLoop.nasm             | 30 ++++++++++++++++---
>  3 files changed, 28 insertions(+), 6 deletions(-)
> 
> --
> 2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116006): https://edk2.groups.io/g/devel/message/116006
Mute This Topic: https://groups.io/mt/104577516/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH V1 3/3] OvmfPkg/TdxDxe: Clear the registers before tdcall

[Isaku Yamahata]

> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4696
> 
> Refer to the [GHCI] spec, TDVF should clear the BIT5 for RBP in the mask.
> And TDVF should clear the regitsers to avoid leaking secrets to VMM.
> 
> Reference:
> [GHCI]: TDX Guest-Host-Communication Interface v1.5
> https://cdrdv2.intel.com/v1/dl/getContent/726792
> 
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Min Xu <min.m.xu@intel.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Michael Roth <michael.roth@amd.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: Isaku Yamahata <isaku.yamahata@intel.com>
> Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
> ---
>  OvmfPkg/TdxDxe/X64/ApRunLoop.nasm | 30 ++++++++++++++++++++++++++----
>  1 file changed, 26 insertions(+), 4 deletions(-)
> 
> diff --git a/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm b/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
> index 0bef89c48552..57560015f491 100644
> --- a/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
> +++ b/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
> @@ -20,7 +20,7 @@ SECTION .text
> 
>  BITS 64
> 
> -%define TDVMCALL_EXPOSE_REGS_MASK       0xffec
> +%define TDVMCALL_EXPOSE_REGS_MASK       0xffcc
>  %define TDVMCALL                        0x0
>  %define EXIT_REASON_CPUID               0xa
> 
> @@ -28,6 +28,30 @@ BITS 64
>    db  0x66, 0x0f, 0x01, 0xcc
>  %endmacro
> 
> +%macro tdcall_regs_preamble 2
> +    mov rax, %1
> +
> +    xor rcx, rcx
> +    mov ecx, %2
> +
> +    ; R10 = 0 (standard TDVMCALL)
> +
> +    xor r10d, r10d
> +
> +    ; Zero out unused (for standard TDVMCALL) registers to avoid leaking
> +    ; secrets to the VMM.
> +
> +    xor esi, esi
> +    xor edi, edi
> +
> +    xor edx, edx
> +    xor ebp, ebp
> +    xor r8d, r8d
> +    xor r9d, r9d
> +    xor r14, r14
> +    xor r15, r15

We can just clear the corresponding bit of TDVMCALL_EXPOSE_REGS_MASK in addition to RBP.
Same to 1/3 and 3/3. We can eliminate tdcall_regs_postamble.
Any reason to bother to zero those registers and pass them to VMM?

Thanks,


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116035): https://edk2.groups.io/g/devel/message/116035
Mute This Topic: https://groups.io/mt/104577524/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH V1 3/3] OvmfPkg/TdxDxe: Clear the registers before tdcall

[sunceping]

On Tuesday, February 27, 2024 8:26 PM Yamahata, Isaku wrote:
> > +%macro tdcall_regs_preamble 2
> > +    mov rax, %1
> > +
> > +    xor rcx, rcx
> > +    mov ecx, %2
> > +
> > +    ; R10 = 0 (standard TDVMCALL)
> > +
> > +    xor r10d, r10d
> > +
> > +    ; Zero out unused (for standard TDVMCALL) registers to avoid leaking
> > +    ; secrets to the VMM.
> > +
> > +    xor esi, esi
> > +    xor edi, edi
> > +
> > +    xor edx, edx
> > +    xor ebp, ebp
> > +    xor r8d, r8d
> > +    xor r9d, r9d
> > +    xor r14, r14
> > +    xor r15, r15
> 
> We can just clear the corresponding bit of TDVMCALL_EXPOSE_REGS_MASK in
> addition to RBP.
> Same to 1/3 and 3/3. We can eliminate tdcall_regs_postamble.
> Any reason to bother to zero those registers and pass them to VMM?
>
Zero out these registers to avoid leaking secrets to the VMM.
There are also some registers (e.g., r10, r14...... etc.) are output operands and should be cleared.
The tdcall_regs_preamble  was already using in the TdVmcall.nasm and TdVmcallCpuid.nasm .
For the ApRunLoop.nasm , it is fixed now.

