2013-09-24 20:23:20 +02:00
|
|
|
;------------------------------------------------------------------------------
|
|
|
|
; @file
|
|
|
|
; Sets the CR3 register for 64-bit paging
|
|
|
|
;
|
|
|
|
; Copyright (c) 2008 - 2013, Intel Corporation. All rights reserved.<BR>
|
2021-01-07 19:48:11 +01:00
|
|
|
; Copyright (c) 2017 - 2020, Advanced Micro Devices, Inc. All rights reserved.<BR>
|
2019-04-04 01:06:33 +02:00
|
|
|
; SPDX-License-Identifier: BSD-2-Clause-Patent
|
2013-09-24 20:23:20 +02:00
|
|
|
;
|
|
|
|
;------------------------------------------------------------------------------
|
|
|
|
|
|
|
|
BITS 32
|
|
|
|
|
2024-03-01 08:43:53 +01:00
|
|
|
; common for all levels
|
2013-09-24 20:23:20 +02:00
|
|
|
%define PAGE_PRESENT 0x01
|
|
|
|
%define PAGE_READ_WRITE 0x02
|
|
|
|
%define PAGE_USER_SUPERVISOR 0x04
|
|
|
|
%define PAGE_WRITE_THROUGH 0x08
|
|
|
|
%define PAGE_CACHE_DISABLE 0x010
|
|
|
|
%define PAGE_ACCESSED 0x020
|
|
|
|
%define PAGE_DIRTY 0x040
|
|
|
|
%define PAGE_GLOBAL 0x0100
|
2024-03-01 08:43:53 +01:00
|
|
|
|
|
|
|
; page table entries (level 1)
|
|
|
|
%define PAGE_PTE_PAT 0x080
|
|
|
|
|
|
|
|
; page directory entries (level 2+)
|
|
|
|
%define PAGE_PDE_LARGEPAGE 0x080
|
|
|
|
%define PAGE_PDE_PAT 0x01000
|
2013-09-24 20:23:20 +02:00
|
|
|
|
OvmfPkg: Create a GHCB page for use during Sec phase
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
A GHCB page is needed during the Sec phase, so this new page must be
created. Since the #VC exception handler routines assume that a per-CPU
variable area is immediately after the GHCB, this per-CPU variable area
must also be created. Since the GHCB must be marked as an un-encrypted,
or shared, page, an additional pagetable page is required to break down
the 2MB region where the GHCB page lives into 4K pagetable entries.
Create a new entry in the OVMF memory layout for the new page table
page and for the SEC GHCB and per-CPU variable pages. After breaking down
the 2MB page, update the GHCB page table entry to remove the encryption
mask.
The GHCB page will be used by the SEC #VC exception handler. The #VC
exception handler will fill in the necessary fields of the GHCB and exit
to the hypervisor using the VMGEXIT instruction. The hypervisor then
accesses the GHCB in order to perform the requested function.
Four new fixed PCDs are needed to support the SEC GHCB page:
- PcdOvmfSecGhcbBase UINT32 value that is the base address of the
GHCB used during the SEC phase.
- PcdOvmfSecGhcbSize UINT32 value that is the size, in bytes, of the
GHCB area used during the SEC phase.
- PcdOvmfSecGhcbPageTableBase UINT32 value that is address of a page
table page used to break down the 2MB page into
512 4K pages.
- PcdOvmfSecGhcbPageTableSize UINT32 value that is the size, in bytes,
of the page table page.
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
2020-08-12 22:21:40 +02:00
|
|
|
%define PAGE_4K_PDE_ATTR (PAGE_ACCESSED + \
|
|
|
|
PAGE_DIRTY + \
|
|
|
|
PAGE_READ_WRITE + \
|
|
|
|
PAGE_PRESENT)
|
|
|
|
|
2024-03-01 08:43:53 +01:00
|
|
|
%define PAGE_PDE_LARGEPAGE_ATTR (PAGE_PDE_LARGEPAGE + \
|
|
|
|
PAGE_ACCESSED + \
|
|
|
|
PAGE_DIRTY + \
|
|
|
|
PAGE_READ_WRITE + \
|
|
|
|
PAGE_PRESENT)
|
2013-09-24 20:23:20 +02:00
|
|
|
|
2024-03-01 08:43:53 +01:00
|
|
|
%define PAGE_PDE_DIRECTORY_ATTR (PAGE_ACCESSED + \
|
|
|
|
PAGE_READ_WRITE + \
|
|
|
|
PAGE_PRESENT)
|
2013-09-24 20:23:20 +02:00
|
|
|
|
2021-09-28 04:55:59 +02:00
|
|
|
%define TDX_BSP 1
|
|
|
|
%define TDX_AP 2
|
2024-03-01 08:44:00 +01:00
|
|
|
%define TDX_AP_5_LEVEL 3
|
2021-09-28 04:55:59 +02:00
|
|
|
|
2024-03-01 08:43:54 +01:00
|
|
|
;
|
|
|
|
; For OVMF, build some initial page tables at
|
|
|
|
; PcdOvmfSecPageTablesBase - (PcdOvmfSecPageTablesBase + 0x6000).
