Hi Ray,
One comment below.
Mike
> -----Original Message-----
> From: Ni, Ray <ray...@intel.com>
> Sent: Tuesday, March 21, 2023 4:57 PM
> To: devel@edk2.groups.io
> Cc: Kinney, Michael D <michael.d.kin...@intel.com>; Gao, Liming
> <gaolim...@byosoft.com.cn>; Liu, Zhiguang
> <zhiguang....@intel.com>
> Subject: [PATCH 1/6] MdePkg: Add TME-MK related CPUID and MSR definitions
>
> TME (Total Memory Encryption) is the capability to encrypt
> the entirety of physical memory of a system.
> TME-MK (Total Memory Encryption-Multi-Key) builds on TME and adds
> support for multiple encryption keys.
>
> The patch adds some necessary CPUID/MSR definitions for TME-MK.
>
> Signed-off-by: Ray Ni <ray...@intel.com>
> Cc: Michael D Kinney <michael.d.kin...@intel.com>
> Cc: Liming Gao <gaolim...@byosoft.com.cn>
> Cc: Zhiguang Liu <zhiguang....@intel.com>
> ---
> .../Include/Register/Intel/ArchitecturalMsr.h | 106 +++++++++++++++++-
> MdePkg/Include/Register/Intel/Cpuid.h | 9 +-
> 2 files changed, 112 insertions(+), 3 deletions(-)
>
> diff --git a/MdePkg/Include/Register/Intel/ArchitecturalMsr.h
> b/MdePkg/Include/Register/Intel/ArchitecturalMsr.h
> index 071a8c689c..76d80660da 100644
> --- a/MdePkg/Include/Register/Intel/ArchitecturalMsr.h
> +++ b/MdePkg/Include/Register/Intel/ArchitecturalMsr.h
> @@ -6,7 +6,7 @@
> returned is a single 32-bit or 64-bit value, then a data structure is not
>
> provided for that MSR.
>
>
>
> - Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.<BR>
>
> + Copyright (c) 2016 - 2023, Intel Corporation. All rights reserved.<BR>
>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
>
>
> @par Specification Reference:
>
> @@ -5679,6 +5679,110 @@ typedef union {
> **/
>
> #define MSR_IA32_X2APIC_SELF_IPI 0x0000083F
>
>
>
> +/**
>
> + Memory Encryption Activation MSR. If CPUID.07H:ECX.[13] = 1.
>
> +
>
> + @param ECX MSR_IA32_TME_ACTIVATE (0x00000982)
>
> + @param EAX Lower 32-bits of MSR value.
>
> + Described by the type MSR_IA32_TME_ACTIVATE_REGISTER.
>
> + @param EDX Upper 32-bits of MSR value.
>
> + Described by the type MSR_IA32_TME_ACTIVATE_REGISTER.
>
> +
>
> + <b>Example usage</b>
>
> + @code
>
> + MSR_IA32_TME_ACTIVATE_REGISTER Msr;
>
> +
>
> + Msr.Uint64 = AsmReadMsr64 (MSR_IA32_TME_ACTIVATE);
>
> + AsmWriteMsr64 (MSR_IA32_TME_ACTIVATE, Msr.Uint64);
>
> + @endcode
>
> + @note MSR_IA32_TME_ACTIVATE is defined as IA32_TME_ACTIVATE in SDM.
>
> +**/
>
> +#define MSR_IA32_TME_ACTIVATE 0x00000982
>
> +
>
> +/**
>
> + MSR information returned for MSR index #MSR_IA32_TME_ACTIVATE
>
> +**/
>
> +typedef union {
>
> + ///
>
> + /// Individual bit fields
>
> + ///
>
> + struct {
>
> + ///
>
> + /// [Bit 0] Lock R/O: Will be set upon successful WRMSR (or first SMI);
>
> + /// written value ignored..
>
> + ///
>
> + UINT32 Lock : 1;
>
> + ///
>
> + /// [Bit 1] Hardware Encryption Enable: This bit also enables MKTME;
> MKTME
>
> + /// cannot be enabled without enabling encryption hardware.
>
> + ///
>
> + UINT32 TmeEnable : 1;
>
> + ///
>
> + /// [Bit 2] Key Select:
>
> + /// 0: Create a new TME key (expected cold/warm boot).
>
> + /// 1: Restore the TME key from storage (Expected when resume from
> standby).
>
> + ///
>
> + UINT32 KeySelect : 1;
>
> + ///
>
> + /// [Bit 3] Save TME Key for Standby: Save key into storage to be used
> when
>
> + /// resume from standby.
>
> + /// Note: This may not be supported in all processors.
>
> + ///
>
> + UINT32 SaveKeyForStandby : 1;
>
> + ///
>
> + /// [Bit 7:4] TME Policy/Encryption Algorithm: Only algorithms
> enumerated in
>
> + /// IA32_TME_CAPABILITY are allowed.
