]>
Commit | Line | Data |
---|---|---|
1 | /** @file\r | |
2 | STM API definition\r | |
3 | \r | |
4 | Copyright (c) 2015 - 2019, Intel Corporation. All rights reserved.<BR>\r | |
5 | SPDX-License-Identifier: BSD-2-Clause-Patent\r | |
6 | \r | |
7 | @par Specification Reference:\r | |
8 | SMI Transfer Monitor (STM) User Guide Revision 1.00\r | |
9 | \r | |
10 | **/\r | |
11 | \r | |
12 | #ifndef _INTEL_STM_API_H_\r | |
13 | #define _INTEL_STM_API_H_\r | |
14 | \r | |
15 | #include <Register/Intel/StmStatusCode.h>\r | |
16 | #include <Register/Intel/StmResourceDescriptor.h>\r | |
17 | #include <Register/Intel/ArchitecturalMsr.h>\r | |
18 | \r | |
19 | #pragma pack (1)\r | |
20 | \r | |
21 | /**\r | |
22 | STM Header Structures\r | |
23 | **/\r | |
24 | \r | |
25 | typedef struct {\r | |
26 | UINT32 Intel64ModeSupported : 1; /// > bitfield\r | |
27 | UINT32 EptSupported : 1; /// > bitfield\r | |
28 | UINT32 Reserved : 30; /// > must be 0\r | |
29 | } STM_FEAT;\r | |
30 | \r | |
31 | #define STM_SPEC_VERSION_MAJOR 1\r | |
32 | #define STM_SPEC_VERSION_MINOR 0\r | |
33 | \r | |
34 | typedef struct {\r | |
35 | UINT8 StmSpecVerMajor;\r | |
36 | UINT8 StmSpecVerMinor;\r | |
37 | ///\r | |
38 | /// Must be zero\r | |
39 | ///\r | |
40 | UINT16 Reserved;\r | |
41 | UINT32 StaticImageSize;\r | |
42 | UINT32 PerProcDynamicMemorySize;\r | |
43 | UINT32 AdditionalDynamicMemorySize;\r | |
44 | STM_FEAT StmFeatures;\r | |
45 | UINT32 NumberOfRevIDs;\r | |
46 | UINT32 StmSmmRevID[1];\r | |
47 | ///\r | |
48 | /// The total STM_HEADER should be 4K.\r | |
49 | ///\r | |
50 | } SOFTWARE_STM_HEADER;\r | |
51 | \r | |
52 | typedef struct {\r | |
53 | MSEG_HEADER HwStmHdr;\r | |
54 | SOFTWARE_STM_HEADER SwStmHdr;\r | |
55 | } STM_HEADER;\r | |
56 | \r | |
57 | /**\r | |
58 | VMCALL API Numbers\r | |
59 | API number convention: BIOS facing VMCALL interfaces have bit 16 clear\r | |
60 | **/\r | |
61 | \r | |
62 | /**\r | |
63 | StmMapAddressRange enables a SMM guest to create a non-1:1 virtual to\r | |
64 | physical mapping of an address range into the SMM guest's virtual\r | |
65 | memory space.\r | |
66 | \r | |
67 | @param EAX #STM_API_MAP_ADDRESS_RANGE (0x00000001)\r | |
68 | @param EBX Low 32 bits of physical address of caller allocated\r | |
69 | STM_MAP_ADDRESS_RANGE_DESCRIPTOR structure.\r | |
70 | @param ECX High 32 bits of physical address of caller allocated\r | |
71 | STM_MAP_ADDRESS_RANGE_DESCRIPTOR structure. If Intel64Mode is\r | |
72 | clear (0), ECX must be 0.\r | |
73 | \r | |
74 | @note All fields of STM_MAP_ADDRESS_RANGE_DESCRIPTOR are inputs only. They\r | |
75 | are not modified by StmMapAddressRange.\r | |
76 | \r | |
77 | @retval CF 0\r | |
78 | No error, EAX set to STM_SUCCESS.\r | |
79 | The memory range was mapped as requested.\r | |
80 | @retval CF 1\r | |
81 | An error occurred, EAX holds relevant error value.\r | |
82 | @retval EAX #ERROR_STM_SECURITY_VIOLATION\r | |
83 | The requested mapping contains a protected resource.\r | |
84 | @retval EAX #ERROR_STM_CACHE_TYPE_NOT_SUPPORTED\r | |
85 | The requested cache type could not be satisfied.\r | |
86 | @retval EAX #ERROR_STM_PAGE_NOT_FOUND\r | |
87 | Page count must not be zero.\r | |
88 | @retval EAX #ERROR_STM_FUNCTION_NOT_SUPPORTED\r | |
89 | STM supports EPT and has not implemented StmMapAddressRange().\r | |
90 | @retval EAX #ERROR_STM_UNSPECIFIED\r | |
91 | An unspecified error occurred.\r | |
92 | \r | |
93 | @note All other registers unmodified.\r | |
94 | **/\r | |
95 | #define STM_API_MAP_ADDRESS_RANGE 0x00000001\r | |
96 | \r | |
97 | /**\r | |
98 | STM Map Address Range Descriptor for #STM_API_MAP_ADDRESS_RANGE VMCALL\r | |
99 | **/\r | |
100 | typedef struct {\r | |
101 | UINT64 PhysicalAddress;\r | |
102 | UINT64 VirtualAddress;\r | |
103 | UINT32 PageCount;\r | |
104 | UINT32 PatCacheType;\r | |
105 | } STM_MAP_ADDRESS_RANGE_DESCRIPTOR;\r | |
106 | \r | |
107 | /**\r | |
108 | Define values for PatCacheType field of #STM_MAP_ADDRESS_RANGE_DESCRIPTOR\r | |
109 | @{\r | |
110 | **/\r | |
111 | #define STM_MAP_ADDRESS_RANGE_PAT_CACHE_TYPE_ST_UC 0x00\r | |
112 | #define STM_MAP_ADDRESS_RANGE_PAT_CACHE_TYPE_WC 0x01\r | |
113 | #define STM_MAP_ADDRESS_RANGE_PAT_CACHE_TYPE_WT 0x04\r | |
114 | #define STM_MAP_ADDRESS_RANGE_PAT_CACHE_TYPE_WP 0x05\r | |
115 | #define STM_MAP_ADDRESS_RANGE_PAT_CACHE_TYPE_WB 0x06\r | |
116 | #define STM_MAP_ADDRESS_RANGE_PAT_CACHE_TYPE_UC 0x07\r | |
117 | #define STM_MAP_ADDRESS_RANGE_PAT_CACHE_TYPE_FOLLOW_MTRR 0xFFFFFFFF\r | |
118 | /// @}\r | |
119 | \r | |
120 | /**\r | |
121 | StmUnmapAddressRange enables a SMM guest to remove mappings from its page\r | |
122 | table.\r | |
123 | \r | |
124 | If TXT_PROCESSOR_SMM_DESCRIPTOR.EptEnabled bit is set by the STM, BIOS can\r | |
125 | control its own page tables. In this case, the STM implementation may\r | |
126 | optionally return ERROR_STM_FUNCTION_NOT_SUPPORTED.\r | |
127 | \r | |
128 | @param EAX #STM_API_UNMAP_ADDRESS_RANGE (0x00000002)\r | |
129 | @param EBX Low 32 bits of virtual address of caller allocated\r | |
130 | STM_UNMAP_ADDRESS_RANGE_DESCRIPTOR structure.\r | |