|
|
|
|
;
|
|
|
|
; This range should match with PcdOvmfSecPageTablesSize which is
|
|
|
|
; declared in the FDF files.
|
|
|
|
;
|
|
|
|
; At the end of PEI, the pages tables will be rebuilt into a
|
|
|
|
; more permanent location by DxeIpl.
|
|
|
|
;
|
|
|
|
%macro ClearOvmfPageTables 0
|
|
|
|
mov ecx, 6 * 0x1000 / 4
|
|
|
|
xor eax, eax
|
|
|
|
.clearPageTablesMemoryLoop:
|
|
|
|
mov dword[ecx * 4 + PT_ADDR (0) - 4], eax
|
|
|
|
loop .clearPageTablesMemoryLoop
|
|
|
|
%endmacro
|
|
|
|
|
2024-03-01 08:43:55 +01:00
|
|
|
;
|
|
|
|
; Create page tables for 4-level paging
|
|
|
|
;
|
2024-05-02 13:49:21 +02:00
|
|
|
; Argument: upper 32 bits of the leaf page table entries
|
2024-03-01 08:43:55 +01:00
|
|
|
;
|
|
|
|
%macro CreatePageTables4Level 1
|
2024-03-01 08:43:59 +01:00
|
|
|
|
|
|
|
; indicate 4-level paging
|
|
|
|
debugShowPostCode 0x41
|
|
|
|
|
2024-03-01 08:43:55 +01:00
|
|
|
;
|
|
|
|
; Top level Page Directory Pointers (1 * 512GB entry)
|
|
|
|
;
|
|
|
|
mov dword[PT_ADDR (0)], PT_ADDR (0x1000) + PAGE_PDE_DIRECTORY_ATTR
|
2024-05-02 13:49:21 +02:00
|
|
|
mov dword[PT_ADDR (4)], 0
|
2024-03-01 08:43:55 +01:00
|
|
|
|
|
|
|
;
|
|
|
|
; Next level Page Directory Pointers (4 * 1GB entries => 4GB)
|
|
|
|
;
|
|
|
|
mov dword[PT_ADDR (0x1000)], PT_ADDR (0x2000) + PAGE_PDE_DIRECTORY_ATTR
|
2024-05-02 13:49:21 +02:00
|
|
|
mov dword[PT_ADDR (0x1004)], 0
|
2024-03-01 08:43:55 +01:00
|
|
|
mov dword[PT_ADDR (0x1008)], PT_ADDR (0x3000) + PAGE_PDE_DIRECTORY_ATTR
|
2024-05-02 13:49:21 +02:00
|
|
|
mov dword[PT_ADDR (0x100C)], 0
|
2024-03-01 08:43:55 +01:00
|
|
|
mov dword[PT_ADDR (0x1010)], PT_ADDR (0x4000) + PAGE_PDE_DIRECTORY_ATTR
|
2024-05-02 13:49:21 +02:00
|
|
|
mov dword[PT_ADDR (0x1014)], 0
|
2024-03-01 08:43:55 +01:00
|
|
|
mov dword[PT_ADDR (0x1018)], PT_ADDR (0x5000) + PAGE_PDE_DIRECTORY_ATTR
|
2024-05-02 13:49:21 +02:00
|
|
|
mov dword[PT_ADDR (0x101C)], 0
|
2024-03-01 08:43:55 +01:00
|
|
|
|
|
|
|
;
|
|
|
|
; Page Table Entries (2048 * 2MB entries => 4GB)
|
|
|
|
;
|
|
|
|
mov ecx, 0x800
|
|
|
|
.pageTableEntriesLoop4Level:
|
|
|
|
mov eax, ecx
|
|
|
|
dec eax
|
|
|
|
shl eax, 21
|
|
|
|
add eax, PAGE_PDE_LARGEPAGE_ATTR
|
|
|
|
mov dword[ecx * 8 + PT_ADDR (0x2000 - 8)], eax
|
|
|
|
mov dword[(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], %1
|
|
|
|
loop .pageTableEntriesLoop4Level
|
|
|
|
%endmacro
|
|
|
|
|
2024-03-01 08:43:58 +01:00
|
|
|
;
|
|
|
|
; Check whenever 5-level paging can be used
|
|
|
|
;
|
|
|
|
; Argument: jump label for 4-level paging
|
|
|
|
;
|
|
|
|
%macro Check5LevelPaging 1
|
|
|
|
; check for cpuid leaf 0x07
|
|
|
|
mov eax, 0x00
|
|
|
|
cpuid
|
|
|
|
cmp eax, 0x07
|
|
|
|
jb %1
|
|
|
|
|
|
|
|
; check for la57 (aka 5-level paging)
|
|
|
|
mov eax, 0x07
|
|
|
|
mov ecx, 0x00
