[edk2-devel] [PATCH V1 3/3] OvmfPkg/TdxDxe: Clear the registers before tdcall

Sun, 25 Feb 2024 21:19:15 -0800 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4696

Refer to the [GHCI] spec, TDVF should clear the BIT5 for RBP in the mask.
And TDVF should clear the regitsers to avoid leaking secrets to VMM.

Reference:
[GHCI]: TDX Guest-Host-Communication Interface v1.5
https://cdrdv2.intel.com/v1/dl/getContent/726792

Cc: Erdem Aktas <erdemak...@google.com>
Cc: James Bottomley <j...@linux.ibm.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Min Xu <min.m...@intel.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: Michael Roth <michael.r...@amd.com>
Cc: Gerd Hoffmann <kra...@redhat.com>
Cc: Erdem Aktas <erdemak...@google.com>
Cc: Isaku Yamahata <isaku.yamah...@intel.com>
Signed-off-by: Ceping Sun <cepingx....@intel.com>
---
 OvmfPkg/TdxDxe/X64/ApRunLoop.nasm | 30 ++++++++++++++++++++++++++----
 1 file changed, 26 insertions(+), 4 deletions(-)

diff --git a/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm 
b/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
index 0bef89c48552..57560015f491 100644
--- a/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
+++ b/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
@@ -20,7 +20,7 @@ SECTION .text
 
 BITS 64
 
-%define TDVMCALL_EXPOSE_REGS_MASK       0xffec
+%define TDVMCALL_EXPOSE_REGS_MASK       0xffcc
 %define TDVMCALL                        0x0
 %define EXIT_REASON_CPUID               0xa
 
@@ -28,6 +28,30 @@ BITS 64
   db  0x66, 0x0f, 0x01, 0xcc
 %endmacro
 
+%macro tdcall_regs_preamble 2
+    mov rax, %1
+
+    xor rcx, rcx
+    mov ecx, %2
+
+    ; R10 = 0 (standard TDVMCALL)
+
+    xor r10d, r10d
+
+    ; Zero out unused (for standard TDVMCALL) registers to avoid leaking
+    ; secrets to the VMM.
+
+    xor esi, esi
+    xor edi, edi
+
+    xor edx, edx
+    xor ebp, ebp
+    xor r8d, r8d
+    xor r9d, r9d
+    xor r14, r14
+    xor r15, r15
+%endmacro
+
 ;
 ; Relocated Ap Mailbox loop
 ;
@@ -40,11 +64,9 @@ global ASM_PFX(AsmRelocateApMailBoxLoop)
 ASM_PFX(AsmRelocateApMailBoxLoop):
 AsmRelocateApMailBoxLoopStart:
 
-    mov         rax, TDVMCALL
-    mov         rcx, TDVMCALL_EXPOSE_REGS_MASK
-    xor         r10, r10
     mov         r11, EXIT_REASON_CPUID
     mov         r12, 0xb
+    tdcall_regs_preamble TDVMCALL, TDVMCALL_EXPOSE_REGS_MASK
     tdcall
     test        r10, r10
     jnz         Panic
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115944): https://edk2.groups.io/g/devel/message/115944
Mute This Topic: https://groups.io/mt/104577524/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to