RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429
Guest software can be designed to run either as a TD, as a legacy virtual
machine, or directly on the CPU, based on enumeration of its run-time
environment. CPUID leaf 0x21 emulation is done by the Intel TDX module.
Sub-leaf 0 returns the values of "IntelTDX " in EBX/EDX/ECX.
TdxProbeLib provides *TdxIsEnabled* to determine Td or Non-Td.
On IA32 it always return FALSE because Intel TDX only works on X64.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
MdePkg/Include/Library/TdxProbeLib.h | 25 +++++
MdePkg/Library/TdxProbeLib/InternalTdxProbe.h | 25 +++++
MdePkg/Library/TdxProbeLib/TdProbeNull.c | 25 +++++
MdePkg/Library/TdxProbeLib/TdxProbeLib.c | 35 +++++++
MdePkg/Library/TdxProbeLib/TdxProbeLib.inf | 34 +++++++
MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm | 97 +++++++++++++++++++
MdePkg/MdePkg.dec | 3 +
MdePkg/MdePkg.dsc | 1 +
8 files changed, 245 insertions(+)
create mode 100644 MdePkg/Include/Library/TdxProbeLib.h
create mode 100644 MdePkg/Library/TdxProbeLib/InternalTdxProbe.h
create mode 100644 MdePkg/Library/TdxProbeLib/TdProbeNull.c
create mode 100644 MdePkg/Library/TdxProbeLib/TdxProbeLib.c
create mode 100644 MdePkg/Library/TdxProbeLib/TdxProbeLib.inf
create mode 100644 MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm
diff --git a/MdePkg/Include/Library/TdxProbeLib.h b/MdePkg/Include/Library/TdxProbeLib.h
new file mode 100644
index 000000000000..d4fa4ba4cdf8
--- /dev/null
+++ b/MdePkg/Include/Library/TdxProbeLib.h
@@ -0,0 +1,25 @@
+/** @file
+ TdxProbeLib definitions
+
+ Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef TDX_PROBE_LIB_H_
+#define TDX_PROBE_LIB_H_
+
+#include <Library/BaseLib.h>
+
+/**
+ Whether Intel TDX is enabled.
+
+ @return TRUE TDX enabled
+ @return FALSE TDX not enabled
+**/
+BOOLEAN
+EFIAPI
+TdxIsEnabled (
+ VOID);
+
+#endif
diff --git a/MdePkg/Library/TdxProbeLib/InternalTdxProbe.h b/MdePkg/Library/TdxProbeLib/InternalTdxProbe.h
new file mode 100644
index 000000000000..53cbbeda8cd8
--- /dev/null
+++ b/MdePkg/Library/TdxProbeLib/InternalTdxProbe.h
@@ -0,0 +1,25 @@
+/** @file
+ Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef INTERNAL_TDX_PROBE_H_
+#define INTERNAL_TDX_PROBE_H_
+
+#define PROBE_IS_TD_GUEST 0
+#define PROBE_NOT_TD_GUEST 1
+
+/**
+ The internal Td Probe implementation.
+
+ @return 0 TD guest
+ @return others Non-TD guest
+**/
+UINTN
+EFIAPI
+TdProbe (
+ VOID
+ );
+
+#endif
diff --git a/MdePkg/Library/TdxProbeLib/TdProbeNull.c b/MdePkg/Library/TdxProbeLib/TdProbeNull.c
new file mode 100644
index 000000000000..12e9e1f8a7d4
--- /dev/null
+++ b/MdePkg/Library/TdxProbeLib/TdProbeNull.c
@@ -0,0 +1,25 @@
+/** @file
+
+ Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+
+#include <Library/BaseLib.h>
+#include "InternalTdxProbe.h"
+
+/**
+ TDX only works in X64. So allways return -1 to indicate Non-Td.
+
+ @return 0 TD guest
+ @return others Non-TD guest
+**/
+UINTN
+EFIAPI
+TdProbe (
+ VOID
+ )
+{
+ return PROBE_NOT_TD_GUEST;
+}
diff --git a/MdePkg/Library/TdxProbeLib/TdxProbeLib.c b/MdePkg/Library/TdxProbeLib/TdxProbeLib.c
new file mode 100644
index 000000000000..3f4524dc16a6
--- /dev/null
+++ b/MdePkg/Library/TdxProbeLib/TdxProbeLib.c
@@ -0,0 +1,35 @@
+/** @file
+ instance of TdxProbeLib
+
+ Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+
+#include <Library/BaseLib.h>
+#include <Library/TdxProbeLib.h>
+#include "InternalTdxProbe.h"
+
+BOOLEAN mTdxEnabled = FALSE;
+BOOLEAN mTdxProbed = FALSE;
+
+/**
+ Whether Intel TDX is enabled.