131 | @param ECX High 32 bits of virtual address of caller allocated\r | |
132 | STM_UNMAP_ADDRESS_RANGE_DESCRIPTOR structure. If Intel64Mode is\r | |
133 | clear (0), ECX must be zero.\r | |
134 | \r | |
135 | @retval CF 0\r | |
136 | No error, EAX set to STM_SUCCESS. The memory range was unmapped\r | |
137 | as requested.\r | |
138 | @retval CF 1\r | |
139 | An error occurred, EAX holds relevant error value.\r | |
140 | @retval EAX #ERROR_STM_FUNCTION_NOT_SUPPORTED\r | |
141 | STM supports EPT and has not implemented StmUnmapAddressRange().\r | |
142 | @retval EAX #ERROR_STM_UNSPECIFIED\r | |
143 | An unspecified error occurred.\r | |
144 | \r | |
145 | @note All other registers unmodified.\r | |
146 | **/\r | |
147 | #define STM_API_UNMAP_ADDRESS_RANGE 0x00000002\r | |
148 | \r | |
149 | /**\r | |
150 | STM Unmap Address Range Descriptor for #STM_API_UNMAP_ADDRESS_RANGE VMCALL\r | |
151 | **/\r | |
152 | typedef struct {\r | |
153 | UINT64 VirtualAddress;\r | |
154 | UINT32 Length;\r | |
155 | } STM_UNMAP_ADDRESS_RANGE_DESCRIPTOR;\r | |
156 | \r | |
157 | /**\r | |
158 | Since the normal OS environment runs with a different set of page tables than\r | |
159 | the SMM guest, virtual mappings will certainly be different. In order to do a\r | |
160 | guest virtual to host physical translation of an address from the normal OS\r | |
161 | code (EIP for example), it is necessary to walk the page tables governing the\r | |
162 | OS page mappings. Since the SMM guest has no direct access to the page tables,\r | |
163 | it must ask the STM to do this page table walk. This is supported via the\r | |
164 | StmAddressLookup VMCALL. All OS page table formats need to be supported,\r | |
165 | (e.g. PAE, PSE, Intel64, EPT, etc.)\r | |
166 | \r | |
167 | StmAddressLookup takes a CR3 value and a virtual address from the interrupted\r | |
168 | code as input and returns the corresponding physical address. It also\r | |
169 | optionally maps the physical address into the SMM guest's virtual address\r | |
170 | space. This new mapping persists ONLY for the duration of the SMI and if\r | |
171 | needed in subsequent SMIs it must be remapped. PAT cache types follow the\r | |
172 | interrupted environment's page table.\r | |
173 | \r | |
174 | If EPT is enabled, OS CR3 only provides guest physical address information,\r | |
175 | but the SMM guest might also need to know the host physical address. Since\r | |
176 | SMM does not have direct access rights to EPT (it is protected by the STM),\r | |
177 | SMM can input InterruptedEptp to let STM help to walk through it, and output\r | |
178 | the host physical address.\r | |
179 | \r | |
180 | @param EAX #STM_API_ADDRESS_LOOKUP (0x00000003)\r | |
181 | @param EBX Low 32 bits of virtual address of caller allocated\r | |
182 | STM_ADDRESS_LOOKUP_DESCRIPTOR structure.\r | |
183 | @param ECX High 32 bits of virtual address of caller allocated\r | |
184 | STM_ADDRESS_LOOKUP_DESCRIPTOR structure. If Intel64Mode is\r | |
185 | clear (0), ECX must be zero.\r | |
186 | \r | |
187 | @retval CF 0\r | |
188 | No error, EAX set to STM_SUCCESS. PhysicalAddress contains the\r | |
189 | host physical address determined by walking the interrupted SMM\r | |
190 | guest's page tables. SmmGuestVirtualAddress contains the SMM\r | |
191 | guest's virtual mapping of the requested address.\r | |
192 | @retval CF 1\r | |
193 | An error occurred, EAX holds relevant error value.\r | |
194 | @retval EAX #ERROR_STM_SECURITY_VIOLATION\r | |
195 | The requested page was a protected page.\r | |
196 | @retval EAX #ERROR_STM_PAGE_NOT_FOUND\r | |
197 | The requested virtual address did not exist in the page given\r | |
198 | page table.\r | |
199 | @retval EAX #ERROR_STM_BAD_CR3\r | |
200 | The CR3 input was invalid. CR3 values must be from one of the\r | |
201 | interrupted guest, or from the interrupted guest of another\r | |
202 | processor.\r | |
203 | @retval EAX #ERROR_STM_PHYSICAL_OVER_4G\r | |
204 | The resulting physical address is greater than 4G and no virtual\r | |
205 | address was supplied. The STM could not determine what address\r | |
206 | within the SMM guest's virtual address space to do the mapping.\r | |
207 | STM_ADDRESS_LOOKUP_DESCRIPTOR field PhysicalAddress contains the\r | |
208 | physical address determined by walking the interrupted\r | |
209 | environment's page tables.\r | |
210 | @retval EAX #ERROR_STM_VIRTUAL_SPACE_TOO_SMALL\r | |
211 | A specific virtual mapping was requested, but\r | |
212 | SmmGuestVirtualAddress + Length exceeds 4G and the SMI handler\r | |
213 | is running in 32 bit mode.\r | |
214 | @retval EAX #ERROR_STM_UNSPECIFIED\r | |
215 | An unspecified error occurred.\r | |
216 | \r | |
217 | @note All other registers unmodified.\r | |
218 | **/\r | |
219 | #define STM_API_ADDRESS_LOOKUP 0x00000003\r | |
220 | \r | |
221 | /**\r | |
222 | STM Lookup Address Range Descriptor for #STM_API_ADDRESS_LOOKUP VMCALL\r | |
223 | **/\r | |
224 | typedef struct {\r | |
225 | UINT64 InterruptedGuestVirtualAddress;\r | |
226 | UINT32 Length;\r | |
227 | UINT64 InterruptedCr3;\r | |
