From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web12.21190.1628769444911593052 for ; Thu, 12 Aug 2021 04:57:36 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: min.m.xu@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10073"; a="215322167" X-IronPort-AV: E=Sophos;i="5.84,315,1620716400"; d="scan'208";a="215322167" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Aug 2021 04:57:35 -0700 X-IronPort-AV: E=Sophos;i="5.84,315,1620716400"; d="scan'208";a="517433603" Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.175.248]) by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Aug 2021 04:57:32 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Michael D Kinney , Liming Gao , Zhiguang Liu , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky Subject: [PATCH 05/23] MdePkg: Add TdxProbeLib to probe Intel Tdx Date: Thu, 12 Aug 2021 19:56:44 +0800 Message-Id: X-Mailer: git-send-email 2.29.2.windows.2 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429 Guest software can be designed to run either as a TD, as a legacy virtual machine, or directly on the CPU, based on enumeration of its run-time environment. CPUID leaf 0x21 emulation is done by the Intel TDX module. Sub-leaf 0 returns the values of "IntelTDX " in EBX/EDX/ECX. TdxProbeLib provides *TdxIsEnabled* to determine Td or Non-Td. On IA32 it always return FALSE because Intel TDX only works on X64. Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Signed-off-by: Min Xu --- MdePkg/Include/Library/TdxProbeLib.h | 25 +++++ MdePkg/Library/TdxProbeLib/InternalTdxProbe.h | 25 +++++ MdePkg/Library/TdxProbeLib/TdProbeNull.c | 25 +++++ MdePkg/Library/TdxProbeLib/TdxProbeLib.c | 35 +++++++ MdePkg/Library/TdxProbeLib/TdxProbeLib.inf | 34 +++++++ MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm | 97 +++++++++++++++++++ MdePkg/MdePkg.dec | 3 + MdePkg/MdePkg.dsc | 1 + 8 files changed, 245 insertions(+) create mode 100644 MdePkg/Include/Library/TdxProbeLib.h create mode 100644 MdePkg/Library/TdxProbeLib/InternalTdxProbe.h create mode 100644 MdePkg/Library/TdxProbeLib/TdProbeNull.c create mode 100644 MdePkg/Library/TdxProbeLib/TdxProbeLib.c create mode 100644 MdePkg/Library/TdxProbeLib/TdxProbeLib.inf create mode 100644 MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm diff --git a/MdePkg/Include/Library/TdxProbeLib.h b/MdePkg/Include/Library/TdxProbeLib.h new file mode 100644 index 000000000000..d4fa4ba4cdf8 --- /dev/null +++ b/MdePkg/Include/Library/TdxProbeLib.h @@ -0,0 +1,25 @@ +/** @file + TdxProbeLib definitions + + Copyright (c) 2021, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef TDX_PROBE_LIB_H_ +#define TDX_PROBE_LIB_H_ + +#include + +/** + Whether Intel TDX is enabled. + + @return TRUE TDX enabled + @return FALSE TDX not enabled +**/ +BOOLEAN +EFIAPI +TdxIsEnabled ( + VOID); + +#endif diff --git a/MdePkg/Library/TdxProbeLib/InternalTdxProbe.h b/MdePkg/Library/TdxProbeLib/InternalTdxProbe.h new file mode 100644 index 000000000000..53cbbeda8cd8 --- /dev/null +++ b/MdePkg/Library/TdxProbeLib/InternalTdxProbe.h @@ -0,0 +1,25 @@ +/** @file + Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef INTERNAL_TDX_PROBE_H_ +#define INTERNAL_TDX_PROBE_H_ + +#define PROBE_IS_TD_GUEST 0 +#define PROBE_NOT_TD_GUEST 1 + +/** + The internal Td Probe implementation. + + @return 0 TD guest + @return others Non-TD guest +**/ +UINTN +EFIAPI +TdProbe ( + VOID + ); + +#endif diff --git a/MdePkg/Library/TdxProbeLib/TdProbeNull.c b/MdePkg/Library/TdxProbeLib/TdProbeNull.c new file mode 100644 index 000000000000..12e9e1f8a7d4 --- /dev/null +++ b/MdePkg/Library/TdxProbeLib/TdProbeNull.c @@ -0,0 +1,25 @@ +/** @file + + Copyright (c) 2021, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + + +#include +#include "InternalTdxProbe.h" + +/** + TDX only works in X64. So allways return -1 to indicate Non-Td. + + @return 0 TD guest + @return others Non-TD guest +**/ +UINTN +EFIAPI +TdProbe ( + VOID + ) +{ + return PROBE_NOT_TD_GUEST; +} diff --git a/MdePkg/Library/TdxProbeLib/TdxProbeLib.c