| ;------------------------------------------------------------------------------ ; | |
| ; Copyright (c) 2021, AMD Inc. All rights reserved.<BR> | |
| ; SPDX-License-Identifier: BSD-2-Clause-Patent | |
| ; | |
| ; Module Name: | |
| ; | |
| ; AmdSev.nasm | |
| ; | |
| ; Abstract: | |
| ; | |
| ; This provides helper used by the MpFunc.nasm. If AMD SEV-ES is active | |
| ; then helpers perform the additional setups (such as GHCB). | |
| ; | |
| ;------------------------------------------------------------------------------- | |
| %define SIZE_4KB 0x1000 | |
| RegisterGhcbGpa: | |
| ; | |
| ; Register GHCB GPA when SEV-SNP is enabled | |
| ; | |
| lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevSnpIsEnabled)] | |
| cmp byte [edi], 1 ; SevSnpIsEnabled | |
| jne RegisterGhcbGpaDone | |
| ; Save the rdi and rsi to used for later comparison | |
| push rdi | |
| push rsi | |
| mov edi, eax | |
| mov esi, edx | |
| or eax, 18 ; Ghcb registration request | |
| wrmsr | |
| rep vmmcall | |
| rdmsr | |
| mov r12, rax | |
| and r12, 0fffh | |
| cmp r12, 19 ; Ghcb registration response | |
| jne GhcbGpaRegisterFailure | |
| ; Verify that GPA is not changed | |
| and eax, 0fffff000h | |
| cmp edi, eax | |
| jne GhcbGpaRegisterFailure | |
| cmp esi, edx | |
| jne GhcbGpaRegisterFailure | |
| pop rsi | |
| pop rdi | |
| jmp RegisterGhcbGpaDone | |
| ; | |
| ; Request the guest termination | |
| ; | |
| GhcbGpaRegisterFailure: | |
| xor edx, edx | |
| mov eax, 256 ; GHCB terminate | |
| wrmsr | |
| rep vmmcall | |
| ; We should not return from the above terminate request, but if we do | |
| ; then enter into the hlt loop. | |
| DoHltLoop: | |
| cli | |
| hlt | |
| jmp DoHltLoop | |
| RegisterGhcbGpaDone: | |
| OneTimeCallRet RegisterGhcbGpa | |
| ; | |
| ; The function checks whether SEV-ES is enabled, if enabled | |
| ; then setup the GHCB page. | |
| ; | |
| SevEsSetupGhcb: | |
| lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevEsIsEnabled)] | |
| cmp byte [edi], 1 ; SevEsIsEnabled | |
| jne SevEsSetupGhcbExit | |
| ; | |
| ; program GHCB | |
| ; Each page after the GHCB is a per-CPU page, so the calculation programs | |
| ; a GHCB to be every 8KB. | |
| ; | |
| mov eax, SIZE_4KB | |
| shl eax, 1 ; EAX = SIZE_4K * 2 | |
| mov ecx, ebx | |
| mul ecx ; EAX = SIZE_4K * 2 * CpuNumber | |
| mov edi, esi | |
| add edi, MP_CPU_EXCHANGE_INFO_FIELD (GhcbBase) | |
| add rax, qword [edi] | |
| mov rdx, rax | |
| shr rdx, 32 | |
| mov rcx, 0xc0010130 | |
| OneTimeCall RegisterGhcbGpa | |
| wrmsr | |
| SevEsSetupGhcbExit: | |
| OneTimeCallRet SevEsSetupGhcb | |
| ; | |
| ; The function checks whether SEV-ES is enabled, if enabled, use | |
| ; the GHCB | |
| ; | |
| SevEsGetApicId: | |
| lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevEsIsEnabled)] | |
| cmp byte [edi], 1 ; SevEsIsEnabled | |
| jne SevEsGetApicIdExit | |
| ; | |
| ; Since we don't have a stack yet, we can't take a #VC | |
| ; exception. Use the GHCB protocol to perform the CPUID | |
| ; calls. | |
| ; | |
| mov rcx, 0xc0010130 | |
| rdmsr | |
| shl rdx, 32 | |
| or rax, rdx | |
| mov rdi, rax ; RDI now holds the original GHCB GPA | |
| ; | |
| ; For SEV-SNP, the recommended handling for getting the x2APIC ID | |