>
> + /// For example:
>
> + /// 0000 – AES-XTS-128.
>
> + /// 0001 – AES-XTS-128 with integrity.
>
> + /// 0010 – AES-XTS-256.
>
> + /// Other values are invalid.
>
> + ///
>
> + UINT32 TmePolicy : 4;
>
> + UINT32 Reserved : 23;
>
> + ///
>
> + /// [Bit 31] TME Encryption Bypass Enable: When encryption hardware is
> enabled:
>
> + /// * Total Memory Encryption is enabled using a CPU generated ephemeral
> key
>
> + /// based on a hardware random number generator when this bit is set
> to 0.
>
> + /// * Total Memory Encryption is bypassed (no encryption/decryption for
> KeyID0)
>
> + /// when this bit is set to 1.
>
> + /// Software must inspect Hardware Encryption Enable (bit 1) and TME
> encryption
>
> + /// bypass Enable (bit 31) to determine if TME encryption is enabled.
>
> + ///
>
> + UINT32 TmeBypassMode : 1;
>
> + ///
>
> + /// [Bit 35:32] MK_TME_KEYID_BITS: Reserved if MKTME is not enumerated,
> otherwise:
>
> + /// The number of key identifier bits to allocate to MKTME usage.
>
> + /// Similar to enumeration, this is an encoded value.
>
> + /// Writing a value greater than MK_TME_MAX_KEYID_BITS will result in
> #GP.
>
> + /// Writing a non-zero value to this field will #GP if bit 1 of EAX
> (Hardware
>
> + /// Encryption Enable) is not also set to ‘1, as encryption hardware
> must be
>
> + /// enabled to use MKTME.
>
> + /// Example: To support 255 keys, this field would be set to a value of
> 8.
>
> + ///
>
> + UINT32 MkTmeKeyidBits : 4;
>
> + UINT32 Reserved2 : 12;
>
> + ///
>
> + /// [Bit 63:48] MK_TME_CRYPTO_ALGS: Reserved if MKTME is not enumerated,
> otherwise:
>
> + /// Bit 48: AES-XTS 128.
>
> + /// Bit 49: AES-XTS 128 with integrity.
>
> + /// Bit 50: AES-XTS 256.
>
> + /// Bit 63:51: Reserved (#GP)
>
> + /// Bitmask for BIOS to set which encryption algorithms are allowed for
> MKTME, would
>
> + /// be later enforced by the key loading ISA ('1= allowed)
>
> + ///
>
> + UINT32 MkTmeCryptoAlgs : 16;
>
> + } Bits;
>
> + ///
>
> + /// All bit fields as a 32-bit value
>
> + ///
>
> + UINT32 Uint32;
This is the first MSR in these include files that has defined bits in the range
32..63.
This Uint32 union member can only access the lower 32-bits of the MSR.
Should this be changed to Uint32[2]?
>
> + ///
>
> + /// All bit fields as a 64-bit value
>
> + ///
>
> + UINT64 Uint64;
>
> +} MSR_IA32_TME_ACTIVATE_REGISTER;
>
> +
>
> /**
>
> Silicon Debug Feature Control (R/W). If CPUID.01H:ECX.[11] = 1.
>
>
>
> diff --git a/MdePkg/Include/Register/Intel/Cpuid.h
> b/MdePkg/Include/Register/Intel/Cpuid.h
> index 350bf60252..1fb880c85c 100644
> --- a/MdePkg/Include/Register/Intel/Cpuid.h
> +++ b/MdePkg/Include/Register/Intel/Cpuid.h
> @@ -6,7 +6,7 @@
> If a register returned is a single 32-bit value, then a data structure is
>
> not provided for that register.
>
>
>
> - Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.<BR>
>
> + Copyright (c) 2015 - 2023, Intel Corporation. All rights reserved.<BR>
>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
>
>
> @par Specification Reference:
>
> @@ -1490,7 +1490,12 @@ typedef union {
> /// RDPKRU/WRPKRU instructions).
>
> ///
>
> UINT32 OSPKE : 1;
>
> - UINT32 Reserved5 : 9;
>
> + UINT32 Reserved8 : 8;
>
> + ///
>
> + /// [Bit 13] If 1, the following MSRs are supported:
> IA32_TME_CAPABILITY, IA32_TME_ACTIVATE,
>
> + /// IA32_TME_EXCLUDE_MASK, and IA32_TME_EXCLUDE_BASE.
>
> + ///
>
> + UINT32 TME_EN : 1;
>
> ///
>
> /// [Bits 14] AVX512_VPOPCNTDQ. (Intel Xeon Phi only.).
>
> ///
>
> --
> 2.39.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#102135): https://edk2.groups.io/g/devel/message/102135
Mute This Topic: https://groups.io/mt/97767966/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe:
https://edk2.groups.io/g/devel/leave/9847357/21656/1706620634/xyzzy
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