|
|
|
|
cpuid
|
|
|
|
bt ecx, 16
|
|
|
|
jnc %1
|
|
|
|
|
|
|
|
; check for cpuid leaf 0x80000001
|
|
|
|
mov eax, 0x80000000
|
|
|
|
cpuid
|
|
|
|
cmp eax, 0x80000001
|
|
|
|
jb %1
|
|
|
|
|
|
|
|
; check for 1g pages
|
|
|
|
mov eax, 0x80000001
|
|
|
|
cpuid
|
|
|
|
bt edx, 26
|
|
|
|
jnc %1
|
|
|
|
%endmacro
|
|
|
|
|
|
|
|
;
|
|
|
|
; Create page tables for 5-level paging with gigabyte pages
|
|
|
|
;
|
2024-05-02 13:49:21 +02:00
|
|
|
; Argument: upper 32 bits of the leaf page table entries
|
2024-03-01 08:43:58 +01:00
|
|
|
;
|
|
|
|
; We have 6 pages available for the early page tables,
|
|
|
|
; we use four of them:
|
|
|
|
; PT_ADDR(0) - level 5 directory
|
|
|
|
; PT_ADDR(0x1000) - level 4 directory
|
|
|
|
; PT_ADDR(0x2000) - level 2 directory (0 -> 1GB)
|
|
|
|
; PT_ADDR(0x3000) - level 3 directory
|
|
|
|
;
|
|
|
|
; The level 2 directory for the first gigabyte has the same
|
|
|
|
; physical address in both 4-level and 5-level paging mode,
|
|
|
|
; SevClearPageEncMaskForGhcbPage depends on this.
|
|
|
|
;
|
|
|
|
; The 1 GB -> 4 GB range is mapped using 1G pages in the
|
|
|
|
; level 3 directory.
|
|
|
|
;
|
|
|
|
%macro CreatePageTables5Level 1
|
2024-03-01 08:43:59 +01:00
|
|
|
|
|
|
|
; indicate 5-level paging
|
|
|
|
debugShowPostCode 0x51
|
|
|
|
|
2024-03-01 08:43:58 +01:00
|
|
|
; level 5
|
|
|
|
mov dword[PT_ADDR (0)], PT_ADDR (0x1000) + PAGE_PDE_DIRECTORY_ATTR
|
2024-05-02 13:49:21 +02:00
|
|
|
mov dword[PT_ADDR (4)], 0
|
2024-03-01 08:43:58 +01:00
|
|
|
|
|
|
|
; level 4
|
|
|
|
mov dword[PT_ADDR (0x1000)], PT_ADDR (0x3000) + PAGE_PDE_DIRECTORY_ATTR
|
2024-05-02 13:49:21 +02:00
|
|
|
mov dword[PT_ADDR (0x1004)], 0
|
2024-03-01 08:43:58 +01:00
|
|
|
|
|
|
|
; level 3 (1x -> level 2, 3x 1GB)
|
|
|
|
mov dword[PT_ADDR (0x3000)], PT_ADDR (0x2000) + PAGE_PDE_DIRECTORY_ATTR
|
2024-05-02 13:49:21 +02:00
|
|
|
mov dword[PT_ADDR (0x3004)], 0
|
2024-03-01 08:43:58 +01:00
|
|
|
mov dword[PT_ADDR (0x3008)], (1 << 30) + PAGE_PDE_LARGEPAGE_ATTR
|
|
|
|
mov dword[PT_ADDR (0x300c)], %1
|
|
|
|
mov dword[PT_ADDR (0x3010)], (2 << 30) + PAGE_PDE_LARGEPAGE_ATTR
|
|
|
|
mov dword[PT_ADDR (0x3014)], %1
|
|
|
|
mov dword[PT_ADDR (0x3018)], (3 << 30) + PAGE_PDE_LARGEPAGE_ATTR
|
|
|
|
mov dword[PT_ADDR (0x301c)], %1
|
|
|
|
|
|
|
|
;
|
|
|
|
; level 2 (512 * 2MB entries => 1GB)
|
|
|
|
;
|
|
|
|
mov ecx, 0x200
|
|
|
|
.pageTableEntriesLoop5Level:
|
|
|
|
mov eax, ecx
|
|
|
|
dec eax
|
|
|
|
shl eax, 21
|
|
|
|
add eax, PAGE_PDE_LARGEPAGE_ATTR
|
|
|
|
mov dword[ecx * 8 + PT_ADDR (0x2000 - 8)], eax
|
|
|
|
mov dword[(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], %1
|
|
|
|
loop .pageTableEntriesLoop5Level
|
|
|
|
%endmacro
|
|
|
|
|
|
|
|
%macro Enable5LevelPaging 0
|
|
|
|
; set la57 bit in cr4
|
|
|
|
mov eax, cr4