228 | UINT64 InterruptedEptp;\r | |
229 | UINT32 MapToSmmGuest : 2;\r | |
230 | UINT32 InterruptedCr4Pae : 1;\r | |
231 | UINT32 InterruptedCr4Pse : 1;\r | |
232 | UINT32 InterruptedIa32eMode : 1;\r | |
233 | UINT32 Reserved1 : 27;\r | |
234 | UINT32 Reserved2;\r | |
235 | UINT64 PhysicalAddress;\r | |
236 | UINT64 SmmGuestVirtualAddress;\r | |
237 | } STM_ADDRESS_LOOKUP_DESCRIPTOR;\r | |
238 | \r | |
239 | /**\r | |
240 | Define values for the MapToSmmGuest field of #STM_ADDRESS_LOOKUP_DESCRIPTOR\r | |
241 | @{\r | |
242 | **/\r | |
243 | #define STM_ADDRESS_LOOKUP_DESCRIPTOR_DO_NOT_MAP 0\r | |
244 | #define STM_ADDRESS_LOOKUP_DESCRIPTOR_ONE_TO_ONE 1\r | |
245 | #define STM_ADDRESS_LOOKUP_DESCRIPTOR_VIRTUAL_ADDRESS_SPECIFIED 3\r | |
246 | /// @}\r | |
247 | \r | |
248 | /**\r | |
249 | When returning from a protection exception (see section 6.2), the SMM guest\r | |
250 | can instruct the STM to take one of two paths. It can either request a value\r | |
251 | be logged to the TXT.ERRORCODE register and subsequently reset the machine\r | |
252 | (indicating it couldn't resolve the problem), or it can request that the STM\r | |
253 | resume the SMM guest again with the specified register state.\r | |
254 | \r | |
255 | Unlike other VMCALL interfaces, StmReturnFromProtectionException behaves more\r | |
256 | like a jump or an IRET instruction than a "call". It does not return directly\r | |
257 | to the caller, but indirectly to a different location specified on the\r | |
258 | caller's stack (see section 6.2) or not at all.\r | |
259 | \r | |
260 | If the SMM guest STM protection exception handler itself causes a protection\r | |
261 | exception (e.g. a single nested exception), or more than 100 un-nested\r | |
262 | exceptions occur within the scope of a single SMI event, the STM must write\r | |
263 | STM_CRASH_PROTECTION_EXCEPTION_FAILURE to the TXT.ERRORCODE register and\r | |
264 | assert TXT.CMD.SYS_RESET. The reason for these restrictions is to simplify\r | |
265 | the code requirements while still enabling a reasonable debugging capability.\r | |
266 | \r | |
267 | @param EAX #STM_API_RETURN_FROM_PROTECTION_EXCEPTION (0x00000004)\r | |
268 | @param EBX If 0, resume SMM guest using register state found on exception\r | |
269 | stack. If in range 0x01..0x0F, EBX contains a BIOS error code\r | |
270 | which the STM must record in the TXT.ERRORCODE register and\r | |
271 | subsequently reset the system via TXT.CMD.SYS_RESET. The value\r | |
272 | of the TXT.ERRORCODE register is calculated as follows:\r | |
273 | \r | |
274 | TXT.ERRORCODE = (EBX & 0x0F) | STM_CRASH_BIOS_PANIC\r | |
275 | \r | |
276 | Values 0x10..0xFFFFFFFF are reserved, do not use.\r | |
277 | \r | |
278 | **/\r | |
279 | #define STM_API_RETURN_FROM_PROTECTION_EXCEPTION 0x00000004\r | |
280 | \r | |
281 | /**\r | |
282 | VMCALL API Numbers\r | |
283 | API number convention: MLE facing VMCALL interfaces have bit 16 set.\r | |
284 | \r | |
285 | The STM configuration lifecycle is as follows:\r | |
286 | 1. SENTER->SINIT->MLE: MLE begins execution with SMI disabled (masked).\r | |
287 | 2. MLE invokes #STM_API_INITIALIZE_PROTECTION VMCALL to prepare STM for\r | |
288 | setup of initial protection profile. This is done on a single CPU and\r | |
289 | has global effect.\r | |
290 | 3. MLE invokes #STM_API_PROTECT_RESOURCE VMCALL to define the initial\r | |
291 | protection profile. The protection profile is global across all CPUs.\r | |
292 | 4. MLE invokes #STM_API_START VMCALL to enable the STM to begin receiving\r | |
293 | SMI events. This must be done on every logical CPU.\r | |
294 | 5. MLE may invoke #STM_API_PROTECT_RESOURCE VMCALL or\r | |
295 | #STM_API_UNPROTECT_RESOURCE VMCALL during runtime as many times as\r | |
296 | necessary.\r | |
297 | 6. MLE invokes #STM_API_STOP VMCALL to disable the STM. SMI is again masked\r | |
298 | following #STM_API_STOP VMCALL.\r | |
299 | **/\r | |
300 | \r | |
301 | /**\r | |
302 | StartStmVmcall() is used to configure an STM that is present in MSEG. SMIs\r | |
303 | should remain disabled from the invocation of GETSEC[SENTER] until they are\r | |
304 | re-enabled by StartStmVMCALL(). When StartStmVMCALL() returns, SMI is\r | |
305 | enabled and the STM has been started and is active. Prior to invoking\r | |
306 | StartStmVMCALL(), the MLE root should first invoke\r | |
307 | InitializeProtectionVMCALL() followed by as many iterations of\r | |
308 | ProtectResourceVMCALL() as necessary to establish the initial protection\r | |
309 | profile. StartStmVmcall() must be invoked on all processor threads.\r | |
310 | \r | |
311 | @param EAX #STM_API_START (0x00010001)\r | |
312 | @param EDX STM configuration options. These provide the MLE with the\r | |
313 | ability to pass configuration parameters to the STM.\r | |
314 | \r | |
315 | @retval CF 0\r | |
316 | No error, EAX set to STM_SUCCESS. The STM has been configured\r | |
317 | and is now active and the guarding all requested resources.\r | |
318 | @retval CF 1\r | |
319 | An error occurred, EAX holds relevant error value.\r | |