Thanks
Ceping



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116096): https://edk2.groups.io/g/devel/message/116096
Mute This Topic: https://groups.io/mt/104577524/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH V1 1/3] MdePkg/BaseLib: Update TDVMCALL_EXPOSE_REGS_MASK

[Min Xu]

Reviewed-by: Min Xu <min.m.xu@intel.com>

> -----Original Message-----
> From: Sun, CepingX <cepingx.sun@intel.com>
> Sent: Tuesday, February 27, 2024 5:19 AM
> To: devel@edk2.groups.io
> Cc: Sun, CepingX <cepingx.sun@intel.com>; Liming Gao
> <gaoliming@byosoft.com.cn>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Aktas, Erdem <erdemaktas@google.com>;
> James Bottomley <jejb@linux.ibm.com>; Yao, Jiewen
> <jiewen.yao@intel.com>; Xu, Min M <min.m.xu@intel.com>; Tom Lendacky
> <thomas.lendacky@amd.com>; Michael Roth <michael.roth@amd.com>;
> Yamahata, Isaku <isaku.yamahata@intel.com>
> Subject: [PATCH V1 1/3] MdePkg/BaseLib: Update
> TDVMCALL_EXPOSE_REGS_MASK
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4696
> 
> Refer to the [GHCI] spec, TDVF should clear the BIT5 for RBP in the mask.
> 
> Reference:
> [GHCI]: TDX Guest-Host-Communication Interface v1.5
> https://cdrdv2.intel.com/v1/dl/getContent/726792
> 
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Min Xu <min.m.xu@intel.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Michael Roth <michael.roth@amd.com>
> Cc: Isaku Yamahata <isaku.yamahata@intel.com>
> Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
> ---
>  MdePkg/Library/BaseLib/X64/TdVmcall.nasm | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/MdePkg/Library/BaseLib/X64/TdVmcall.nasm
> b/MdePkg/Library/BaseLib/X64/TdVmcall.nasm
> index 8dd9bfcbfa14..b20724a37015 100644
> --- a/MdePkg/Library/BaseLib/X64/TdVmcall.nasm
> +++ b/MdePkg/Library/BaseLib/X64/TdVmcall.nasm
> @@ -9,7 +9,7 @@
>  DEFAULT REL
>  SECTION .text
> 
> -%define TDVMCALL_EXPOSE_REGS_MASK       0xffec
> +%define TDVMCALL_EXPOSE_REGS_MASK       0xffcc
>  %define TDVMCALL                        0x0
> 
>  %macro tdcall 0
> --
> 2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116293): https://edk2.groups.io/g/devel/message/116293
Mute This Topic: https://groups.io/mt/104577519/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH V1 3/3] OvmfPkg/TdxDxe: Clear the registers before tdcall

[Min Xu]