|
|
|
|
bts eax, 12
|
|
|
|
mov cr4, eax
|
|
|
|
%endmacro
|
|
|
|
|
2013-09-24 20:23:20 +02:00
|
|
|
;
|
2017-07-06 15:21:11 +02:00
|
|
|
; Modified: EAX, EBX, ECX, EDX
|
2013-09-24 20:23:20 +02:00
|
|
|
;
|
|
|
|
SetCr3ForPageTables64:
|
2021-09-28 04:55:59 +02:00
|
|
|
; Check the TDX features.
|
|
|
|
; If it is TDX APs, then jump to SetCr3 directly.
|
|
|
|
; In TD guest the initialization is done by BSP, including building
|
|
|
|
; the page tables. APs will spin on until byte[TDX_WORK_AREA_PGTBL_READY]
|
|
|
|
; is set.
|
|
|
|
OneTimeCall CheckTdxFeaturesBeforeBuildPagetables
|
|
|
|
cmp eax, TDX_BSP
|
2024-03-01 08:43:56 +01:00
|
|
|
je TdxBspInit
|
2021-09-28 04:55:59 +02:00
|
|
|
cmp eax, TDX_AP
|
|
|
|
je SetCr3
|
2024-03-01 08:44:00 +01:00
|
|
|
%if PG_5_LEVEL
|
|
|
|
cmp eax, TDX_AP_5_LEVEL
|
|
|
|
jne CheckForSev
|
|
|
|
Enable5LevelPaging
|
|
|
|
jmp SetCr3
|
|
|
|
CheckForSev:
|
|
|
|
%endif
|
2013-09-24 20:23:20 +02:00
|
|
|
|
2021-08-17 15:46:51 +02:00
|
|
|
; Check whether the SEV is active and populate the SevEsWorkArea
|
2021-01-07 19:48:11 +01:00
|
|
|
OneTimeCall CheckSevFeatures
|
2024-03-01 08:43:57 +01:00
|
|
|
cmp byte[WORK_AREA_GUEST_TYPE], 1
|
|
|
|
jz SevInit
|
2017-07-06 15:21:11 +02:00
|
|
|
|
2024-03-01 08:43:57 +01:00
|
|
|
;
|
|
|
|
; normal (non-CoCo) workflow
|
|
|
|
;
|
|
|
|
ClearOvmfPageTables
|
2024-03-01 08:43:58 +01:00
|
|
|
%if PG_5_LEVEL
|
|
|
|
Check5LevelPaging Paging4Level
|
|
|
|
CreatePageTables5Level 0
|
|
|
|
Enable5LevelPaging
|
|
|
|
jmp SetCr3
|
|
|
|
Paging4Level:
|
|
|
|
%endif
|
2024-03-01 08:43:57 +01:00
|
|
|
CreatePageTables4Level 0
|
|
|
|
jmp SetCr3
|
|
|
|
|
|
|
|
SevInit:
|
|
|
|
;
|
|
|
|
; SEV workflow
|
|
|
|
;
|
|
|
|
ClearOvmfPageTables
|
2021-08-17 15:46:51 +02:00
|
|
|
; If SEV is enabled, the C-bit position is always above 31.
|
|
|
|
; The mask will be saved in the EDX and applied during the
|
|
|
|
; the page table build below.
|
|
|
|
OneTimeCall GetSevCBitMaskAbove31
|
2024-03-01 08:43:55 +01:00
|
|
|
CreatePageTables4Level edx
|
2021-08-17 15:46:51 +02:00
|
|
|
; Clear the C-bit from the GHCB page if the SEV-ES is enabled.
|
|
|
|
OneTimeCall SevClearPageEncMaskForGhcbPage
|
2024-03-01 08:43:56 +01:00
|
|
|
jmp SetCr3
|
OvmfPkg: Create a GHCB page for use during Sec phase
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
A GHCB page is needed during the Sec phase, so this new page must be
created. Since the #VC exception handler routines assume that a per-CPU
variable area is immediately after the GHCB, this per-CPU variable area
must also be created. Since the GHCB must be marked as an un-encrypted,
or shared, page, an additional pagetable page is required to break down
the 2MB region where the GHCB page lives into 4K pagetable entries.