| ; would be to use the SNP CPUID table to fetch CPUID.00H:EAX and | |
| ; CPUID:0BH:EBX[15:0] instead of the GHCB MSR protocol vmgexits | |
| ; below. | |
| ; | |
| ; To avoid the unecessary ugliness to accomplish that here, the BSP | |
| ; has performed these checks in advance (where #VC handler handles | |
| ; the CPUID table lookups automatically) and cached them in a flag | |
| ; so those checks can be skipped here. | |
| ; | |
| mov eax, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevSnpIsEnabled)] | |
| cmp al, 1 | |
| jne CheckExtTopoAvail | |
| ; | |
| ; Even with SEV-SNP, the actual x2APIC ID in CPUID.0BH:EDX | |
| ; fetched from the hypervisor the same way SEV-ES does it. | |
| ; | |
| mov eax, [esi + MP_CPU_EXCHANGE_INFO_FIELD (ExtTopoAvail)] | |
| cmp al, 1 | |
| je GetApicIdSevEs | |
| ; The 8-bit APIC ID fallback is also the same as with SEV-ES | |
| jmp NoX2ApicSevEs | |
| CheckExtTopoAvail: | |
| mov rdx, 0 ; CPUID function 0 | |
| mov rax, 0 ; RAX register requested | |
| or rax, 4 | |
| wrmsr | |
| rep vmmcall | |
| rdmsr | |
| cmp edx, 0bh | |
| jb NoX2ApicSevEs ; CPUID level below CPUID_EXTENDED_TOPOLOGY | |
| mov rdx, 0bh ; CPUID function 0x0b | |
| mov rax, 040000000h ; RBX register requested | |
| or rax, 4 | |
| wrmsr | |
| rep vmmcall | |
| rdmsr | |
| test edx, 0ffffh | |
| jz NoX2ApicSevEs ; CPUID.0BH:EBX[15:0] is zero | |
| GetApicIdSevEs: | |
| mov rdx, 0bh ; CPUID function 0x0b | |
| mov rax, 0c0000000h ; RDX register requested | |
| or rax, 4 | |
| wrmsr | |
| rep vmmcall | |
| rdmsr | |
| ; Processor is x2APIC capable; 32-bit x2APIC ID is now in EDX | |
| jmp RestoreGhcb | |
| NoX2ApicSevEs: | |
| ; Processor is not x2APIC capable, so get 8-bit APIC ID | |
| mov rdx, 1 ; CPUID function 1 | |
| mov rax, 040000000h ; RBX register requested | |
| or rax, 4 | |
| wrmsr | |
| rep vmmcall | |
| rdmsr | |
| shr edx, 24 | |
| RestoreGhcb: | |
| mov rbx, rdx ; Save x2APIC/APIC ID | |
| mov rdx, rdi ; RDI holds the saved GHCB GPA | |
| shr rdx, 32 | |
| mov eax, edi | |
| wrmsr | |
| mov rdx, rbx | |
| ; x2APIC ID or APIC ID is in EDX | |
| jmp GetProcessorNumber | |
| SevEsGetApicIdExit: | |
| OneTimeCallRet SevEsGetApicId | |
| ;------------------------------------------------------------------------------------- | |
| ;SwitchToRealProc procedure follows. | |
| ;ALSO THIS PROCEDURE IS EXECUTED BY APs TRANSITIONING TO 16 BIT MODE. HENCE THIS PROC | |
| ;IS IN MACHINE CODE. | |
| ; SwitchToRealProc (UINTN BufferStart, UINT16 Code16, UINT16 Code32, UINTN StackStart) | |
| ; rcx - Buffer Start | |
| ; rdx - Code16 Selector Offset | |
| ; r8 - Code32 Selector Offset | |
| ; r9 - Stack Start | |
| ;------------------------------------------------------------------------------------- | |
| SwitchToRealProcStart: | |
| BITS 64 | |
| cli | |
| ; | |
| ; Get RDX reset value before changing stacks since the | |
| ; new stack won't be able to accomodate a #VC exception. | |
| ; | |
| push rax | |
| push rbx | |
| push rcx | |
| push rdx | |
| mov rax, 1 | |
| cpuid | |
| mov rsi, rax ; Save off the reset value for RDX | |
| pop rdx | |
| pop rcx | |
| pop rbx | |
| pop rax | |
| ; | |
| ; Establish stack below 1MB | |
| ; | |
| mov rsp, r9 | |