+
+ @return TRUE TDX enabled
+ @return FALSE TDX not enabled
+**/
+BOOLEAN
+EFIAPI
+TdxIsEnabled (
+ VOID)
+{
+ if (mTdxProbed) {
+ return mTdxEnabled;
+ }
+
+ mTdxEnabled = TdProbe () == PROBE_IS_TD_GUEST;
+ mTdxProbed = TRUE;
+ return mTdxEnabled;
+}
diff --git a/MdePkg/Library/TdxProbeLib/TdxProbeLib.inf b/MdePkg/Library/TdxProbeLib/TdxProbeLib.inf
new file mode 100644
index 000000000000..59fc12c41569
--- /dev/null
+++ b/MdePkg/Library/TdxProbeLib/TdxProbeLib.inf
@@ -0,0 +1,34 @@
+## @file
+# Tdx Probe library instance
+#
+# Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = TdxProbeLib
+ FILE_GUID = 26BF0B58-6E9D-4375-A363-52FD83FB82CE
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = TdxProbeLib
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ TdxProbeLib.c
+ InternalTdxProbe.h
+
+[Sources.X64]
+ X64/TdProbe.nasm
+
+[Sources.IA32]
+ TdProbeNull.c
+
+[Packages]
+ MdePkg/MdePkg.dec
diff --git a/MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm b/MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm
new file mode 100644
index 000000000000..ed941830f0ca
--- /dev/null
+++ b/MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm
@@ -0,0 +1,97 @@
+;------------------------------------------------------------------------------
+;*
+;* CPUID leaf 0x21 emulation is done by the Intel TDX module. Sub-leaf 0
+;* returns the values of "IntelTDX " in EBX/EDX/ECX.
+;*
+;* Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+;* SPDX-License-Identifier: BSD-2-Clause-Patent
+;*
+;*
+;------------------------------------------------------------------------------
+
+DEFAULT REL
+SECTION .text
+
+%define TD_PROBE_TD_GUEST 0
+%define TD_PROBE_NOT_TD_GUEST 1
+
+%macro td_push_regs 0
+ push rbp
+ mov rbp, rsp
+ push r15
+ push r14
+ push r13
+ push r12
+ push rbx
+ push rsi
+ push rdi
+%endmacro
+
+%macro td_pop_regs 0
+ pop rdi
+ pop rsi
+ pop rbx
+ pop r12
+ pop r13
+ pop r14
+ pop r15
+ pop rbp
+%endmacro
+
+
+global ASM_PFX(TdProbe)
+ASM_PFX(TdProbe):
+
+ td_push_regs
+
+ ;
+ ; CPUID (0)
+ ;
+ mov eax, 0
+ cpuid
+ cmp ebx, 0x756e6547 ; "Genu"
+ jne .not_td
+ cmp edx, 0x49656e69 ; "ineI"
+ jne .not_td
+ cmp ecx, 0x6c65746e ; "ntel"
+ jne .not_td
+
+ ;
+ ; CPUID (1)
+ ;
+ mov eax, 1
+ cpuid
+ test ecx, 0x80000000
+ jz .not_td
+
+ ;
+ ; CPUID[0].EAX >= 0x21?
+ ;
+ mov eax, 0
+ cpuid
+ cmp eax, 0x21
+ jl .not_td
+
+ ;
+ ; CPUID (0x21,0)
+ ;
+ mov eax, 0x21
+ mov ecx, 0
+ cpuid
+
+ cmp ebx, 0x65746E49 ; "Inte"
+ jne .not_td
+ cmp edx, 0x5844546C ; "lTDX"
+ jne .not_td
+ cmp ecx, 0x20202020 ; " "
+ jne .not_td
+
+ mov rax, TD_PROBE_TD_GUEST
+ jmp .exit
+
+.not_td:
+ mov rax, TD_PROBE_NOT_TD_GUEST
+
+.exit:
+ td_pop_regs
+ ret
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index a28a2daaffa8..5702b0596499 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -296,6 +296,9 @@
## @libraryclass Provides services to log the SMI handler registration.
SmiHandlerProfileLib|Include/Library/SmiHandlerProfileLib.h
+ ## @libraryclass Provides function to support TDX probe processing.