320 | @retval EAX #ERROR_STM_ALREADY_STARTED\r | |
321 | The STM is already configured and active. STM remains active and\r | |
322 | guarding previously enabled resource list.\r | |
323 | @retval EAX #ERROR_STM_WITHOUT_SMX_UNSUPPORTED\r | |
324 | The StartStmVMCALL() was invoked from VMX root mode, but outside\r | |
325 | of SMX. This error code indicates the STM or platform does not\r | |
326 | support the STM outside of SMX. The SMI handler remains active\r | |
327 | and operates in legacy mode. See Appendix C\r | |
328 | @retval EAX #ERROR_STM_UNSUPPORTED_MSR_BIT\r | |
329 | The CPU doesn't support the MSR bit. The STM is not active.\r | |
330 | @retval EAX #ERROR_STM_UNSPECIFIED\r | |
331 | An unspecified error occurred.\r | |
332 | \r | |
333 | @note All other registers unmodified.\r | |
334 | **/\r | |
335 | #define STM_API_START (BIT16 | 1)\r | |
336 | \r | |
337 | /**\r | |
338 | Bit values for EDX input parameter to #STM_API_START VMCALL\r | |
339 | @{\r | |
340 | **/\r | |
341 | #define STM_CONFIG_SMI_UNBLOCKING_BY_VMX_OFF BIT0\r | |
342 | /// @}\r | |
343 | \r | |
344 | /**\r | |
345 | The StopStmVMCALL() is invoked by the MLE to teardown an active STM. This is\r | |
346 | normally done as part of a full teardown of the SMX environment when the\r | |
347 | system is being shut down. At the time the call is invoked, SMI is enabled\r | |
348 | and the STM is active. When the call returns, the STM has been stopped and\r | |
349 | all STM context is discarded and SMI is disabled.\r | |
350 | \r | |
351 | @param EAX #STM_API_STOP (0x00010002)\r | |
352 | \r | |
353 | @retval CF 0\r | |
354 | No error, EAX set to STM_SUCCESS. The STM has been stopped and\r | |
355 | is no longer processing SMI events. SMI is blocked.\r | |
356 | @retval CF 1\r | |
357 | An error occurred, EAX holds relevant error value.\r | |
358 | @retval EAX #ERROR_STM_STOPPED\r | |
359 | The STM was not active.\r | |
360 | @retval EAX #ERROR_STM_UNSPECIFIED\r | |
361 | An unspecified error occurred.\r | |
362 | \r | |
363 | @note All other registers unmodified.\r | |
364 | **/\r | |
365 | #define STM_API_STOP (BIT16 | 2)\r | |
366 | \r | |
367 | /**\r | |
368 | The ProtectResourceVMCALL() is invoked by the MLE root to request protection\r | |
369 | of specific resources. The request is defined by a STM_RESOURCE_LIST, which\r | |
370 | may contain more than one resource descriptor. Each resource descriptor is\r | |
371 | processed separately by the STM. Whether or not protection for any specific\r | |
372 | resource is granted is returned by the STM via the ReturnStatus bit in the\r | |
373 | associated STM_RSC_DESC_HEADER.\r | |
374 | \r | |
375 | @param EAX #STM_API_PROTECT_RESOURCE (0x00010003)\r | |
376 | @param EBX Low 32 bits of physical address of caller allocated\r | |
377 | STM_RESOURCE_LIST. Bits 11:0 are ignored and assumed to be zero,\r | |
378 | making the buffer 4K aligned.\r | |
379 | @param ECX High 32 bits of physical address of caller allocated\r | |
380 | STM_RESOURCE_LIST.\r | |
381 | \r | |
382 | @note All fields of STM_RESOURCE_LIST are inputs only, except for the\r | |
383 | ReturnStatus bit. On input, the ReturnStatus bit must be clear. On\r | |
384 | return, the ReturnStatus bit is set for each resource request granted,\r | |
385 | and clear for each resource request denied. There are no other fields\r | |
386 | modified by ProtectResourceVMCALL(). The STM_RESOURCE_LIST must be\r | |
387 | contained entirely within a single 4K page.\r | |
388 | \r | |
389 | @retval CF 0\r | |
390 | No error, EAX set to STM_SUCCESS. The STM has successfully\r | |
391 | merged the entire protection request into the active protection\r | |
392 | profile. There is therefore no need to check the ReturnStatus\r | |
393 | bits in the STM_RESOURCE_LIST.\r | |
394 | @retval CF 1\r | |
395 | An error occurred, EAX holds relevant error value.\r | |
396 | @retval EAX #ERROR_STM_UNPROTECTABLE_RESOURCE\r | |
397 | At least one of the requested resource protections intersects a\r | |
398 | BIOS required resource. Therefore, the caller must walk through\r | |
399 | the STM_RESOURCE_LIST to determine which of the requested\r | |
400 | resources was not granted protection. The entire list must be\r | |
401 | traversed since there may be multiple failures.\r | |
402 | @retval EAX #ERROR_STM_MALFORMED_RESOURCE_LIST\r | |
403 | The resource list could not be parsed correctly, or did not\r | |
404 | terminate before crossing a 4K page boundary. The caller must\r | |
405 | walk through the STM_RESOURCE_LIST to determine which of the\r | |
406 | requested resources was not granted protection. The entire list\r | |
407 | must be traversed since there may be multiple failures.\r | |
408 | @retval EAX #ERROR_STM_OUT_OF_RESOURCES\r | |
409 | The STM has encountered an internal error and cannot complete\r | |
410 | the request.\r | |
411 | @retval EAX #ERROR_STM_UNSPECIFIED\r | |
412 | An unspecified error occurred.\r | |
413 | \r | |
414 | @note All other registers unmodified.\r | |
415 | **/\r | |
416 | #define STM_API_PROTECT_RESOURCE (BIT16 | 3)\r | |
417 | \r | |
