From nobody Sun May 19 08:30:41 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+98963+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+98963+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=linux.microsoft.com
ARC-Seal: i=1; a=rsa-sha256; t=1674484979; cv=none;
	d=zohomail.com; s=zohoarc;
	b=c1MOepckXh2bBuN27bmFTkziaS4Zm4tQPt0ubmLhSM1Ca8ukVLvZkXNyDCvECJ4NkfCMBj4F9jvn6uTYQ0e2hYpPZmRw0xa/pHHZBiT+1mH6UvVbZfQBQSC/ecLKZH5oLhFku5ikYqMepBQZJxdHv9wRq0RCtWblBPWZTmA4znw=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1674484979;
 h=Content-Transfer-Encoding:Date:From:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To;
	bh=0cmMNe4lZZ7tMaIIVYePe8dfYABrIsdy7LvAfccpl7Y=;
	b=j+eOXEveoDV3k+lczjexgeXJ4OZG0RwM3GNHPhBrFwiFRJxiD/Y5NUS46UocFhVNfQ2nHnoUw3YLLXMhE+celLYL6cJnDGTot0HTwcXQBfj11rx8goDJWdGPCKVIOXwT815rtuXoF14AXO98MSsHKYy4UYr9dAH8v2mQiluT5+E=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+98963+1787277+3901457@groups.io;
	dmarc=fail header.from=<eiakovlev@linux.microsoft.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1674484979708161.2567328555699;
 Mon, 23 Jan 2023 06:42:59 -0800 (PST)
Return-Path: <bounce+27952+98963+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id qbJmYY1788612xRuPBl1ShmK;
 Mon, 23 Jan 2023 06:42:59 -0800
X-Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182])
 by mx.groups.io with SMTP id smtpd.web11.42336.1674480805085860876
 for <devel@edk2.groups.io>;
 Mon, 23 Jan 2023 05:33:25 -0800
X-Received: from localhost.localdomain (unknown [77.64.253.114])
	by linux.microsoft.com (Postfix) with ESMTPSA id 2C50520E2C3A
	for <devel@edk2.groups.io>; Mon, 23 Jan 2023 05:33:24 -0800 (PST)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 2C50520E2C3A
From: "Evgeny Iakovlev" <eiakovlev@linux.microsoft.com>
To: devel@edk2.groups.io
Subject: [edk2-devel] [PATCH] ArmVirtPkg/PrePei: when starting in EL2
 configure HCR to not trap on PAC
Date: Mon, 23 Jan 2023 14:33:17 +0100
Message-Id: <20230123133317.22491-1-eiakovlev@linux.microsoft.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,eiakovlev@linux.microsoft.com
X-Gm-Message-State: ltgZcoIez1YDxRlvg2o7HXeOx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1674484979;
 bh=7nPiJD0lx05aSLCOXaKDfOclvXyEB7Eg9jUL2w7rNLI=;
 h=Date:From:Reply-To:Subject:To;
 b=Zyac7b/ghB5miW4GjPD5NfaAD7BsFaQyDVEWfPUJixbRMCFWId2wjgCIqWR/eQ8Vf6W
 uORGMLVDmddvQjx3bjDJGc39SBiEnYk/b9aVHPCC1kMzqtSCcFGsEfuDGEazxHb7MZ4q9
 YAh1/1rmW5Iey7c8o+e4IT1oNeEAyodznJs=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1674484981449100003
Content-Type: text/plain; charset="utf-8"

When FEAT_PAuth is impelemented HCR_EL2.APK and HCR_EL2.API bits control
whether PAC-related instructions and register accesses should be trapped
by the EL2 hypervisor. Note that bit value 0b1 means do NOT trap. When
FEAT_PAuth is not implemented or if EL2 is disabled, those bits are
ignored and system behaves as if their value was 0b1.

When starting in EL2 on ArmVirtPkg get our of the way of a potential
hypervisor by setting APK and API bits.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Evgeny Iakovlev <eiakovlev@linux.microsoft.com>
---
 ArmPkg/Include/Chipset/AArch64.h           | 2 ++
 ArmPlatformPkg/PrePeiCore/AArch64/Helper.S | 5 +++++
 ArmVirtPkg/PrePi/AArch64/ArchPrePi.c       | 3 ++-
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/ArmPkg/Include/Chipset/AArch64.h b/ArmPkg/Include/Chipset/AArc=
h64.h
index bfd2859f51..da8737236d 100644
--- a/ArmPkg/Include/Chipset/AArch64.h
+++ b/ArmPkg/Include/Chipset/AArch64.h
@@ -57,6 +57,8 @@
 #define ARM_HCR_AMO  BIT5
 #define ARM_HCR_TSC  BIT19
 #define ARM_HCR_TGE  BIT27
+#define ARM_HCR_APK  BIT40
+#define ARM_HCR_API  BIT41
=20
 // Exception Syndrome Register
 #define AARCH64_ESR_EC(Ecr)   ((0x3F << 26) & (Ecr))
diff --git a/ArmPlatformPkg/PrePeiCore/AArch64/Helper.S b/ArmPlatformPkg/Pr=
ePeiCore/AArch64/Helper.S
index 2a604b719b..0f413c5655 100644
--- a/ArmPlatformPkg/PrePeiCore/AArch64/Helper.S
+++ b/ArmPlatformPkg/PrePeiCore/AArch64/Helper.S
@@ -26,6 +26,11 @@ ASM_FUNC(SetupExceptionLevel2)
    orr     x0, x0, #(1 << 3)      // Enable EL2 FIQ
    orr     x0, x0, #(1 << 4)      // Enable EL2 IRQ
    orr     x0, x0, #(1 << 5)      // Enable EL2 SError and Abort
+
+   // Get out of the way of a poitential EL2 hypervisor by NOT trapping PA=
C registers and instructions
+   orr     x0, x0, #(1 << 40)     // HCR_EL2.APK
+   orr     x0, x0, #(1 << 41)     // HCR_EL2.API
+
    msr     hcr_el2, x0            // Write back our settings
=20
    msr     cptr_el2, xzr          // Disable copro traps to EL2
diff --git a/ArmVirtPkg/PrePi/AArch64/ArchPrePi.c b/ArmVirtPkg/PrePi/AArch6=
4/ArchPrePi.c
index 9cab88ca08..29da9d4050 100644
--- a/ArmVirtPkg/PrePi/AArch64/ArchPrePi.c
+++ b/ArmVirtPkg/PrePi/AArch64/ArchPrePi.c
@@ -22,6 +22,7 @@ ArchInitialize (
=20
   if (ArmReadCurrentEL () =3D=3D AARCH64_EL2) {
     // Trap General Exceptions. All exceptions that would be routed to EL1=
 are routed to EL2
-    ArmWriteHcr (ARM_HCR_TGE);
+    // Also get out of the way of a potential EL2 hypervisor and do NOT tr=
ap PAC registers or instructions.
+    ArmWriteHcr (ARM_HCR_TGE | ARM_HCR_APK | ARM_HCR_API);
   }
 }
--=20
2.34.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#98963): https://edk2.groups.io/g/devel/message/98963
Mute This Topic: https://groups.io/mt/96474724/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-