+ TdxProbeLib|Include/Library/TdxProbeLib.h
+
[Guids]
#
# GUID defined in UEFI2.1/UEFI2.0/EFI1.1
diff --git a/MdePkg/MdePkg.dsc b/MdePkg/MdePkg.dsc
index a94959169b2f..a62a9504bc12 100644
--- a/MdePkg/MdePkg.dsc
+++ b/MdePkg/MdePkg.dsc
@@ -130,6 +130,7 @@
MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf
MdePkg/Library/RegisterFilterLibNull/RegisterFilterLibNull.inf
+ MdePkg/Library/TdxProbeLib/TdxProbeLib.inf
[Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
#
--
2.29.2.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#79161): https://edk2.groups.io/g/devel/message/79161
Mute This Topic: https://groups.io/mt/84837894/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
> +++ b/MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm Any specific reason why you code up your own instead of using the existing cpuid functions in BaseLib ? take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#79347): https://edk2.groups.io/g/devel/message/79347 Mute This Topic: https://groups.io/mt/84837894/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
On Monday, August 16, 2021 5:43 PM, Gerd Hoffmann wrote: > > +++ b/MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm > > Any specific reason why you code up your own instead of using the existing > cpuid functions in BaseLib ? Actually there is no specific reason. I am not sure if AsmCpuid is a preferred way in this situation? If yes I will update my code to use AsmCpuid. > Thanks! Min -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#79392): https://edk2.groups.io/g/devel/message/79392 Mute This Topic: https://groups.io/mt/84837894/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
On Tue, Aug 17, 2021 at 12:14:44AM +0000, Min Xu wrote: > On Monday, August 16, 2021 5:43 PM, Gerd Hoffmann wrote: > > > +++ b/MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm > > > > Any specific reason why you code up your own instead of using the existing > > cpuid functions in BaseLib ? > Actually there is no specific reason. I am not sure if AsmCpuid is a preferred way > in this situation? I'm pretty sure it is preferred over duplicating code. Early setup code (before stack setup where you can't do calls) is a different story. Also: Why there are separate TdxProbeLib + TdxLib libs? take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#79412): https://edk2.groups.io/g/devel/message/79412 Mute This Topic: https://groups.io/mt/84837894/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
On August 17, 2021 4:21 PM, Gerd Hoffmann wrote: > On Tue, Aug 17, 2021 at 12:14:44AM +0000, Min Xu wrote: > > On Monday, August 16, 2021 5:43 PM, Gerd Hoffmann wrote: > > > > +++ b/MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm > > > > > > Any specific reason why you code up your own instead of using the > > > existing cpuid functions in BaseLib ? > > Actually there is no specific reason. I am not sure if AsmCpuid is a > > preferred way in this situation? > > I'm pretty sure it is preferred over duplicating code. Thanks for reminder. I will use AsmCpuid in my next version. > > Early setup code (before stack setup where you can't do calls) is a different story. > > Also: Why there are separate TdxProbeLib + TdxLib libs? This is because TdxLib wrap the operations of TdCall and TdVmcall. While TdxProbeLib is a library to probe (call CPUID(0x21)) if it is td guest or not. I am open to merge these 2 libs into one if the community think it is a right way. > > take care, > Gerd > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#79415): https://edk2.groups.io/g/devel/message/79415 Mute This Topic: https://groups.io/mt/84837894/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Hi, > > Also: Why there are separate TdxProbeLib + TdxLib libs? > This is because TdxLib wrap the operations of TdCall and TdVmcall. While TdxProbeLib > is a library to probe (call CPUID(0x21)) if it is td guest or not. I am open to merge these 2 > libs into one if the community think it is a right way. My expectation is that you would need either none (build without tdx support) or both (build with tdx support). If that is correct I don't see the point in splitting this into two libs. take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#79416): https://edk2.groups.io/g/devel/message/79416 Mute This Topic: https://groups.io/mt/84837894/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
On Thu, Aug 12, 2021 at 2:57 PM Min Xu <min.m.xu@intel.com> wrote: > + > +#include <Library/BaseLib.h> > +#include "InternalTdxProbe.h" > + > +/** > + TDX only works in X64. So allways return -1 to indicate Non-Td. s/allways/always Also, -1 or 1? PROBE_NOT_TD_GUEST is defined as 1. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80522): https://edk2.groups.io/g/devel/message/80522 Mute This Topic: https://groups.io/mt/84837894/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
On September 11, 2021 9:15 AM, Erden Aktas wrote: > On Thu, Aug 12, 2021 at 2:57 PM Min Xu <min.m.xu@intel.com> wrote: > > + > > +#include <Library/BaseLib.h> > > +#include "InternalTdxProbe.h" > > + > > +/** > > + TDX only works in X64. So allways return -1 to indicate Non-Td. > s/allways/always > > Also, -1 or 1? PROBE_NOT_TD_GUEST is defined as 1. > TdxProbeLib will be removed in next version. According to the discussion a new PCD (ConfidentialComputingCategory) will be added to record the type of VM Guest, such as Legacy guest, SEV guest, TDX guest, etc. Thus this PCD will be checked when the SEV or TDX to be determined. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80560): https://edk2.groups.io/g/devel/message/80560 Mute This Topic: https://groups.io/mt/84837894/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2026 Red Hat, Inc.