From nobody Mon Feb 9 03:51:26 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+79161+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+79161+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1628769457; cv=none; d=zohomail.com; s=zohoarc; b=NCUhqP4sA8BKwiSV1TWFXVl4/lDIRw13zjcD0+hwU6s79tKnaOwQ9wlPLtXIVclgWhgJ6YX9a+VjGaBm8vUvbwjdGgrcBtE4lKOrZ5kGnO+KkQfWzmzq3/yOVw6RLqJni/BEr3j9abQ1M84JM0aAlKS1TnnDgyRtCUM23xEkaFU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1628769457; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=u+I91iQeTKAZ55uQDu0ixxD2JPaYnG1QrOARwPgg3Ek=; b=I0N3yRgrZ7eFOr/S3ipoiCcr2YypKbMwfKcya7iJ50SMQ+I1qQa2FiqV8giJzYWbJbCQtbksds+FgnIflxCiFTbx25jPDqoVJ/eBLb7KdeNIoWsW0f/B2bEd4imKdHD3CKT1dHqJuaweI1nkz17AWAXi3SvhrDZOx5TnQznPgIk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+79161+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 16287694571481014.5637960648054; Thu, 12 Aug 2021 04:57:37 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id QXG7YY1788612x7eRU4taGL9; Thu, 12 Aug 2021 04:57:36 -0700 X-Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web12.21190.1628769444911593052 for ; Thu, 12 Aug 2021 04:57:36 -0700 X-IronPort-AV: E=McAfee;i="6200,9189,10073"; a="215322167" X-IronPort-AV: E=Sophos;i="5.84,315,1620716400"; d="scan'208";a="215322167" X-Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Aug 2021 04:57:35 -0700 X-IronPort-AV: E=Sophos;i="5.84,315,1620716400"; d="scan'208";a="517433603" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.175.248]) by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Aug 2021 04:57:32 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Michael D Kinney , Liming Gao , Zhiguang Liu , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky Subject: [edk2-devel] [PATCH 05/23] MdePkg: Add TdxProbeLib to probe Intel Tdx Date: Thu, 12 Aug 2021 19:56:44 +0800 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: f2cCAjekp5QxrDGFTgjL46fFx1787277AA= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1628769456; bh=CBWhqYtul+qUi0tWjfTsgp7FECZvY8pzaLWTZhh0aWc=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=WgPSFemc6e5DhiCCpaXfUZZXsu5DGz6qP35UlFLzXUZ0EKD2rIm5QwdfjpYMHYZsplS ZvHOT7CbpKAwuJzLmwtTFE9ID3k4M8FMJKvPTMSE1Lg4zWnoV6WCCwmscFJXhLUk0ibnA sw8VmALYrB8ThQe+KuDfRZHPvaj2cmr0jv8= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1628769459055100001 RFC=EF=BC=9A https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 Guest software can be designed to run either as a TD, as a legacy virtual machine, or directly on the CPU, based on enumeration of its run-time environment. CPUID leaf 0x21 emulation is done by the Intel TDX module. Sub-leaf 0 returns the values of "IntelTDX " in EBX/EDX/ECX. TdxProbeLib provides *TdxIsEnabled* to determine Td or Non-Td. On IA32 it always return FALSE because Intel TDX only works on X64. Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Signed-off-by: Min Xu --- MdePkg/Include/Library/TdxProbeLib.h | 25 +++++ MdePkg/Library/TdxProbeLib/InternalTdxProbe.h | 25 +++++ MdePkg/Library/TdxProbeLib/TdProbeNull.c | 25 +++++ MdePkg/Library/TdxProbeLib/TdxProbeLib.c | 35 +++++++ MdePkg/Library/TdxProbeLib/TdxProbeLib.inf | 34 +++++++ MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm | 97 +++++++++++++++++++ MdePkg/MdePkg.dec | 3 + MdePkg/MdePkg.dsc | 1 + 8 files changed, 245 insertions(+) create mode 100644 MdePkg/Include/Library/TdxProbeLib.h create mode 100644 MdePkg/Library/TdxProbeLib/InternalTdxProbe.h create mode 100644 MdePkg/Library/TdxProbeLib/TdProbeNull.c create mode 100644 MdePkg/Library/TdxProbeLib/TdxProbeLib.c create mode 100644 MdePkg/Library/TdxProbeLib/TdxProbeLib.inf create mode 100644 MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm diff --git a/MdePkg/Include/Library/TdxProbeLib.h b/MdePkg/Include/Library/= TdxProbeLib.h new file mode 100644 index 000000000000..d4fa4ba4cdf8 --- /dev/null +++ b/MdePkg/Include/Library/TdxProbeLib.h @@ -0,0 +1,25 @@ +/** @file + TdxProbeLib definitions + + Copyright (c) 2021, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef TDX_PROBE_LIB_H_ +#define TDX_PROBE_LIB_H_ + +#include + +/** + Whether Intel TDX is enabled. + + @return TRUE TDX enabled + @return FALSE TDX not enabled +**/ +BOOLEAN +EFIAPI +TdxIsEnabled ( + VOID); + +#endif diff --git a/MdePkg/Library/TdxProbeLib/InternalTdxProbe.h b/MdePkg/Library= /TdxProbeLib/InternalTdxProbe.h new file mode 100644 index 000000000000..53cbbeda8cd8 --- /dev/null +++ b/MdePkg/Library/TdxProbeLib/InternalTdxProbe.h @@ -0,0 +1,25 @@ +/** @file + Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef INTERNAL_TDX_PROBE_H_ +#define INTERNAL_TDX_PROBE_H_ + +#define PROBE_IS_TD_GUEST 0 +#define PROBE_NOT_TD_GUEST 1 + +/** + The internal Td Probe implementation. + + @return 0 TD guest + @return others Non-TD guest +**/ +UINTN +EFIAPI +TdProbe ( + VOID + ); + +#endif diff --git a/MdePkg/Library/TdxProbeLib/TdProbeNull.c b/MdePkg/Library/TdxP= robeLib/TdProbeNull.c new file mode 100644 index 000000000000..12e9e1f8a7d4 --- /dev/null +++ b/MdePkg/Library/TdxProbeLib/TdProbeNull.c @@ -0,0 +1,25 @@ +/** @file + + Copyright (c) 2021, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + + +#include +#include "InternalTdxProbe.h" + +/** + TDX only works in X64. So allways return -1 to indicate Non-Td. + + @return 0 TD guest + @return others Non-TD guest +**/ +UINTN +EFIAPI +TdProbe ( + VOID + ) +{ + return PROBE_NOT_TD_GUEST; +} diff --git a/MdePkg/Library/TdxProbeLib/TdxProbeLib.c b/MdePkg/Library/TdxP= robeLib/TdxProbeLib.c new file mode 100644 index 000000000000..3f4524dc16a6 --- /dev/null +++ b/MdePkg/Library/TdxProbeLib/TdxProbeLib.c @@ -0,0 +1,35 @@ +/** @file + instance of TdxProbeLib + + Copyright (c) 2021, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + + +#include +#include +#include "InternalTdxProbe.h" + +BOOLEAN mTdxEnabled =3D FALSE; +BOOLEAN mTdxProbed =3D FALSE; + +/** + Whether Intel TDX is enabled. + + @return TRUE TDX enabled + @return FALSE TDX not enabled +**/ +BOOLEAN +EFIAPI +TdxIsEnabled ( + VOID) +{ + if (mTdxProbed) { + return mTdxEnabled; + } + + mTdxEnabled =3D TdProbe () =3D=3D PROBE_IS_TD_GUEST; + mTdxProbed =3D TRUE; + return mTdxEnabled; +} diff --git a/MdePkg/Library/TdxProbeLib/TdxProbeLib.inf b/MdePkg/Library/Td= xProbeLib/TdxProbeLib.inf new file mode 100644 index 000000000000..59fc12c41569 --- /dev/null +++ b/MdePkg/Library/TdxProbeLib/TdxProbeLib.inf @@ -0,0 +1,34 @@ +## @file +# Tdx Probe library instance +# +# Copyright (c) 2021, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D TdxProbeLib + FILE_GUID =3D 26BF0B58-6E9D-4375-A363-52FD83FB82CE + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D TdxProbeLib + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Sources] + TdxProbeLib.c + InternalTdxProbe.h + +[Sources.X64] + X64/TdProbe.nasm + +[Sources.IA32] + TdProbeNull.c + +[Packages] + MdePkg/MdePkg.dec diff --git a/MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm b/MdePkg/Library/T= dxProbeLib/X64/TdProbe.nasm new file mode 100644 index 000000000000..ed941830f0ca --- /dev/null +++ b/MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm @@ -0,0 +1,97 @@ +;-------------------------------------------------------------------------= ----- +;* +;* CPUID leaf 0x21 emulation is done by the Intel TDX module. Sub-leaf 0 +;* returns the values of "IntelTDX " in EBX/EDX/ECX. +;* +;* Copyright (c) 2021, Intel Corporation. All rights reserved.
+;* SPDX-License-Identifier: BSD-2-Clause-Patent +;* +;* +;-------------------------------------------------------------------------= ----- + +DEFAULT REL +SECTION .text + +%define TD_PROBE_TD_GUEST 0 +%define TD_PROBE_NOT_TD_GUEST 1 + +%macro td_push_regs 0 + push rbp + mov rbp, rsp + push r15 + push r14 + push r13 + push r12 + push rbx + push rsi + push rdi +%endmacro + +%macro td_pop_regs 0 + pop rdi + pop rsi + pop rbx + pop r12 + pop r13 + pop r14 + pop r15 + pop rbp +%endmacro + + +global ASM_PFX(TdProbe) +ASM_PFX(TdProbe): + + td_push_regs + + ; + ; CPUID (0) + ; + mov eax, 0 + cpuid + cmp ebx, 0x756e6547 ; "Genu" + jne .not_td + cmp edx, 0x49656e69 ; "ineI" + jne .not_td + cmp ecx, 0x6c65746e ; "ntel" + jne .not_td + + ; + ; CPUID (1) + ; + mov eax, 1 + cpuid + test ecx, 0x80000000 + jz .not_td + + ; + ; CPUID[0].EAX >=3D 0x21? + ; + mov eax, 0 + cpuid + cmp eax, 0x21 + jl .not_td + + ; + ; CPUID (0x21,0) + ; + mov eax, 0x21 + mov ecx, 0 + cpuid + + cmp ebx, 0x65746E49 ; "Inte" + jne .not_td + cmp edx, 0x5844546C ; "lTDX" + jne .not_td + cmp ecx, 0x20202020 ; " " + jne .not_td + + mov rax, TD_PROBE_TD_GUEST + jmp .exit + +.not_td: + mov rax, TD_PROBE_NOT_TD_GUEST + +.exit: + td_pop_regs + ret diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index a28a2daaffa8..5702b0596499 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -296,6 +296,9 @@ ## @libraryclass Provides services to log the SMI handler registration. SmiHandlerProfileLib|Include/Library/SmiHandlerProfileLib.h =20 + ## @libraryclass Provides function to support TDX probe processing. + TdxProbeLib|Include/Library/TdxProbeLib.h + [Guids] # # GUID defined in UEFI2.1/UEFI2.0/EFI1.1 diff --git a/MdePkg/MdePkg.dsc b/MdePkg/MdePkg.dsc index a94959169b2f..a62a9504bc12 100644 --- a/MdePkg/MdePkg.dsc +++ b/MdePkg/MdePkg.dsc @@ -130,6 +130,7 @@ MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib= .inf =20 MdePkg/Library/RegisterFilterLibNull/RegisterFilterLibNull.inf + MdePkg/Library/TdxProbeLib/TdxProbeLib.inf =20 [Components.IA32, Components.X64, Components.ARM, Components.AARCH64] # --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#79161): https://edk2.groups.io/g/devel/message/79161 Mute This Topic: https://groups.io/mt/84837894/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-