Reviewed-by: Min Xu <min.m.xu@intel.com>

> -----Original Message-----
> From: Sun, CepingX <cepingx.sun@intel.com>
> Sent: Tuesday, February 27, 2024 5:19 AM
> To: devel@edk2.groups.io
> Cc: Sun, CepingX <cepingx.sun@intel.com>; Aktas, Erdem
> <erdemaktas@google.com>; James Bottomley <jejb@linux.ibm.com>; Yao,
> Jiewen <jiewen.yao@intel.com>; Xu, Min M <min.m.xu@intel.com>; Tom
> Lendacky <thomas.lendacky@amd.com>; Michael Roth
> <michael.roth@amd.com>; Gerd Hoffmann <kraxel@redhat.com>;
> Yamahata, Isaku <isaku.yamahata@intel.com>
> Subject: [PATCH V1 3/3] OvmfPkg/TdxDxe: Clear the registers before tdcall
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4696
> 
> Refer to the [GHCI] spec, TDVF should clear the BIT5 for RBP in the mask.
> And TDVF should clear the regitsers to avoid leaking secrets to VMM.
> 
> Reference:
> [GHCI]: TDX Guest-Host-Communication Interface v1.5
> https://cdrdv2.intel.com/v1/dl/getContent/726792
> 
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Min Xu <min.m.xu@intel.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Michael Roth <michael.roth@amd.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: Isaku Yamahata <isaku.yamahata@intel.com>
> Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
> ---
>  OvmfPkg/TdxDxe/X64/ApRunLoop.nasm | 30
> ++++++++++++++++++++++++++----
>  1 file changed, 26 insertions(+), 4 deletions(-)
> 
> diff --git a/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
> b/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
> index 0bef89c48552..57560015f491 100644
> --- a/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
> +++ b/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
> @@ -20,7 +20,7 @@ SECTION .text
> 
>  BITS 64
> 
> -%define TDVMCALL_EXPOSE_REGS_MASK       0xffec
> +%define TDVMCALL_EXPOSE_REGS_MASK       0xffcc
>  %define TDVMCALL                        0x0
>  %define EXIT_REASON_CPUID               0xa
> 
> @@ -28,6 +28,30 @@ BITS 64
>    db  0x66, 0x0f, 0x01, 0xcc
>  %endmacro
> 
> +%macro tdcall_regs_preamble 2
> +    mov rax, %1
> +
> +    xor rcx, rcx
> +    mov ecx, %2
> +
> +    ; R10 = 0 (standard TDVMCALL)
> +
> +    xor r10d, r10d
> +
> +    ; Zero out unused (for standard TDVMCALL) registers to avoid leaking
> +    ; secrets to the VMM.
> +
> +    xor esi, esi
> +    xor edi, edi
> +
> +    xor edx, edx
> +    xor ebp, ebp
> +    xor r8d, r8d
> +    xor r9d, r9d
> +    xor r14, r14
> +    xor r15, r15
> +%endmacro
> +
>  ;
>  ; Relocated Ap Mailbox loop
>  ;
> @@ -40,11 +64,9 @@ global ASM_PFX(AsmRelocateApMailBoxLoop)
>  ASM_PFX(AsmRelocateApMailBoxLoop):
>  AsmRelocateApMailBoxLoopStart:
> 
> -    mov         rax, TDVMCALL
> -    mov         rcx, TDVMCALL_EXPOSE_REGS_MASK
> -    xor         r10, r10
>      mov         r11, EXIT_REASON_CPUID
>      mov         r12, 0xb
> +    tdcall_regs_preamble TDVMCALL, TDVMCALL_EXPOSE_REGS_MASK
>      tdcall
>      test        r10, r10
>      jnz         Panic
> --
> 2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116294): https://edk2.groups.io/g/devel/message/116294
Mute This Topic: https://groups.io/mt/104577524/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH V1 2/3] OvmfPkg/CcExitLib: Update TDVMCALL_EXPOSE_REGS_MASK

[Min Xu]

Reviewed-by: Min Xu <min.m.xu@intel.com>

> -----Original Message-----
> From: Sun, CepingX <cepingx.sun@intel.com>
> Sent: Tuesday, February 27, 2024 5:19 AM
> To: devel@edk2.groups.io
> Cc: Sun, CepingX <cepingx.sun@intel.com>; Aktas, Erdem
> <erdemaktas@google.com>; James Bottomley <jejb@linux.ibm.com>; Yao,
> Jiewen <jiewen.yao@intel.com>; Xu, Min M <min.m.xu@intel.com>; Tom
> Lendacky <thomas.lendacky@amd.com>; Michael Roth
> <michael.roth@amd.com>; Gerd Hoffmann <kraxel@redhat.com>;
> Yamahata, Isaku <isaku.yamahata@intel.com>
> Subject: [PATCH V1 2/3] OvmfPkg/CcExitLib: Update
> TDVMCALL_EXPOSE_REGS_MASK
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4696
> 
> Refer to the [GHCI] spec, TDVF should clear the BIT5 for RBP in the mask.
> 
> Reference:
> [GHCI]: TDX Guest-Host-Communication Interface v1.5
> https://cdrdv2.intel.com/v1/dl/getContent/726792
> 
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Min Xu <min.m.xu@intel.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Michael Roth <michael.roth@amd.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Isaku Yamahata <isaku.yamahata@intel.com>
> Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
> ---
>  OvmfPkg/Library/CcExitLib/X64/TdVmcallCpuid.nasm | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/OvmfPkg/Library/CcExitLib/X64/TdVmcallCpuid.nasm
> b/OvmfPkg/Library/CcExitLib/X64/TdVmcallCpuid.nasm
> index fa86440904fe..c9c007352e8d 100644
> --- a/OvmfPkg/Library/CcExitLib/X64/TdVmcallCpuid.nasm
> +++ b/OvmfPkg/Library/CcExitLib/X64/TdVmcallCpuid.nasm
> @@ -9,7 +9,7 @@
>  DEFAULT REL
>  SECTION .text
> 
> -%define TDVMCALL_EXPOSE_REGS_MASK       0xffec
> +%define TDVMCALL_EXPOSE_REGS_MASK       0xffcc
>  %define TDVMCALL                        0x0
>  %define EXIT_REASON_CPUID               0xa
> 
> --
> 2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116295): https://edk2.groups.io/g/devel/message/116295
Mute This Topic: https://groups.io/mt/104577520/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH V1 1/3] MdePkg/BaseLib: Update TDVMCALL_EXPOSE_REGS_MASK

[sunceping]

Ping @Gao, Liming, @Kinney, Michael D
Hi Liming and Mike
Would you please review the MdePkg update?

