[edk2-devel] [PATCH 05/23] MdePkg: Add TdxProbeLib to probe Intel Tdx
Min Xu
min.m.xu at intel.com
Thu Aug 12 11:56:44 UTC 2021
RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429
Guest software can be designed to run either as a TD, as a legacy virtual
machine, or directly on the CPU, based on enumeration of its run-time
environment. CPUID leaf 0x21 emulation is done by the Intel TDX module.
Sub-leaf 0 returns the values of "IntelTDX " in EBX/EDX/ECX.
TdxProbeLib provides *TdxIsEnabled* to determine Td or Non-Td.
On IA32 it always return FALSE because Intel TDX only works on X64.
Cc: Michael D Kinney <michael.d.kinney at intel.com>
Cc: Liming Gao <gaoliming at byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu at intel.com>
Cc: Brijesh Singh <brijesh.singh at amd.com>
Cc: Erdem Aktas <erdemaktas at google.com>
Cc: James Bottomley <jejb at linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao at intel.com>
Cc: Tom Lendacky <thomas.lendacky at amd.com>
Signed-off-by: Min Xu <min.m.xu at intel.com>
---
MdePkg/Include/Library/TdxProbeLib.h | 25 +++++
MdePkg/Library/TdxProbeLib/InternalTdxProbe.h | 25 +++++
MdePkg/Library/TdxProbeLib/TdProbeNull.c | 25 +++++
MdePkg/Library/TdxProbeLib/TdxProbeLib.c | 35 +++++++
MdePkg/Library/TdxProbeLib/TdxProbeLib.inf | 34 +++++++
MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm | 97 +++++++++++++++++++
MdePkg/MdePkg.dec | 3 +
MdePkg/MdePkg.dsc | 1 +
8 files changed, 245 insertions(+)
create mode 100644 MdePkg/Include/Library/TdxProbeLib.h
create mode 100644 MdePkg/Library/TdxProbeLib/InternalTdxProbe.h
create mode 100644 MdePkg/Library/TdxProbeLib/TdProbeNull.c
create mode 100644 MdePkg/Library/TdxProbeLib/TdxProbeLib.c
create mode 100644 MdePkg/Library/TdxProbeLib/TdxProbeLib.inf
create mode 100644 MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm
diff --git a/MdePkg/Include/Library/TdxProbeLib.h b/MdePkg/Include/Library/TdxProbeLib.h
new file mode 100644
index 000000000000..d4fa4ba4cdf8
--- /dev/null
+++ b/MdePkg/Include/Library/TdxProbeLib.h
@@ -0,0 +1,25 @@
+/** @file
+ TdxProbeLib definitions
+
+ Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef TDX_PROBE_LIB_H_
+#define TDX_PROBE_LIB_H_
+
+#include <Library/BaseLib.h>
+
+/**
+ Whether Intel TDX is enabled.
+
+ @return TRUE TDX enabled
+ @return FALSE TDX not enabled
+**/
+BOOLEAN
+EFIAPI
+TdxIsEnabled (
+ VOID);
+
+#endif
diff --git a/MdePkg/Library/TdxProbeLib/InternalTdxProbe.h b/MdePkg/Library/TdxProbeLib/InternalTdxProbe.h
new file mode 100644
index 000000000000..53cbbeda8cd8
--- /dev/null
+++ b/MdePkg/Library/TdxProbeLib/InternalTdxProbe.h
@@ -0,0 +1,25 @@
+/** @file
+ Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef INTERNAL_TDX_PROBE_H_
+#define INTERNAL_TDX_PROBE_H_
+
+#define PROBE_IS_TD_GUEST 0
+#define PROBE_NOT_TD_GUEST 1
+
+/**
+ The internal Td Probe implementation.
+
+ @return 0 TD guest
+ @return others Non-TD guest
+**/
+UINTN
+EFIAPI
+TdProbe (
+ VOID
+ );
+
+#endif
diff --git a/MdePkg/Library/TdxProbeLib/TdProbeNull.c b/MdePkg/Library/TdxProbeLib/TdProbeNull.c
new file mode 100644
index 000000000000..12e9e1f8a7d4
--- /dev/null
+++ b/MdePkg/Library/TdxProbeLib/TdProbeNull.c
@@ -0,0 +1,25 @@
+/** @file
+
+ Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+
+#include <Library/BaseLib.h>
+#include "InternalTdxProbe.h"
+
+/**
+ TDX only works in X64. So allways return -1 to indicate Non-Td.
+
+ @return 0 TD guest
+ @return others Non-TD guest
+**/
+UINTN
+EFIAPI
+TdProbe (
+ VOID
+ )
+{
+ return PROBE_NOT_TD_GUEST;
+}
diff --git a/MdePkg/Library/TdxProbeLib/TdxProbeLib.c b/MdePkg/Library/TdxProbeLib/TdxProbeLib.c
new file mode 100644
index 000000000000..3f4524dc16a6
--- /dev/null
+++ b/MdePkg/Library/TdxProbeLib/TdxProbeLib.c
@@ -0,0 +1,35 @@
+/** @file
+ instance of TdxProbeLib
+
+ Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+
+#include <Library/BaseLib.h>
+#include <Library/TdxProbeLib.h>
+#include "InternalTdxProbe.h"
+
+BOOLEAN mTdxEnabled = FALSE;
+BOOLEAN mTdxProbed = FALSE;
+
+/**
+ Whether Intel TDX is enabled.
