From: "Min Xu" <min.m.xu@intel.com>
To: devel@edk2.groups.io
Cc: Min Xu <min.m.xu@intel.com>,
Michael D Kinney <michael.d.kinney@intel.com>,
Liming Gao <gaoliming@byosoft.com.cn>,
Zhiguang Liu <zhiguang.liu@intel.com>,
Brijesh Singh <brijesh.singh@amd.com>,
Erdem Aktas <erdemaktas@google.com>,
James Bottomley <jejb@linux.ibm.com>,
Jiewen Yao <jiewen.yao@intel.com>,
Tom Lendacky <thomas.lendacky@amd.com>
Subject: [PATCH 05/23] MdePkg: Add TdxProbeLib to probe Intel Tdx
Date: Thu, 12 Aug 2021 19:56:44 +0800 [thread overview]
Message-ID: <c574d1e106a9b10d99b0d294891a32ee2b0c414a.1628767741.git.min.m.xu@intel.com> (raw)
In-Reply-To: <cover.1628767741.git.min.m.xu@intel.com>
RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429
Guest software can be designed to run either as a TD, as a legacy virtual
machine, or directly on the CPU, based on enumeration of its run-time
environment. CPUID leaf 0x21 emulation is done by the Intel TDX module.
Sub-leaf 0 returns the values of "IntelTDX " in EBX/EDX/ECX.
TdxProbeLib provides *TdxIsEnabled* to determine Td or Non-Td.
On IA32 it always return FALSE because Intel TDX only works on X64.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
MdePkg/Include/Library/TdxProbeLib.h | 25 +++++
MdePkg/Library/TdxProbeLib/InternalTdxProbe.h | 25 +++++
MdePkg/Library/TdxProbeLib/TdProbeNull.c | 25 +++++
MdePkg/Library/TdxProbeLib/TdxProbeLib.c | 35 +++++++
MdePkg/Library/TdxProbeLib/TdxProbeLib.inf | 34 +++++++
MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm | 97 +++++++++++++++++++
MdePkg/MdePkg.dec | 3 +
MdePkg/MdePkg.dsc | 1 +
8 files changed, 245 insertions(+)
create mode 100644 MdePkg/Include/Library/TdxProbeLib.h
create mode 100644 MdePkg/Library/TdxProbeLib/InternalTdxProbe.h
create mode 100644 MdePkg/Library/TdxProbeLib/TdProbeNull.c
create mode 100644 MdePkg/Library/TdxProbeLib/TdxProbeLib.c
create mode 100644 MdePkg/Library/TdxProbeLib/TdxProbeLib.inf
create mode 100644 MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm
diff --git a/MdePkg/Include/Library/TdxProbeLib.h b/MdePkg/Include/Library/TdxProbeLib.h
new file mode 100644
index 000000000000..d4fa4ba4cdf8
--- /dev/null
+++ b/MdePkg/Include/Library/TdxProbeLib.h
@@ -0,0 +1,25 @@
+/** @file
+ TdxProbeLib definitions
+
+ Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef TDX_PROBE_LIB_H_
+#define TDX_PROBE_LIB_H_
+
+#include <Library/BaseLib.h>
+
+/**
+ Whether Intel TDX is enabled.
+
+ @return TRUE TDX enabled
+ @return FALSE TDX not enabled
+**/
+BOOLEAN
+EFIAPI
+TdxIsEnabled (
+ VOID);
+
+#endif
diff --git a/MdePkg/Library/TdxProbeLib/InternalTdxProbe.h b/MdePkg/Library/TdxProbeLib/InternalTdxProbe.h
new file mode 100644
index 000000000000..53cbbeda8cd8
--- /dev/null
+++ b/MdePkg/Library/TdxProbeLib/InternalTdxProbe.h
@@ -0,0 +1,25 @@
+/** @file
+ Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef INTERNAL_TDX_PROBE_H_
+#define INTERNAL_TDX_PROBE_H_
+
+#define PROBE_IS_TD_GUEST 0
+#define PROBE_NOT_TD_GUEST 1
+
+/**
+ The internal Td Probe implementation.