Thanks
Ceping

> -----Original Message-----
> From: Sun, CepingX <cepingx.sun@intel.com>
> Sent: Tuesday, February 27, 2024 5:19 AM
> To: devel@edk2.groups.io
> Cc: Sun, CepingX <cepingx.sun@intel.com>; Liming Gao
> <gaoliming@byosoft.com.cn>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Aktas, Erdem <erdemaktas@google.com>;
> James Bottomley <jejb@linux.ibm.com>; Yao, Jiewen
> <jiewen.yao@intel.com>; Xu, Min M <min.m.xu@intel.com>; Tom Lendacky
> <thomas.lendacky@amd.com>; Michael Roth <michael.roth@amd.com>;
> Yamahata, Isaku <isaku.yamahata@intel.com>
> Subject: [PATCH V1 1/3] MdePkg/BaseLib: Update
> TDVMCALL_EXPOSE_REGS_MASK
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4696
> 
> Refer to the [GHCI] spec, TDVF should clear the BIT5 for RBP in the mask.
> 
> Reference:
> [GHCI]: TDX Guest-Host-Communication Interface v1.5
> https://cdrdv2.intel.com/v1/dl/getContent/726792
> 
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Min Xu <min.m.xu@intel.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Michael Roth <michael.roth@amd.com>
> Cc: Isaku Yamahata <isaku.yamahata@intel.com>
> Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
> ---
>  MdePkg/Library/BaseLib/X64/TdVmcall.nasm | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/MdePkg/Library/BaseLib/X64/TdVmcall.nasm
> b/MdePkg/Library/BaseLib/X64/TdVmcall.nasm
> index 8dd9bfcbfa14..b20724a37015 100644
> --- a/MdePkg/Library/BaseLib/X64/TdVmcall.nasm
> +++ b/MdePkg/Library/BaseLib/X64/TdVmcall.nasm
> @@ -9,7 +9,7 @@
>  DEFAULT REL
>  SECTION .text
> 
> -%define TDVMCALL_EXPOSE_REGS_MASK       0xffec
> +%define TDVMCALL_EXPOSE_REGS_MASK       0xffcc
>  %define TDVMCALL                        0x0
> 
>  %macro tdcall 0
> --
> 2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116302): https://edk2.groups.io/g/devel/message/116302
Mute This Topic: https://groups.io/mt/104577519/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH V1 0/3] OvmfPkg: Update TDVMCALL to avoid leaking secrets to the VMM

[Yao, Jiewen]

Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>

> -----Original Message-----
> From: Xu, Min M <min.m.xu@intel.com>
> Sent: Tuesday, February 27, 2024 2:49 PM
> To: Sun, CepingX <cepingx.sun@intel.com>; devel@edk2.groups.io
> Cc: Liming Gao <gaoliming@byosoft.com.cn>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Aktas, Erdem <erdemaktas@google.com>; James
> Bottomley <jejb@linux.ibm.com>; Yao, Jiewen <jiewen.yao@intel.com>; Tom
> Lendacky <thomas.lendacky@amd.com>; Michael Roth
> <michael.roth@amd.com>; Gerd Hoffmann <kraxel@redhat.com>; Yamahata,
> Isaku <isaku.yamahata@intel.com>
> Subject: RE: [PATCH V1 0/3] OvmfPkg: Update TDVMCALL to avoid leaking secrets
> to the VMM
> 
> Reviewed-by: Min Xu <min.m.xu@intel.com>
> 
> > -----Original Message-----
> > From: Sun, CepingX <cepingx.sun@intel.com>
> > Sent: Tuesday, February 27, 2024 5:19 AM
> > To: devel@edk2.groups.io
> > Cc: Sun, CepingX <cepingx.sun@intel.com>; Liming Gao
> > <gaoliming@byosoft.com.cn>; Kinney, Michael D
> > <michael.d.kinney@intel.com>; Aktas, Erdem <erdemaktas@google.com>;
> > James Bottomley <jejb@linux.ibm.com>; Yao, Jiewen
> > <jiewen.yao@intel.com>; Xu, Min M <min.m.xu@intel.com>; Tom Lendacky
> > <thomas.lendacky@amd.com>; Michael Roth <michael.roth@amd.com>;
> > Gerd Hoffmann <kraxel@redhat.com>; Yamahata, Isaku
> > <isaku.yamahata@intel.com>
> > Subject: [PATCH V1 0/3] OvmfPkg: Update TDVMCALL to avoid leaking secrets
> > to the VMM
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4696
> >
> > According to section 2.4.1 of [GHCI] spec, RBP register is usually used as a
> > frame pointer according to the C language calling convention.
> > The software should not use RBP as an input/output parameter and should
> > clear BIT5 (RBP) in the GPR mask in RCX.
> >
> > Reference:
> > [GHCI]: TDX Guest-Host-Communication Interface v1.5
> > https://cdrdv2.intel.com/v1/dl/getContent/726792
> >
> >
> > Cc: Liming Gao <gaoliming@byosoft.com.cn>
> > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > Cc: Erdem Aktas <erdemaktas@google.com>
> > Cc: James Bottomley <jejb@linux.ibm.com>
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Min Xu <min.m.xu@intel.com>
> > Cc: Tom Lendacky <thomas.lendacky@amd.com>
> > Cc: Michael Roth <michael.roth@amd.com>
> > Cc: Gerd Hoffmann <kraxel@redhat.com>
> > Cc: Isaku Yamahata <isaku.yamahata@intel.com>
> > Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
> >
> > Ceping Sun (3):
> >   MdePkg/BaseLib: Update TDVMCALL_EXPOSE_REGS_MASK
> >   OvmfPkg/CcExitLib: Update TDVMCALL_EXPOSE_REGS_MASK
> >   OvmfPkg/TdxDxe: Clear the registers before tdcall
> >
> >  MdePkg/Library/BaseLib/X64/TdVmcall.nasm      |  2 +-
> >  .../Library/CcExitLib/X64/TdVmcallCpuid.nasm  |  2 +-
> >  OvmfPkg/TdxDxe/X64/ApRunLoop.nasm             | 30 ++++++++++++++++---
> >  3 files changed, 28 insertions(+), 6 deletions(-)
> >
> > --
> > 2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116668): https://edk2.groups.io/g/devel/message/116668
Mute This Topic: https://groups.io/mt/104577516/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH V1 1/3] MdePkg/BaseLib: Update TDVMCALL_EXPOSE_REGS_MASK

[sunceping]

@Liming Gao @Kinney, Michael D
This patch has been submitted for review over two weeks. 
May I have your comments about the patch?

Thanks
Ceping

> -----Original Message-----
> From: Sun, CepingX <cepingx.sun@intel.com>
> Sent: Monday, March 4, 2024 11:23 AM
> To: Liming Gao <gaoliming@byosoft.com.cn>; Kinney, Michael D
> <michael.d.kinney@intel.com>; devel@edk2.groups.io; Sun, CepingX
> <cepingx.sun@intel.com>
> Cc: Aktas, Erdem <erdemaktas@google.com>; James Bottomley
> <jejb@linux.ibm.com>; Yao, Jiewen <jiewen.yao@intel.com>; Xu, Min M
> <min.m.xu@intel.com>; Tom Lendacky <thomas.lendacky@amd.com>;
> Michael Roth <michael.roth@amd.com>; Yamahata, Isaku
> <isaku.yamahata@intel.com>
> Subject: RE: [PATCH V1 1/3] MdePkg/BaseLib: Update
> TDVMCALL_EXPOSE_REGS_MASK
> 
> Ping @Gao, Liming, @Kinney, Michael D
> Hi Liming and Mike
> Would you please review the MdePkg update?
> 
> Thanks
> Ceping
> 
> > -----Original Message-----
> > From: Sun, CepingX <cepingx.sun@intel.com>
> > Sent: Tuesday, February 27, 2024 5:19 AM
> > To: devel@edk2.groups.io
> > Cc: Sun, CepingX <cepingx.sun@intel.com>; Liming Gao
> > <gaoliming@byosoft.com.cn>; Kinney, Michael D
> > <michael.d.kinney@intel.com>; Aktas, Erdem <erdemaktas@google.com>;
> > James Bottomley <jejb@linux.ibm.com>; Yao, Jiewen
> > <jiewen.yao@intel.com>; Xu, Min M <min.m.xu@intel.com>; Tom Lendacky
> > <thomas.lendacky@amd.com>; Michael Roth <michael.roth@amd.com>;
> > Yamahata, Isaku <isaku.yamahata@intel.com>
> > Subject: [PATCH V1 1/3] MdePkg/BaseLib: Update
> > TDVMCALL_EXPOSE_REGS_MASK
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4696
> >
> > Refer to the [GHCI] spec, TDVF should clear the BIT5 for RBP in the mask.
> >
> > Reference:
> > [GHCI]: TDX Guest-Host-Communication Interface v1.5
> > https://cdrdv2.intel.com/v1/dl/getContent/726792
> >
> > Cc: Liming Gao <gaoliming@byosoft.com.cn>
> > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > Cc: Erdem Aktas <erdemaktas@google.com>
> > Cc: James Bottomley <jejb@linux.ibm.com>
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Min Xu <min.m.xu@intel.com>
> > Cc: Tom Lendacky <thomas.lendacky@amd.com>
> > Cc: Michael Roth <michael.roth@amd.com>
> > Cc: Isaku Yamahata <isaku.yamahata@intel.com>
> > Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
> > ---
> >  MdePkg/Library/BaseLib/X64/TdVmcall.nasm | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/MdePkg/Library/BaseLib/X64/TdVmcall.nasm
> > b/MdePkg/Library/BaseLib/X64/TdVmcall.nasm
> > index 8dd9bfcbfa14..b20724a37015 100644
> > --- a/MdePkg/Library/BaseLib/X64/TdVmcall.nasm
> > +++ b/MdePkg/Library/BaseLib/X64/TdVmcall.nasm
> > @@ -9,7 +9,7 @@
> >  DEFAULT REL
> >  SECTION .text
> >
> > -%define TDVMCALL_EXPOSE_REGS_MASK       0xffec
> > +%define TDVMCALL_EXPOSE_REGS_MASK       0xffcc
> >  %define TDVMCALL                        0x0
> >
> >  %macro tdcall 0
> > --
> > 2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116709): https://edk2.groups.io/g/devel/message/116709
Mute This Topic: https://groups.io/mt/104577519/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