| ; | |
| ; Push ultimate Reset Vector onto the stack | |
| ; | |
| mov rax, rcx | |
| shr rax, 4 | |
| push word 0x0002 ; RFLAGS | |
| push ax ; CS | |
| push word 0x0000 ; RIP | |
| push word 0x0000 ; For alignment, will be discarded | |
| ; | |
| ; Get address of "16-bit operand size" label | |
| ; | |
| lea rbx, [PM16Mode] | |
| ; | |
| ; Push addresses used to change to compatibility mode | |
| ; | |
| lea rax, [CompatMode] | |
| push r8 | |
| push rax | |
| ; | |
| ; Clear R8 - R15, for reset, before going into 32-bit mode | |
| ; | |
| xor r8, r8 | |
| xor r9, r9 | |
| xor r10, r10 | |
| xor r11, r11 | |
| xor r12, r12 | |
| xor r13, r13 | |
| xor r14, r14 | |
| xor r15, r15 | |
| ; | |
| ; Far return into 32-bit mode | |
| ; | |
| retfq | |
| BITS 32 | |
| CompatMode: | |
| ; | |
| ; Set up stack to prepare for exiting protected mode | |
| ; | |
| push edx ; Code16 CS | |
| push ebx ; PM16Mode label address | |
| ; | |
| ; Disable paging | |
| ; | |
| mov eax, cr0 ; Read CR0 | |
| btr eax, 31 ; Set PG=0 | |
| mov cr0, eax ; Write CR0 | |
| ; | |
| ; Disable long mode | |
| ; | |
| mov ecx, 0c0000080h ; EFER MSR number | |
| rdmsr ; Read EFER | |
| btr eax, 8 ; Set LME=0 | |
| wrmsr ; Write EFER | |
| ; | |
| ; Disable PAE | |
| ; | |
| mov eax, cr4 ; Read CR4 | |
| btr eax, 5 ; Set PAE=0 | |
| mov cr4, eax ; Write CR4 | |
| mov edx, esi ; Restore RDX reset value | |
| ; | |
| ; Switch to 16-bit operand size | |
| ; | |
| retf | |
| BITS 16 | |
| ; | |
| ; At entry to this label | |
| ; - RDX will have its reset value | |
| ; - On the top of the stack | |
| ; - Alignment data (two bytes) to be discarded | |
| ; - IP for Real Mode (two bytes) | |
| ; - CS for Real Mode (two bytes) | |
| ; | |
| ; This label is also used with AsmRelocateApLoop. During MP finalization, | |
| ; the code from PM16Mode to SwitchToRealProcEnd is copied to the start of | |
| ; the WakeupBuffer, allowing a parked AP to be booted by an OS. | |
| ; | |
| PM16Mode: | |
| mov eax, cr0 ; Read CR0 | |
| btr eax, 0 ; Set PE=0 | |
| mov cr0, eax ; Write CR0 | |
| pop ax ; Discard alignment data | |
| ; | |
| ; Clear registers (except RDX and RSP) before going into 16-bit mode | |
| ; | |
| xor eax, eax | |
| xor ebx, ebx | |
| xor ecx, ecx | |
| xor esi, esi | |
| xor edi, edi | |
| xor ebp, ebp | |
| iret | |
| SwitchToRealProcEnd: | |
| ;------------------------------------------------------------------------------------- | |
| ; AsmRelocateApLoopAmdSev (MwaitSupport, ApTargetCState, PmCodeSegment, TopOfApStack, CountTofinish, Pm16CodeSegment, SevEsAPJumpTable, WakeupBuffer); | |
| ;------------------------------------------------------------------------------------- | |
| AsmRelocateApLoopAmdSevStart: | |
| BITS 64 | |
| cmp qword [rsp + 56], 0 ; SevEsAPJumpTable | |
| je NoSevEsAmdSev | |
| ; | |
| ; Perform some SEV-ES related setup before leaving 64-bit mode | |
| ; | |
| push rcx | |
| push rdx | |
| ; | |
| ; Get the RDX reset value using CPUID | |
| ; | |
| mov rax, 1 | |
| cpuid | |
| mov rsi, rax ; Save off the reset value for RDX | |
| ; | |
| ; Prepare the GHCB for the AP_HLT_LOOP VMGEXIT call | |
| ; - Must be done while in 64-bit long mode so that writes to | |
| ; the GHCB memory will be unencrypted. | |
| ; - No NAE events can be generated once this is set otherwise | |
| ; the AP_RESET_HOLD SW_EXITCODE will be overwritten. | |
| ; | |
| mov rcx, 0xc0010130 | |
| rdmsr ; Retrieve current GHCB address | |
| shl rdx, 32 | |
| or rdx, rax | |
| mov rdi, rdx | |
| xor rax, rax | |
| mov rcx, 0x800 | |
| shr rcx, 3 | |
| rep stosq ; Clear the GHCB | |
| mov rax, 0x80000004 ; VMGEXIT AP_RESET_HOLD | |
| mov [rdx + 0x390], rax | |
| mov rax, 114 ; Set SwExitCode valid bit | |
| bts [rdx + 0x3f0], rax | |
| inc rax ; Set SwExitInfo1 valid bit | |
| bts [rdx + 0x3f0], rax | |
| inc rax ; Set SwExitInfo2 valid bit | |
| bts [rdx + 0x3f0], rax | |
| pop rdx | |
| pop rcx | |
| NoSevEsAmdSev: | |
| cli ; Disable interrupt before switching to 32-bit mode | |
| mov rax, [rsp + 40] ; CountTofinish | |
| lock dec dword [rax] ; (*CountTofinish)-- | |
| mov r10, [rsp + 48] ; Pm16CodeSegment | |
| mov rax, [rsp + 56] ; SevEsAPJumpTable | |
| mov rbx, [rsp + 64] ; WakeupBuffer | |
| mov rsp, r9 ; TopOfApStack | |
| push rax ; Save SevEsAPJumpTable | |
| push rbx ; Save WakeupBuffer | |
| push r10 ; Save Pm16CodeSegment | |
| push rcx ; Save MwaitSupport | |
| push rdx ; Save ApTargetCState | |
| lea rax, [PmEntryAmdSev] ; rax <- The start address of transition code | |
| push r8 | |
| push rax | |
| ; | |
| ; Clear R8 - R15, for reset, before going into 32-bit mode | |
| ; | |
| xor r8, r8 | |
| xor r9, r9 | |
| xor r10, r10 | |
| xor r11, r11 | |
| xor r12, r12 | |
| xor r13, r13 | |
| xor r14, r14 | |
| xor r15, r15 | |
| ; | |
| ; Far return into 32-bit mode | |
| ; | |
| o64 retf | |
| BITS 32 | |
| PmEntryAmdSev: | |
| mov eax, cr0 | |
| btr eax, 31 ; Clear CR0.PG | |
| mov cr0, eax ; Disable paging and caches | |
| mov ecx, 0xc0000080 | |
| rdmsr | |
| and ah, ~ 1 ; Clear LME | |
| wrmsr | |
| mov eax, cr4 | |
| and al, ~ (1 << 5) ; Clear PAE | |
| mov cr4, eax | |
| pop edx | |
| add esp, 4 | |
| pop ecx, | |
| add esp, 4 | |
| MwaitCheckAmdSev: | |
| cmp cl, 1 ; Check mwait-monitor support | |
| jnz HltLoopAmdSev | |
| mov ebx, edx ; Save C-State to ebx | |
| MwaitLoopAmdSev: | |
| cli | |
| mov eax, esp ; Set Monitor Address | |
| xor ecx, ecx ; ecx = 0 | |
| xor edx, edx ; edx = 0 | |
| monitor | |
| mov eax, ebx ; Mwait Cx, Target C-State per eax[7:4] | |
| shl eax, 4 | |
| mwait | |
| jmp MwaitLoopAmdSev | |
| HltLoopAmdSev: | |
| pop edx ; PM16CodeSegment | |
| add esp, 4 | |
| pop ebx ; WakeupBuffer | |
| add esp, 4 | |
| pop eax ; SevEsAPJumpTable | |
| add esp, 4 | |
| cmp eax, 0 ; Check for SEV-ES | |
| je DoHltAmdSev | |
| cli | |
| ; | |
| ; SEV-ES is enabled, use VMGEXIT (GHCB information already | |
| ; set by caller) | |
| ; | |
| BITS 64 | |
| rep vmmcall | |
| BITS 32 | |
| ; | |
| ; Back from VMGEXIT AP_HLT_LOOP | |
| ; Push the FLAGS/CS/IP values to use | |
| ; | |
| push word 0x0002 ; EFLAGS | |
| xor ecx, ecx | |
| mov cx, [eax + 2] ; CS | |
| push cx | |
| mov cx, [eax] ; IP | |
| push cx | |
| push word 0x0000 ; For alignment, will be discarded | |
| push edx | |
| push ebx | |
| mov edx, esi ; Restore RDX reset value | |
| retf | |
| DoHltAmdSev: | |
| cli | |
| hlt | |
| jmp DoHltAmdSev | |
| BITS 64 | |
| AsmRelocateApLoopAmdSevEnd: |