+
+ @return 0 TD guest
+ @return others Non-TD guest
+**/
+UINTN
+EFIAPI
+TdProbe (
+ VOID
+ );
+
+#endif
diff --git a/MdePkg/Library/TdxProbeLib/TdProbeNull.c b/MdePkg/Library/TdxProbeLib/TdProbeNull.c
new file mode 100644
index 000000000000..12e9e1f8a7d4
--- /dev/null
+++ b/MdePkg/Library/TdxProbeLib/TdProbeNull.c
@@ -0,0 +1,25 @@
+/** @file
+
+ Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+
+#include <Library/BaseLib.h>
+#include "InternalTdxProbe.h"
+
+/**
+ TDX only works in X64. So allways return -1 to indicate Non-Td.
+
+ @return 0 TD guest
+ @return others Non-TD guest
+**/
+UINTN
+EFIAPI
+TdProbe (
+ VOID
+ )
+{
+ return PROBE_NOT_TD_GUEST;
+}
diff --git a/MdePkg/Library/TdxProbeLib/TdxProbeLib.c b/MdePkg/Library/TdxProbeLib/TdxProbeLib.c
new file mode 100644
index 000000000000..3f4524dc16a6
--- /dev/null
+++ b/MdePkg/Library/TdxProbeLib/TdxProbeLib.c
@@ -0,0 +1,35 @@
+/** @file
+ instance of TdxProbeLib
+
+ Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+
+#include <Library/BaseLib.h>
+#include <Library/TdxProbeLib.h>
+#include "InternalTdxProbe.h"
+
+BOOLEAN mTdxEnabled = FALSE;
+BOOLEAN mTdxProbed = FALSE;
+
+/**
+ Whether Intel TDX is enabled.
+
+ @return TRUE TDX enabled
+ @return FALSE TDX not enabled
+**/
+BOOLEAN
+EFIAPI
+TdxIsEnabled (
+ VOID)
+{
+ if (mTdxProbed) {
+ return mTdxEnabled;
+ }
+
+ mTdxEnabled = TdProbe () == PROBE_IS_TD_GUEST;
+ mTdxProbed = TRUE;
+ return mTdxEnabled;
+}
diff --git a/MdePkg/Library/TdxProbeLib/TdxProbeLib.inf b/MdePkg/Library/TdxProbeLib/TdxProbeLib.inf
new file mode 100644
index 000000000000..59fc12c41569
--- /dev/null
+++ b/MdePkg/Library/TdxProbeLib/TdxProbeLib.inf
@@ -0,0 +1,34 @@
+## @file
+# Tdx Probe library instance
+#
+# Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = TdxProbeLib
+ FILE_GUID = 26BF0B58-6E9D-4375-A363-52FD83FB82CE
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = TdxProbeLib
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ TdxProbeLib.c
+ InternalTdxProbe.h
+
+[Sources.X64]
+ X64/TdProbe.nasm
+
+[Sources.IA32]
+ TdProbeNull.c
+
+[Packages]
+ MdePkg/MdePkg.dec
diff --git a/MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm b/MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm
new file mode 100644
index 000000000000..ed941830f0ca
--- /dev/null
+++ b/MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm
@@ -0,0 +1,97 @@
+;------------------------------------------------------------------------------
+;*
+;* CPUID leaf 0x21 emulation is done by the Intel TDX module. Sub-leaf 0
+;* returns the values of "IntelTDX " in EBX/EDX/ECX.
+;*
+;* Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+;* SPDX-License-Identifier: BSD-2-Clause-Patent
+;*
+;*
+;------------------------------------------------------------------------------
+
+DEFAULT REL
+SECTION .text
+
+%define TD_PROBE_TD_GUEST 0
+%define TD_PROBE_NOT_TD_GUEST 1
+
+%macro td_push_regs 0
+ push rbp
+ mov rbp, rsp
+ push r15
+ push r14
+ push r13
+ push r12
+ push rbx
+ push rsi
+ push rdi
+%endmacro
+
+%macro td_pop_regs 0
+ pop rdi
+ pop rsi
+ pop rbx
+ pop r12
+ pop r13
+ pop r14
+ pop r15
+ pop rbp
+%endmacro
+
+
+global ASM_PFX(TdProbe)
+ASM_PFX(TdProbe):
+
+ td_push_regs
+
+ ;
+ ; CPUID (0)
+ ;
+ mov eax, 0
+ cpuid
+ cmp ebx, 0x756e6547 ; "Genu"
+ jne .not_td
+ cmp edx, 0x49656e69 ; "ineI"
+ jne .not_td
+ cmp ecx, 0x6c65746e ; "ntel"
+ jne .not_td
+
+ ;
+ ; CPUID (1)
+ ;
+ mov eax, 1
+ cpuid
+ test ecx, 0x80000000
+ jz .not_td
+
+ ;
+ ; CPUID[0].EAX >= 0x21?