+
+ @return TRUE TDX enabled
+ @return FALSE TDX not enabled
+**/
+BOOLEAN
+EFIAPI
+TdxIsEnabled (
+ VOID)
+{
+ if (mTdxProbed) {
+ return mTdxEnabled;
+ }
+
+ mTdxEnabled = TdProbe () == PROBE_IS_TD_GUEST;
+ mTdxProbed = TRUE;
+ return mTdxEnabled;
+}
diff --git a/MdePkg/Library/TdxProbeLib/TdxProbeLib.inf b/MdePkg/Library/TdxProbeLib/TdxProbeLib.inf
new file mode 100644
index 000000000000..59fc12c41569
--- /dev/null
+++ b/MdePkg/Library/TdxProbeLib/TdxProbeLib.inf
@@ -0,0 +1,34 @@
+## @file
+# Tdx Probe library instance
+#
+# Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = TdxProbeLib
+ FILE_GUID = 26BF0B58-6E9D-4375-A363-52FD83FB82CE
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = TdxProbeLib
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ TdxProbeLib.c
+ InternalTdxProbe.h
+
+[Sources.X64]
+ X64/TdProbe.nasm
+
+[Sources.IA32]
+ TdProbeNull.c
+
+[Packages]
+ MdePkg/MdePkg.dec
diff --git a/MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm b/MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm
new file mode 100644
index 000000000000..ed941830f0ca
--- /dev/null
+++ b/MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm
@@ -0,0 +1,97 @@
+;------------------------------------------------------------------------------
+;*
+;* CPUID leaf 0x21 emulation is done by the Intel TDX module. Sub-leaf 0
+;* returns the values of "IntelTDX " in EBX/EDX/ECX.
+;*
+;* Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+;* SPDX-License-Identifier: BSD-2-Clause-Patent
+;*
+;*
+;------------------------------------------------------------------------------
+
+DEFAULT REL
+SECTION .text
+
+%define TD_PROBE_TD_GUEST 0
+%define TD_PROBE_NOT_TD_GUEST 1
+
+%macro td_push_regs 0
+ push rbp
+ mov rbp, rsp
+ push r15
+ push r14
+ push r13
+ push r12
+ push rbx
+ push rsi
+ push rdi
+%endmacro
+
+%macro td_pop_regs 0
+ pop rdi
+ pop rsi
+ pop rbx
+ pop r12
+ pop r13
+ pop r14
+ pop r15
+ pop rbp
+%endmacro
+
+
+global ASM_PFX(TdProbe)
+ASM_PFX(TdProbe):
+
+ td_push_regs
+
+ ;
+ ; CPUID (0)
+ ;
+ mov eax, 0
+ cpuid
+ cmp ebx, 0x756e6547 ; "Genu"
+ jne .not_td
+ cmp edx, 0x49656e69 ; "ineI"
+ jne .not_td
+ cmp ecx, 0x6c65746e ; "ntel"
+ jne .not_td
+
+ ;
+ ; CPUID (1)
+ ;
+ mov eax, 1
+ cpuid
+ test ecx, 0x80000000
+ jz .not_td
+
+ ;
+ ; CPUID[0].EAX >= 0x21?
+ ;
+ mov eax, 0
+ cpuid
+ cmp eax, 0x21
+ jl .not_td
+
+ ;
+ ; CPUID (0x21,0)
+ ;
+ mov eax, 0x21
+ mov ecx, 0
+ cpuid
+
+ cmp ebx, 0x65746E49 ; "Inte"
+ jne .not_td
+ cmp edx, 0x5844546C ; "lTDX"
+ jne .not_td
+ cmp ecx, 0x20202020 ; " "
+ jne .not_td
+
+ mov rax, TD_PROBE_TD_GUEST
+ jmp .exit
+
+.not_td:
+ mov rax, TD_PROBE_NOT_TD_GUEST
+
+.exit:
+ td_pop_regs
+ ret
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index a28a2daaffa8..5702b0596499 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -296,6 +296,9 @@
## @libraryclass Provides services to log the SMI handler registration.
SmiHandlerProfileLib|Include/Library/SmiHandlerProfileLib.h
+ ## @libraryclass Provides function to support TDX probe processing.
+ TdxProbeLib|Include/Library/TdxProbeLib.h
+
[Guids]
#
# GUID defined in UEFI2.1/UEFI2.0/EFI1.1
diff --git a/MdePkg/MdePkg.dsc b/MdePkg/MdePkg.dsc
index a94959169b2f..a62a9504bc12 100644
--- a/MdePkg/MdePkg.dsc
+++ b/MdePkg/MdePkg.dsc
@@ -130,6 +130,7 @@
MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf
MdePkg/Library/RegisterFilterLibNull/RegisterFilterLibNull.inf
+ MdePkg/Library/TdxProbeLib/TdxProbeLib.inf
[Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
#
--
2.29.2.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#79161): https://edk2.groups.io/g/devel/message/79161
Mute This Topic: https://groups.io/mt/84837894/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list