418 | /**\r | |
419 | The UnProtectResourceVMCALL() is invoked by the MLE root to request that the\r | |
420 | STM allow the SMI handler access to the specified resources.\r | |
421 | \r | |
422 | @param EAX #STM_API_UNPROTECT_RESOURCE (0x00010004)\r | |
423 | @param EBX Low 32 bits of physical address of caller allocated\r | |
424 | STM_RESOURCE_LIST. Bits 11:0 are ignored and assumed to be zero,\r | |
425 | making the buffer 4K aligned.\r | |
426 | @param ECX High 32 bits of physical address of caller allocated\r | |
427 | STM_RESOURCE_LIST.\r | |
428 | \r | |
429 | @note All fields of STM_RESOURCE_LIST are inputs only, except for the\r | |
430 | ReturnStatus bit. On input, the ReturnStatus bit must be clear. On\r | |
431 | return, the ReturnStatus bit is set for each resource processed. For\r | |
432 | a properly formed STM_RESOURCE_LIST, this should be all resources\r | |
433 | listed. There are no other fields modified by\r | |
434 | UnProtectResourceVMCALL(). The STM_RESOURCE_LIST must be contained\r | |
435 | entirely within a single 4K page.\r | |
436 | \r | |
437 | @retval CF 0\r | |
438 | No error, EAX set to STM_SUCCESS. The requested resources are\r | |
439 | not being guarded by the STM.\r | |
440 | @retval CF 1\r | |
441 | An error occurred, EAX holds relevant error value.\r | |
442 | @retval EAX #ERROR_STM_MALFORMED_RESOURCE_LIST\r | |
443 | The resource list could not be parsed correctly, or did not\r | |
444 | terminate before crossing a 4K page boundary. The caller must\r | |
445 | walk through the STM_RESOURCE_LIST to determine which of the\r | |
446 | requested resources were not able to be unprotected. The entire\r | |
447 | list must be traversed since there may be multiple failures.\r | |
448 | @retval EAX #ERROR_STM_UNSPECIFIED\r | |
449 | An unspecified error occurred.\r | |
450 | \r | |
451 | @note All other registers unmodified.\r | |
452 | **/\r | |
453 | #define STM_API_UNPROTECT_RESOURCE (BIT16 | 4)\r | |
454 | \r | |
455 | /**\r | |
456 | The GetBiosResourcesVMCALL() is invoked by the MLE root to request the list\r | |
457 | of BIOS required resources from the STM.\r | |
458 | \r | |
459 | @param EAX #STM_API_GET_BIOS_RESOURCES (0x00010005)\r | |
460 | @param EBX Low 32 bits of physical address of caller allocated destination\r | |
461 | buffer. Bits 11:0 are ignored and assumed to be zero, making the\r | |
462 | buffer 4K aligned.\r | |
463 | @param ECX High 32 bits of physical address of caller allocated destination\r | |
464 | buffer.\r | |
465 | @param EDX Indicates which page of the BIOS resource list to copy into the\r | |
466 | destination buffer. The first page is indicated by 0, the second\r | |
467 | page by 1, etc.\r | |
468 | \r | |
469 | @retval CF 0\r | |
470 | No error, EAX set to STM_SUCCESS. The destination buffer\r | |
471 | contains the BIOS required resources. If the page retrieved is\r | |
472 | the last page, EDX will be cleared to 0. If there are more pages\r | |
473 | to retrieve, EDX is incremented to the next page index. Calling\r | |
474 | software should iterate on GetBiosResourcesVMCALL() until EDX is\r | |
475 | returned cleared to 0.\r | |
476 | @retval CF 1\r | |
477 | An error occurred, EAX holds relevant error value.\r | |
478 | @retval EAX #ERROR_STM_PAGE_NOT_FOUND\r | |
479 | The page index supplied in EDX input was out of range.\r | |
480 | @retval EAX #ERROR_STM_UNSPECIFIED\r | |
481 | An unspecified error occurred.\r | |
482 | @retval EDX Page index of next page to read. A return of EDX=0 signifies\r | |
483 | that the entire list has been read.\r | |
484 | @note EDX is both an input and an output register.\r | |
485 | \r | |
486 | @note All other registers unmodified.\r | |
487 | **/\r | |
488 | #define STM_API_GET_BIOS_RESOURCES (BIT16 | 5)\r | |
489 | \r | |
490 | /**\r | |
491 | The ManageVmcsDatabaseVMCALL() is invoked by the MLE root to add or remove an\r | |
492 | MLE guest (including the MLE root) from the list of protected domains.\r | |
493 | \r | |
494 | @param EAX #STM_API_MANAGE_VMCS_DATABASE (0x00010006)\r | |
495 | @param EBX Low 32 bits of physical address of caller allocated\r | |
496 | STM_VMCS_DATABASE_REQUEST. Bits 11:0 are ignored and assumed to\r | |
497 | be zero, making the buffer 4K aligned.\r | |
498 | @param ECX High 32 bits of physical address of caller allocated\r | |
499 | STM_VMCS_DATABASE_REQUEST.\r | |
500 | \r | |
501 | @note All fields of STM_VMCS_DATABASE_REQUEST are inputs only. They are not\r | |
502 | modified by ManageVmcsDatabaseVMCALL().\r | |
503 | \r | |
504 | @retval CF 0\r | |
505 | No error, EAX set to STM_SUCCESS.\r | |
506 | @retval CF 1\r | |
507 | An error occurred, EAX holds relevant error value.\r | |
508 | @retval EAX #ERROR_STM_INVALID_VMCS\r | |
509 | Indicates a request to remove a VMCS from the database was made,\r | |
510 | but the referenced VMCS was not found in the database.\r | |
511 | @retval EAX #ERROR_STM_VMCS_PRESENT\r | |
512 | Indicates a request to add a VMCS to the database was made, but\r | |
513 | the referenced VMCS was already present in the database.\r | |