+ ;
+ mov eax, 0
+ cpuid
+ cmp eax, 0x21
+ jl .not_td
+
+ ;
+ ; CPUID (0x21,0)
+ ;
+ mov eax, 0x21
+ mov ecx, 0
+ cpuid
+
+ cmp ebx, 0x65746E49 ; "Inte"
+ jne .not_td
+ cmp edx, 0x5844546C ; "lTDX"
+ jne .not_td
+ cmp ecx, 0x20202020 ; " "
+ jne .not_td
+
+ mov rax, TD_PROBE_TD_GUEST
+ jmp .exit
+
+.not_td:
+ mov rax, TD_PROBE_NOT_TD_GUEST
+
+.exit:
+ td_pop_regs
+ ret
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index a28a2daaffa8..5702b0596499 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -296,6 +296,9 @@
## @libraryclass Provides services to log the SMI handler registration.
SmiHandlerProfileLib|Include/Library/SmiHandlerProfileLib.h
+ ## @libraryclass Provides function to support TDX probe processing.
+ TdxProbeLib|Include/Library/TdxProbeLib.h
+
[Guids]
#
# GUID defined in UEFI2.1/UEFI2.0/EFI1.1
diff --git a/MdePkg/MdePkg.dsc b/MdePkg/MdePkg.dsc
index a94959169b2f..a62a9504bc12 100644
--- a/MdePkg/MdePkg.dsc
+++ b/MdePkg/MdePkg.dsc
@@ -130,6 +130,7 @@
MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf
MdePkg/Library/RegisterFilterLibNull/RegisterFilterLibNull.inf
+ MdePkg/Library/TdxProbeLib/TdxProbeLib.inf
[Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
#
--
2.29.2.windows.2
next prev parent reply other threads:[~2021-08-12 11:57 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-12 11:56 [PATCH 00/23] Enable Intel TDX in OvmfPkg (SEC/PEI) Min Xu
2021-08-12 11:56 ` [PATCH 01/23] OvmfPkg: Add Tdx BFV/CFV PCDs and PcdOvmfImageSizeInKb Min Xu
2021-08-12 11:56 ` [PATCH 02/23] OvmfPkg/Sec: Update the check logic in SevEsIsEnabled Min Xu
2021-09-11 1:13 ` Erdem Aktas
2021-09-13 3:04 ` Min Xu
2021-08-12 11:56 ` [PATCH 03/23] OvmfPkg/ResetVector: Enable Intel TDX in ResetVector of Ovmf Min Xu
2021-09-11 1:14 ` Erdem Aktas
2021-09-13 6:06 ` Min Xu
2021-09-14 2:16 ` Erdem Aktas
2021-08-12 11:56 ` [PATCH 04/23] MdePkg: Add Tdx.h Min Xu
2021-08-12 20:52 ` Michael D Kinney
2021-08-12 22:57 ` Min Xu
2021-08-12 11:56 ` Min Xu [this message]
2021-08-16 9:43 ` [edk2-devel] [PATCH 05/23] MdePkg: Add TdxProbeLib to probe Intel Tdx Gerd Hoffmann
2021-08-17 0:14 ` Min Xu
2021-08-17 8:20 ` Gerd Hoffmann
2021-08-17 8:43 ` Min Xu
2021-08-17 8:58 ` Gerd Hoffmann
2021-09-11 1:14 ` Erdem Aktas
2021-09-13 6:11 ` [edk2-devel] " Min Xu
2021-08-12 11:56 ` [PATCH 06/23] MdePkg: Add TdxLib to wrap Tdx operations Min Xu
2021-09-11 1:15 ` Erdem Aktas
2021-08-12 11:56 ` [PATCH 07/23] MdePkg: Update BaseIoLibIntrinsicSev to support Tdx Min Xu