回复: [edk2-devel] [PATCH V1 1/3] MdePkg/BaseLib: Update TDVMCALL_EXPOSE_REGS_MASK

[gaoliming via groups.io]

Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>

> -----邮件原件-----
> 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 sunceping
> 发送时间: 2024年2月27日 5:19
> 收件人: devel@edk2.groups.io
> 抄送: Ceping Sun <cepingx.sun@intel.com>; Liming Gao
> <gaoliming@byosoft.com.cn>; Michael D Kinney
> <michael.d.kinney@intel.com>; Erdem Aktas <erdemaktas@google.com>;
> James Bottomley <jejb@linux.ibm.com>; Jiewen Yao <jiewen.yao@intel.com>;
> Min Xu <min.m.xu@intel.com>; Tom Lendacky
> <thomas.lendacky@amd.com>; Michael Roth <michael.roth@amd.com>;
> Isaku Yamahata <isaku.yamahata@intel.com>
> 主题: [edk2-devel] [PATCH V1 1/3] MdePkg/BaseLib: Update
> TDVMCALL_EXPOSE_REGS_MASK
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4696
> 
> Refer to the [GHCI] spec, TDVF should clear the BIT5 for RBP in the mask.
> 
> Reference:
> [GHCI]: TDX Guest-Host-Communication Interface v1.5
> https://cdrdv2.intel.com/v1/dl/getContent/726792
> 
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Min Xu <min.m.xu@intel.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Michael Roth <michael.roth@amd.com>
> Cc: Isaku Yamahata <isaku.yamahata@intel.com>
> Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
> ---
>  MdePkg/Library/BaseLib/X64/TdVmcall.nasm | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/MdePkg/Library/BaseLib/X64/TdVmcall.nasm
> b/MdePkg/Library/BaseLib/X64/TdVmcall.nasm
> index 8dd9bfcbfa14..b20724a37015 100644
> --- a/MdePkg/Library/BaseLib/X64/TdVmcall.nasm
> +++ b/MdePkg/Library/BaseLib/X64/TdVmcall.nasm
> @@ -9,7 +9,7 @@
>  DEFAULT REL
>  SECTION .text
> 
> -%define TDVMCALL_EXPOSE_REGS_MASK       0xffec
> +%define TDVMCALL_EXPOSE_REGS_MASK       0xffcc
>  %define TDVMCALL                        0x0
> 
>  %macro tdcall 0
> --
> 2.34.1
> 
> 
> 
> 
> 





-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116754): https://edk2.groups.io/g/devel/message/116754
Mute This Topic: https://groups.io/mt/104927472/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-