514 | @retval EAX #ERROR_INVALID_PARAMETER\r | |
515 | Indicates non-zero reserved field.\r | |
516 | @retval EAX #ERROR_STM_UNSPECIFIED\r | |
517 | An unspecified error occurred\r | |
518 | \r | |
519 | @note All other registers unmodified.\r | |
520 | **/\r | |
521 | #define STM_API_MANAGE_VMCS_DATABASE (BIT16 | 6)\r | |
522 | \r | |
523 | /**\r | |
524 | STM VMCS Database Request for #STM_API_MANAGE_VMCS_DATABASE VMCALL\r | |
525 | **/\r | |
526 | typedef struct {\r | |
527 | ///\r | |
528 | /// bits 11:0 are reserved and must be 0\r | |
529 | ///\r | |
530 | UINT64 VmcsPhysPointer;\r | |
531 | UINT32 DomainType : 4;\r | |
532 | UINT32 XStatePolicy : 2;\r | |
533 | UINT32 DegradationPolicy : 4;\r | |
534 | ///\r | |
535 | /// Must be 0\r | |
536 | ///\r | |
537 | UINT32 Reserved1 : 22;\r | |
538 | UINT32 AddOrRemove;\r | |
539 | } STM_VMCS_DATABASE_REQUEST;\r | |
540 | \r | |
541 | /**\r | |
542 | Values for the DomainType field of #STM_VMCS_DATABASE_REQUEST\r | |
543 | @{\r | |
544 | **/\r | |
545 | #define DOMAIN_UNPROTECTED 0\r | |
546 | #define DOMAIN_DISALLOWED_IO_OUT BIT0\r | |
547 | #define DOMAIN_DISALLOWED_IO_IN BIT1\r | |
548 | #define DOMAIN_INTEGRITY BIT2\r | |
549 | #define DOMAIN_CONFIDENTIALITY BIT3\r | |
550 | #define DOMAIN_INTEGRITY_PROT_OUT_IN (DOMAIN_INTEGRITY)\r | |
551 | #define DOMAIN_FULLY_PROT_OUT_IN (DOMAIN_CONFIDENTIALITY | DOMAIN_INTEGRITY)\r | |
552 | #define DOMAIN_FULLY_PROT (DOMAIN_FULLY_PROT_OUT_IN | DOMAIN_DISALLOWED_IO_IN | DOMAIN_DISALLOWED_IO_OUT)\r | |
553 | /// @}\r | |
554 | \r | |
555 | /**\r | |
556 | Values for the XStatePolicy field of #STM_VMCS_DATABASE_REQUEST\r | |
557 | @{\r | |
558 | **/\r | |
559 | #define XSTATE_READWRITE 0x00\r | |
560 | #define XSTATE_READONLY 0x01\r | |
561 | #define XSTATE_SCRUB 0x03\r | |
562 | /// @}\r | |
563 | \r | |
564 | /**\r | |
565 | Values for the AddOrRemove field of #STM_VMCS_DATABASE_REQUEST\r | |
566 | @{\r | |
567 | **/\r | |
568 | #define STM_VMCS_DATABASE_REQUEST_ADD 1\r | |
569 | #define STM_VMCS_DATABASE_REQUEST_REMOVE 0\r | |
570 | /// @}\r | |
571 | \r | |
572 | /**\r | |
573 | InitializeProtectionVMCALL() prepares the STM for setup of the initial\r | |
574 | protection profile which is subsequently communicated via one or more\r | |
575 | invocations of ProtectResourceVMCALL(), prior to invoking StartStmVMCALL().\r | |
576 | It is only necessary to invoke InitializeProtectionVMCALL() on one processor\r | |
577 | thread. InitializeProtectionVMCALL() does not alter whether SMIs are masked\r | |
578 | or unmasked. The STM should return back to the MLE with "Blocking by SMI" set\r | |
579 | to 1 in the GUEST_INTERRUPTIBILITY field for the VMCS the STM created for the\r | |
580 | MLE guest.\r | |
581 | \r | |
582 | @param EAX #STM_API_INITIALIZE_PROTECTION (0x00010007)\r | |
583 | \r | |
584 | @retval CF 0\r | |
585 | No error, EAX set to STM_SUCCESS, EBX bits set to indicate STM\r | |
586 | capabilities as defined below. The STM has set up an empty\r | |
587 | protection profile, except for the resources that it sets up to\r | |
588 | protect itself. The STM must not allow the SMI handler to map\r | |
589 | any pages from the MSEG Base to the top of TSEG. The STM must\r | |
590 | also not allow SMI handler access to those MSRs which the STM\r | |
591 | requires for its own protection.\r | |
592 | @retval CF 1\r | |
593 | An error occurred, EAX holds relevant error value.\r | |
594 | @retval EAX #ERROR_STM_ALREADY_STARTED\r | |
595 | The STM is already configured and active. The STM remains active\r | |
596 | and guarding the previously enabled resource list.\r | |
597 | @retval EAX #ERROR_STM_UNPROTECTABLE\r | |
598 | The STM determines that based on the platform configuration, the\r | |
599 | STM is unable to protect itself. For example, the BIOS required\r | |
600 | resource list contains memory pages in MSEG.\r | |
601 | @retval EAX #ERROR_STM_UNSPECIFIED\r | |
602 | An unspecified error occurred.\r | |
603 | \r | |
604 | @note All other registers unmodified.\r | |
605 | **/\r | |
606 | #define STM_API_INITIALIZE_PROTECTION (BIT16 | 7)\r | |
607 | \r | |
608 | /**\r | |
609 | Byte granular support bits returned in EBX from #STM_API_INITIALIZE_PROTECTION\r | |
610 | @{\r | |
611 | **/\r | |
612 | #define STM_RSC_BGI BIT1\r | |
613 | #define STM_RSC_BGM BIT2\r | |
614 | #define STM_RSC_MSR BIT3\r | |
615 | /// @}\r | |
616 | \r | |
617 | /**\r | |
618 | The ManageEventLogVMCALL() is invoked by the MLE root to control the logging\r | |
619 | feature. It consists of several sub-functions to facilitate establishment of\r | |
620 | the log itself, configuring what events will be logged, and functions to\r | |
621 | start, stop, and clear the log.\r | |
622 | \r | |
623 | @param EAX #STM_API_MANAGE_EVENT_LOG (0x00010008)\r | |
624 | @param EBX Low 32 bits of physical address of caller allocated\r | |
625 | STM_EVENT_LOG_MANAGEMENT_REQUEST. Bits 11:0 are ignored and\r | |
626 | assumed to be zero, making the buffer 4K aligned.\r | |
627 | @param ECX High 32 bits of physical address of caller allocated\r | |
628 | STM_EVENT_LOG_MANAGEMENT_REQUEST.\r | |