2021-08-17 8:38 ` [edk2-devel] " Gerd Hoffmann
2021-08-18 5:54 ` Min Xu
2021-08-19 6:30 ` Gerd Hoffmann
2021-08-19 13:12 ` Min Xu
2021-08-20 6:41 ` Gerd Hoffmann
2021-09-11 1:15 ` Erdem Aktas
2021-09-28 8:33 ` [edk2-devel] " Min Xu
2021-08-12 11:56 ` [PATCH 08/23] UefiCpuPkg: Support TDX in BaseXApicX2ApicLib Min Xu
2021-08-12 11:56 ` [PATCH 09/23] UefiCpuPkg: Add VmTdExitLibNull Min Xu
2021-08-12 11:56 ` [PATCH 10/23] OvmfPkg: Prepare OvmfPkg to use the VmTdExitLib library Min Xu
2021-08-12 11:56 ` [PATCH 11/23] OvmfPkg: Implement library support for VmTdExitLib in Ovmf Min Xu
2021-08-12 11:56 ` [PATCH 12/23] UefiCpuPkg/CpuExceptionHandler: Add base support for the #VE exception Min Xu
2021-08-12 11:56 ` [PATCH 13/23] UefiCpuPkg: Enable Tdx support in MpInitLib Min Xu
2021-08-12 11:56 ` [PATCH 14/23] OvmfPkg: Update SecEntry.nasm to support Tdx Min Xu
2021-08-12 11:56 ` [PATCH 15/23] OvmfPkg: Add IntelTdx.h in OvmfPkg/Include/IndustryStandard Min Xu
2021-08-12 11:56 ` [PATCH 16/23] OvmfPkg: Add TdxMailboxLib Min Xu
2021-08-12 11:56 ` [PATCH 17/23] MdePkg: Add EFI_RESOURCE_ATTRIBUTE_ENCRYPTED in PiHob.h Min Xu
2021-08-12 11:56 ` [PATCH 18/23] OvmfPkg: Enable Tdx in SecMain.c Min Xu
2021-08-19 6:49 ` [edk2-devel] " Gerd Hoffmann
2021-08-19 14:27 ` Min Xu
2021-08-20 7:22 ` Gerd Hoffmann
2021-08-24 12:07 ` Min Xu
2021-08-24 12:55 ` Ard Biesheuvel
2021-08-25 6:10 ` Yao, Jiewen
2021-08-25 7:52 ` Gerd Hoffmann
2021-08-25 9:07 ` Yao, Jiewen
2021-08-25 14:51 ` Gerd Hoffmann
2021-08-25 16:28 ` Yao, Jiewen
2021-08-26 8:31 ` Gerd Hoffmann
2021-08-26 16:58 ` Yao, Jiewen
2021-08-25 6:22 ` Gerd Hoffmann
2021-08-12 11:56 ` [PATCH 19/23] OvmfPkg: Check Tdx in QemuFwCfgPei to avoid DMA operation Min Xu
2021-08-12 11:56 ` [PATCH 20/23] MdePkg: Add AllocatePagesWithMemoryType support in PeiMemoryAllocationLib Min Xu
2021-08-12 20:43 ` Michael D Kinney
2021-08-15 2:51 ` Min Xu
2021-08-12 11:57 ` [PATCH 21/23] OvmfPkg: Add PcdUse1GPageTable support for TDX Min Xu
2021-08-12 11:57 ` [PATCH 22/23] MdeModulePkg: EFER should not be changed in TDX Min Xu
2021-08-12 11:57 ` [PATCH 23/23] OvmfPkg: Update PlatformPei to support TDX Min Xu
2021-08-31 10:45 ` [edk2-devel] [PATCH 00/23] Enable Intel TDX in OvmfPkg (SEC/PEI) Gerd Hoffmann
2021-09-01 5:41 ` Min Xu
2021-09-01 6:25 ` Gerd Hoffmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c574d1e106a9b10d99b0d294891a32ee2b0c414a.1628767741.git.min.m.xu@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox