Re: [PATCH v9 04/19] x86: Secure Launch Resource Table header file

From: ross . philipson
Date: Tue Jun 04 2024 - 22:34:45 EST


On 6/4/24 5:22 PM, Jarkko Sakkinen wrote:
On Wed Jun 5, 2024 at 2:00 AM EEST, wrote:
On 6/4/24 3:36 PM, Jarkko Sakkinen wrote:
On Tue Jun 4, 2024 at 11:31 PM EEST, wrote:
On 6/4/24 11:21 AM, Jarkko Sakkinen wrote:
On Fri May 31, 2024 at 4:03 AM EEST, Ross Philipson wrote:
Introduce the Secure Launch Resource Table which forms the formal
interface between the pre and post launch code.

Signed-off-by: Ross Philipson <ross.philipson@xxxxxxxxxx>

If a uarch specific, I'd appreciate Intel SDM reference here so that I
can look it up and compare. Like in section granularity.

This table is meant to not be architecture specific though it can
contain architecture specific sub-entities. E.g. there is a TXT specific
table and in the future there will be an AMD and ARM one (and hopefully
some others). I hope that addresses what you are pointing out or maybe I
don't fully understand what you mean here...

At least Intel SDM has a definition of any possible architecture
specific data structure. It is handy to also have this available
in inline comment for any possible such structure pointing out the
section where it is defined.

The TXT specific structure is not defined in the SDM or the TXT dev
guide. Part of it is driven by requirements in the TXT dev guide but
that guide does not contain implementation details.

That said, if you would like links to relevant documents in the comments
before arch specific structures, I can add them.

Vol. 2D 7-40, in the description of GETSEC[WAKEUP] there is in fact a
description of MLE JOINT structure at least:

1. GDT limit (offset 0)
2. GDT base (offset 4)
3. Segment selector initializer (offset 8)
4. EIP (offset 12)

So is this only exercised in protect mode, and not in long mode? Just
wondering whether I should make a bug report on this for SDM or not.

I believe you can issue the SENTER instruction in long mode, compat mode or protected mode. On the other side thought, you will pop out of the TXT initialization in protected mode. The SDM outlines what registers will hold what values and what is valid and not valid. The APs will also vector through the join structure mentioned above to the location specified in protected mode using the GDT information you provide.


Especially this puzzles me, given that x86s won't have protected
mode in the first place...

My guess is the simplified x86 architecture will not support TXT. It is not supported on a number of CPUs/chipsets as it stands today. Just a guess but we know only vPro systems support TXT today.

Thanks
Ross


BR, Jarkko