629 | \r | |
630 | @retval CF=0\r | |
631 | No error, EAX set to STM_SUCCESS.\r | |
632 | @retval CF=1\r | |
633 | An error occurred, EAX holds relevant error value. See subfunction\r | |
634 | descriptions below for details.\r | |
635 | \r | |
636 | @note All other registers unmodified.\r | |
637 | **/\r | |
638 | #define STM_API_MANAGE_EVENT_LOG (BIT16 | 8)\r | |
639 | \r | |
640 | ///\r | |
641 | /// STM Event Log Management Request for #STM_API_MANAGE_EVENT_LOG VMCALL\r | |
642 | ///\r | |
643 | typedef struct {\r | |
644 | UINT32 SubFunctionIndex;\r | |
645 | union {\r | |
646 | struct {\r | |
647 | UINT32 PageCount;\r | |
648 | //\r | |
649 | // number of elements is PageCount\r | |
650 | //\r | |
651 | UINT64 Pages[];\r | |
652 | } LogBuffer;\r | |
653 | //\r | |
654 | // bitmap of EVENT_TYPE\r | |
655 | //\r | |
656 | UINT32 EventEnableBitmap;\r | |
657 | } Data;\r | |
658 | } STM_EVENT_LOG_MANAGEMENT_REQUEST;\r | |
659 | \r | |
660 | /**\r | |
661 | Defines values for the SubFunctionIndex field of\r | |
662 | #STM_EVENT_LOG_MANAGEMENT_REQUEST\r | |
663 | @{\r | |
664 | **/\r | |
665 | #define STM_EVENT_LOG_MANAGEMENT_REQUEST_NEW_LOG 1\r | |
666 | #define STM_EVENT_LOG_MANAGEMENT_REQUEST_CONFIGURE_LOG 2\r | |
667 | #define STM_EVENT_LOG_MANAGEMENT_REQUEST_START_LOG 3\r | |
668 | #define STM_EVENT_LOG_MANAGEMENT_REQUEST_STOP_LOG 4\r | |
669 | #define STM_EVENT_LOG_MANAGEMENT_REQUEST_CLEAR_LOG 5\r | |
670 | #define STM_EVENT_LOG_MANAGEMENT_REQUEST_DELETE_LOG 6\r | |
671 | /// @}\r | |
672 | \r | |
673 | /**\r | |
674 | Log Entry Header\r | |
675 | **/\r | |
676 | typedef struct {\r | |
677 | UINT32 EventSerialNumber;\r | |
678 | UINT16 Type;\r | |
679 | UINT16 Lock : 1;\r | |
680 | UINT16 Valid : 1;\r | |
681 | UINT16 ReadByMle : 1;\r | |
682 | UINT16 Wrapped : 1;\r | |
683 | UINT16 Reserved : 12;\r | |
684 | } LOG_ENTRY_HEADER;\r | |
685 | \r | |
686 | /**\r | |
687 | Enum values for the Type field of #LOG_ENTRY_HEADER\r | |
688 | **/\r | |
689 | typedef enum {\r | |
690 | EvtLogStarted,\r | |
691 | EvtLogStopped,\r | |
692 | EvtLogInvalidParameterDetected,\r | |
693 | EvtHandledProtectionException,\r | |
694 | ///\r | |
695 | /// unhandled protection exceptions result in reset & cannot be logged\r | |
696 | ///\r | |
697 | EvtBiosAccessToUnclaimedResource,\r | |
698 | EvtMleResourceProtectionGranted,\r | |
699 | EvtMleResourceProtectionDenied,\r | |
700 | EvtMleResourceUnprotect,\r | |
701 | EvtMleResourceUnprotectError,\r | |
702 | EvtMleDomainTypeDegraded,\r | |
703 | ///\r | |
704 | /// add more here\r | |
705 | ///\r | |
706 | EvtMleMax,\r | |
707 | ///\r | |
708 | /// Not used\r | |
709 | ///\r | |
710 | EvtInvalid = 0xFFFFFFFF,\r | |
711 | } EVENT_TYPE;\r | |
712 | \r | |
713 | typedef struct {\r | |
714 | UINT32 Reserved;\r | |
715 | } ENTRY_EVT_LOG_STARTED;\r | |
716 | \r | |
717 | typedef struct {\r | |
718 | UINT32 Reserved;\r | |
719 | } ENTRY_EVT_LOG_STOPPED;\r | |
720 | \r | |
721 | typedef struct {\r | |
722 | UINT32 VmcallApiNumber;\r | |
723 | } ENTRY_EVT_LOG_INVALID_PARAM;\r | |
724 | \r | |
725 | typedef struct {\r | |
726 | STM_RSC Resource;\r | |
727 | } ENTRY_EVT_LOG_HANDLED_PROTECTION_EXCEPTION;\r | |
728 | \r | |
729 | typedef struct {\r | |
730 | STM_RSC Resource;\r | |
731 | } ENTRY_EVT_BIOS_ACCESS_UNCLAIMED_RSC;\r | |
732 | \r | |
733 | typedef struct {\r | |
734 | STM_RSC Resource;\r | |
735 | } ENTRY_EVT_MLE_RSC_PROT_GRANTED;\r | |
736 | \r | |
737 | typedef struct {\r | |
738 | STM_RSC Resource;\r | |
739 | } ENTRY_EVT_MLE_RSC_PROT_DENIED;\r | |
740 | \r | |
741 | typedef struct {\r | |
742 | STM_RSC Resource;\r | |
743 | } ENTRY_EVT_MLE_RSC_UNPROT;\r | |
744 | \r | |
745 | typedef struct {\r | |
746 | STM_RSC Resource;\r | |
747 | } ENTRY_EVT_MLE_RSC_UNPROT_ERROR;\r | |
748 | \r | |
749 | typedef struct {\r | |
750 | UINT64 VmcsPhysPointer;\r | |
751 | UINT8 ExpectedDomainType;\r | |
752 | UINT8 DegradedDomainType;\r | |
753 | } ENTRY_EVT_MLE_DOMAIN_TYPE_DEGRADED;\r | |
754 | \r | |
755 | typedef union {\r | |
756 | ENTRY_EVT_LOG_STARTED Started;\r | |
757 | ENTRY_EVT_LOG_STOPPED Stopped;\r | |
758 | ENTRY_EVT_LOG_INVALID_PARAM InvalidParam;\r | |
759 | ENTRY_EVT_LOG_HANDLED_PROTECTION_EXCEPTION HandledProtectionException;\r | |
760 | ENTRY_EVT_BIOS_ACCESS_UNCLAIMED_RSC BiosUnclaimedRsc;\r | |
761 | ENTRY_EVT_MLE_RSC_PROT_GRANTED MleRscProtGranted;\r | |
762 | ENTRY_EVT_MLE_RSC_PROT_DENIED MleRscProtDenied;\r | |
763 | ENTRY_EVT_MLE_RSC_UNPROT MleRscUnprot;\r | |
764 | ENTRY_EVT_MLE_RSC_UNPROT_ERROR MleRscUnprotError;\r | |
765 | ENTRY_EVT_MLE_DOMAIN_TYPE_DEGRADED MleDomainTypeDegraded;\r | |
766 | } LOG_ENTRY_DATA;\r | |
767 | \r | |
768 | typedef struct {\r | |
769 | LOG_ENTRY_HEADER Hdr;\r | |
770 | LOG_ENTRY_DATA Data;\r | |
771 | } STM_LOG_ENTRY;\r | |
772 | \r | |
773 | /**\r | |
774 | Maximum STM Log Entry Size\r | |
775 | **/\r | |
776 | #define STM_LOG_ENTRY_SIZE 256\r | |
777 | \r | |
778 | /**\r | |
779 | STM Protection Exception Stack Frame Structures\r | |
780 | **/\r | |
781 | \r | |
782 | typedef struct {\r | |
783 | UINT32 Rdi;\r | |
784 | UINT32 Rsi;\r | |
785 | UINT32 Rbp;\r | |
786 | UINT32 Rdx;\r | |
787 | UINT32 Rcx;\r | |
788 | UINT32 Rbx;\r | |
789 | UINT32 Rax;\r | |
790 | UINT32 Cr3;\r | |
791 | UINT32 Cr2;\r | |
792 | UINT32 Cr0;\r | |
793 | UINT32 VmcsExitInstructionInfo;\r | |
794 | UINT32 VmcsExitInstructionLength;\r | |
795 | UINT64 VmcsExitQualification;\r | |
796 | ///\r | |
797 | /// An TXT_SMM_PROTECTION_EXCEPTION_TYPE num value\r | |
798 | ///\r | |
799 | UINT32 ErrorCode;\r | |
800 | UINT32 Rip;\r | |
801 | UINT32 Cs;\r | |
802 | UINT32 Rflags;\r | |
803 | UINT32 Rsp;\r | |
804 | UINT32 Ss;\r | |
805 | } STM_PROTECTION_EXCEPTION_STACK_FRAME_IA32;\r | |
806 | \r | |
807 | typedef struct {\r | |
808 | UINT64 R15;\r | |
809 | UINT64 R14;\r | |
810 | UINT64 R13;\r | |
811 | UINT64 R12;\r | |
812 | UINT64 R11;\r | |
813 | UINT64 R10;\r | |
814 | UINT64 R9;\r | |
815 | UINT64 R8;\r | |
816 | UINT64 Rdi;\r | |
817 | UINT64 Rsi;\r | |
818 | UINT64 Rbp;\r | |
819 | UINT64 Rdx;\r | |
820 | UINT64 Rcx;\r | |
821 | UINT64 Rbx;\r | |
822 | UINT64 Rax;\r | |
823 | UINT64 Cr8;\r | |
824 | UINT64 Cr3;\r | |
825 | UINT64 Cr2;\r | |
826 | UINT64 Cr0;\r | |
827 | UINT64 VmcsExitInstructionInfo;\r | |
828 | UINT64 VmcsExitInstructionLength;\r | |
829 | UINT64 VmcsExitQualification;\r | |
830 | ///\r | |
831 | /// An TXT_SMM_PROTECTION_EXCEPTION_TYPE num value\r | |
832 | ///\r | |
833 | UINT64 ErrorCode;\r | |
834 | UINT64 Rip;\r | |
835 | UINT64 Cs;\r | |
836 | UINT64 Rflags;\r | |
837 | UINT64 Rsp;\r | |
838 | UINT64 Ss;\r | |
839 | } STM_PROTECTION_EXCEPTION_STACK_FRAME_X64;\r | |
840 | \r | |
841 | typedef union {\r | |
842 | STM_PROTECTION_EXCEPTION_STACK_FRAME_IA32 *Ia32StackFrame;\r | |
843 | STM_PROTECTION_EXCEPTION_STACK_FRAME_X64 *X64StackFrame;\r | |
844 | } STM_PROTECTION_EXCEPTION_STACK_FRAME;\r | |
845 | \r | |
846 | /**\r | |
847 | Enum values for the ErrorCode field in\r | |
848 | #STM_PROTECTION_EXCEPTION_STACK_FRAME_IA32 and\r | |
849 | #STM_PROTECTION_EXCEPTION_STACK_FRAME_X64\r | |
850 | **/\r | |
851 | typedef enum {\r | |
852 | TxtSmmPageViolation = 1,\r | |
853 | TxtSmmMsrViolation,\r | |
854 | TxtSmmRegisterViolation,\r | |
855 | TxtSmmIoViolation,\r | |
856 | TxtSmmPciViolation\r | |
857 | } TXT_SMM_PROTECTION_EXCEPTION_TYPE;\r | |
858 | \r | |
859 | /**\r | |
860 | TXT Pocessor SMM Descriptor (PSD) structures\r | |
861 | **/\r | |
862 | \r | |
863 | typedef struct {\r | |
864 | UINT64 SpeRip;\r | |
865 | UINT64 SpeRsp;\r | |
866 | UINT16 SpeSs;\r | |
867 | UINT16 PageViolationException : 1;\r | |
868 | UINT16 MsrViolationException : 1;\r | |
869 | UINT16 RegisterViolationException : 1;\r | |
870 | UINT16 IoViolationException : 1;\r | |
871 | UINT16 PciViolationException : 1;\r | |
872 | UINT16 Reserved1 : 11;\r | |
873 | UINT32 Reserved2;\r | |
874 | } STM_PROTECTION_EXCEPTION_HANDLER;\r | |
875 | \r | |
876 | typedef struct {\r | |
877 | UINT8 ExecutionDisableOutsideSmrr : 1;\r | |
878 | UINT8 Intel64Mode : 1;\r | |
879 | UINT8 Cr4Pae : 1;\r | |
880 | UINT8 Cr4Pse : 1;\r | |
881 | UINT8 Reserved1 : 4;\r | |
882 | } STM_SMM_ENTRY_STATE;\r | |
883 | \r | |
884 | typedef struct {\r | |
885 | UINT8 SmramToVmcsRestoreRequired : 1; /// > BIOS restore hint\r | |
886 | UINT8 ReinitializeVmcsRequired : 1; /// > BIOS request\r | |
887 | UINT8 Reserved2 : 6;\r | |
888 | } STM_SMM_RESUME_STATE;\r | |
889 | \r | |
890 | typedef struct {\r | |
891 | UINT8 DomainType : 4; /// > STM input to BIOS on each SMI\r | |
892 | UINT8 XStatePolicy : 2; /// > STM input to BIOS on each SMI\r | |
893 | UINT8 EptEnabled : 1;\r | |
894 | UINT8 Reserved3 : 1;\r | |
895 | } STM_SMM_STATE;\r | |
896 | \r | |
897 | #define TXT_SMM_PSD_OFFSET 0xfb00\r | |
898 | #define TXT_PROCESSOR_SMM_DESCRIPTOR_SIGNATURE SIGNATURE_64('T', 'X', 'T', 'P', 'S', 'S', 'I', 'G')\r | |
899 | #define TXT_PROCESSOR_SMM_DESCRIPTOR_VERSION_MAJOR 1\r | |
900 | #define TXT_PROCESSOR_SMM_DESCRIPTOR_VERSION_MINOR 0\r | |
901 | \r | |
902 | typedef struct {\r | |
903 | UINT64 Signature;\r | |
904 | UINT16 Size;\r | |
905 | UINT8 SmmDescriptorVerMajor;\r | |
906 | UINT8 SmmDescriptorVerMinor;\r | |
907 | UINT32 LocalApicId;\r | |
908 | STM_SMM_ENTRY_STATE SmmEntryState;\r | |
909 | STM_SMM_RESUME_STATE SmmResumeState;\r | |
910 | STM_SMM_STATE StmSmmState;\r | |
911 | UINT8 Reserved4;\r | |
912 | UINT16 SmmCs;\r | |
913 | UINT16 SmmDs;\r | |
914 | UINT16 SmmSs;\r | |
915 | UINT16 SmmOtherSegment;\r | |
916 | UINT16 SmmTr;\r | |
917 | UINT16 Reserved5;\r | |
918 | UINT64 SmmCr3;\r | |
919 | UINT64 SmmStmSetupRip;\r | |
920 | UINT64 SmmStmTeardownRip;\r | |
921 | UINT64 SmmSmiHandlerRip;\r | |
922 | UINT64 SmmSmiHandlerRsp;\r | |
923 | UINT64 SmmGdtPtr;\r | |
924 | UINT32 SmmGdtSize;\r | |
925 | UINT32 RequiredStmSmmRevId;\r | |
926 | STM_PROTECTION_EXCEPTION_HANDLER StmProtectionExceptionHandler;\r | |
927 | UINT64 Reserved6;\r | |
928 | UINT64 BiosHwResourceRequirementsPtr;\r | |
929 | // extend area\r | |
930 | UINT64 AcpiRsdp;\r | |
931 | UINT8 PhysicalAddressBits;\r | |
932 | } TXT_PROCESSOR_SMM_DESCRIPTOR;\r | |
933 | \r | |
934 | #pragma pack ()\r | |
935 | \r | |
936 | #endif\r |