Create a new entry in the OVMF memory layout for the new page table
page and for the SEC GHCB and per-CPU variable pages. After breaking down
the 2MB page, update the GHCB page table entry to remove the encryption
mask.
The GHCB page will be used by the SEC #VC exception handler. The #VC
exception handler will fill in the necessary fields of the GHCB and exit
to the hypervisor using the VMGEXIT instruction. The hypervisor then
accesses the GHCB in order to perform the requested function.
Four new fixed PCDs are needed to support the SEC GHCB page:
- PcdOvmfSecGhcbBase UINT32 value that is the base address of the
GHCB used during the SEC phase.
- PcdOvmfSecGhcbSize UINT32 value that is the size, in bytes, of the
GHCB area used during the SEC phase.
- PcdOvmfSecGhcbPageTableBase UINT32 value that is address of a page
table page used to break down the 2MB page into
512 4K pages.
- PcdOvmfSecGhcbPageTableSize UINT32 value that is the size, in bytes,
of the page table page.
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
2020-08-12 22:21:40 +02:00
|
|
|
|
2024-03-01 08:43:56 +01:00
|
|
|
TdxBspInit:
|
|
|
|
;
|
|
|
|
; TDX BSP workflow
|
|
|
|
;
|
|
|
|
ClearOvmfPageTables
|
2024-03-01 08:44:00 +01:00
|
|
|
%if PG_5_LEVEL
|
|
|
|
Check5LevelPaging Tdx4Level
|
|
|
|
CreatePageTables5Level 0
|
|
|
|
OneTimeCall TdxPostBuildPageTables5Level
|
|
|
|
Enable5LevelPaging
|
|
|
|
jmp SetCr3
|
|
|
|
Tdx4Level:
|
|
|
|
%endif
|
2024-03-01 08:43:56 +01:00
|
|
|
CreatePageTables4Level 0
|
|
|
|
OneTimeCall TdxPostBuildPageTables
|
|
|
|
jmp SetCr3
|
2021-09-28 04:55:59 +02:00
|
|
|
|
OvmfPkg: Create a GHCB page for use during Sec phase
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
A GHCB page is needed during the Sec phase, so this new page must be
created. Since the #VC exception handler routines assume that a per-CPU
variable area is immediately after the GHCB, this per-CPU variable area
must also be created. Since the GHCB must be marked as an un-encrypted,
or shared, page, an additional pagetable page is required to break down
the 2MB region where the GHCB page lives into 4K pagetable entries.
Create a new entry in the OVMF memory layout for the new page table
page and for the SEC GHCB and per-CPU variable pages. After breaking down
the 2MB page, update the GHCB page table entry to remove the encryption
mask.
The GHCB page will be used by the SEC #VC exception handler. The #VC
exception handler will fill in the necessary fields of the GHCB and exit
to the hypervisor using the VMGEXIT instruction. The hypervisor then
accesses the GHCB in order to perform the requested function.
Four new fixed PCDs are needed to support the SEC GHCB page:
- PcdOvmfSecGhcbBase UINT32 value that is the base address of the
GHCB used during the SEC phase.
- PcdOvmfSecGhcbSize UINT32 value that is the size, in bytes, of the
GHCB area used during the SEC phase.
- PcdOvmfSecGhcbPageTableBase UINT32 value that is address of a page
table page used to break down the 2MB page into
512 4K pages.
- PcdOvmfSecGhcbPageTableSize UINT32 value that is the size, in bytes,
of the page table page.
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
2020-08-12 22:21:40 +02:00
|
|
|
SetCr3:
|
2024-03-01 08:43:58 +01:00
|
|
|
;
|
|
|
|
; common workflow
|
2013-09-24 20:23:20 +02:00
|
|
|
;
|
|
|
|
; Set CR3 now that the paging structures are available
|
|
|
|
;
|
2016-11-04 14:32:39 +01:00
|
|
|
mov eax, PT_ADDR (0)
|
2013-09-24 20:23:20 +02:00
|
|
|
mov cr3, eax
|
|
|
|
|
|
|
|
OneTimeCallRet SetCr3ForPageTables64
|