b/MdePkg/Library/TdxProbeLib/TdxProbeLib.c new file mode 100644 index 000000000000..3f4524dc16a6 --- /dev/null +++ b/MdePkg/Library/TdxProbeLib/TdxProbeLib.c @@ -0,0 +1,35 @@ +/** @file + instance of TdxProbeLib + + Copyright (c) 2021, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + + +#include +#include +#include "InternalTdxProbe.h" + +BOOLEAN mTdxEnabled = FALSE; +BOOLEAN mTdxProbed = FALSE; + +/** + Whether Intel TDX is enabled. + + @return TRUE TDX enabled + @return FALSE TDX not enabled +**/ +BOOLEAN +EFIAPI +TdxIsEnabled ( + VOID) +{ + if (mTdxProbed) { + return mTdxEnabled; + } + + mTdxEnabled = TdProbe () == PROBE_IS_TD_GUEST; + mTdxProbed = TRUE; + return mTdxEnabled; +} diff --git a/MdePkg/Library/TdxProbeLib/TdxProbeLib.inf b/MdePkg/Library/TdxProbeLib/TdxProbeLib.inf new file mode 100644 index 000000000000..59fc12c41569 --- /dev/null +++ b/MdePkg/Library/TdxProbeLib/TdxProbeLib.inf @@ -0,0 +1,34 @@ +## @file +# Tdx Probe library instance +# +# Copyright (c) 2021, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = TdxProbeLib + FILE_GUID = 26BF0B58-6E9D-4375-A363-52FD83FB82CE + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = TdxProbeLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + TdxProbeLib.c + InternalTdxProbe.h + +[Sources.X64] + X64/TdProbe.nasm + +[Sources.IA32] + TdProbeNull.c + +[Packages] + MdePkg/MdePkg.dec diff --git a/MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm b/MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm new file mode 100644 index 000000000000..ed941830f0ca --- /dev/null +++ b/MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm @@ -0,0 +1,97 @@ +;------------------------------------------------------------------------------ +;* +;* CPUID leaf 0x21 emulation is done by the Intel TDX module. Sub-leaf 0 +;* returns the values of "IntelTDX " in EBX/EDX/ECX. +;* +;* Copyright (c) 2021, Intel Corporation. All rights reserved.
+;* SPDX-License-Identifier: BSD-2-Clause-Patent +;* +;* +;------------------------------------------------------------------------------ + +DEFAULT REL +SECTION .text + +%define TD_PROBE_TD_GUEST 0 +%define TD_PROBE_NOT_TD_GUEST 1 + +%macro td_push_regs 0 + push rbp + mov rbp, rsp + push r15 + push r14 + push r13 + push r12 + push rbx + push rsi + push rdi +%endmacro + +%macro td_pop_regs 0 + pop rdi + pop rsi + pop rbx + pop r12 + pop r13 + pop r14 + pop r15 + pop rbp +%endmacro + + +global ASM_PFX(TdProbe) +ASM_PFX(TdProbe): + + td_push_regs + + ; + ; CPUID (0) + ; + mov eax, 0 + cpuid + cmp ebx, 0x756e6547 ; "Genu" + jne .not_td + cmp edx, 0x49656e69 ; "ineI" + jne .not_td + cmp ecx, 0x6c65746e ; "ntel" + jne .not_td + + ; + ; CPUID (1) + ; + mov eax, 1 + cpuid + test ecx, 0x80000000 + jz .not_td + + ; + ; CPUID[0].EAX >= 0x21? + ; + mov eax, 0 + cpuid + cmp eax, 0x21 + jl .not_td + + ; + ; CPUID (0x21,0) + ; + mov eax, 0x21 + mov ecx, 0 + cpuid + + cmp ebx, 0x65746E49 ; "Inte" + jne .not_td + cmp edx, 0x5844546C ; "lTDX" + jne .not_td + cmp ecx, 0x20202020 ; " " + jne .not_td + + mov rax, TD_PROBE_TD_GUEST + jmp .exit + +.not_td: + mov rax, TD_PROBE_NOT_TD_GUEST + +.exit: + td_pop_regs + ret diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index a28a2daaffa8..5702b0596499 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -296,6 +296,9 @@ ## @libraryclass Provides services to log the SMI handler registration. SmiHandlerProfileLib|Include/Library/SmiHandlerProfileLib.h + ## @libraryclass Provides function to support TDX probe processing. + TdxProbeLib|Include/Library/TdxProbeLib.h + [Guids] # # GUID defined in UEFI2.1/UEFI2.0/EFI1.1 diff --git a/MdePkg/MdePkg.dsc b/MdePkg/MdePkg.dsc index a94959169b2f..a62a9504bc12 100644 --- a/MdePkg/MdePkg.dsc +++ b/MdePkg/MdePkg.dsc @@ -130,6 +130,7 @@ MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf MdePkg/Library/RegisterFilterLibNull/RegisterFilterLibNull.inf + MdePkg/Library/TdxProbeLib/TdxProbeLib.inf [Components.IA32, Components.X64, Components.ARM, Components.AARCH64] # -- 2.29.2.windows.2