2 Main SEC phase code. Transitions to PEI.
4 Copyright (c) 2008 - 2015, Intel Corporation. All rights reserved.<BR>
5 (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
6 Copyright (c) 2020, Advanced Micro Devices, Inc. All rights reserved.<BR>
8 SPDX-License-Identifier: BSD-2-Clause-Patent
14 #include <Library/PeimEntryPoint.h>
15 #include <Library/BaseLib.h>
16 #include <Library/DebugLib.h>
17 #include <Library/BaseMemoryLib.h>
18 #include <Library/PeiServicesLib.h>
19 #include <Library/PcdLib.h>
20 #include <Library/UefiCpuLib.h>
21 #include <Library/DebugAgentLib.h>
22 #include <Library/IoLib.h>
23 #include <Library/PeCoffLib.h>
24 #include <Library/PeCoffGetEntryPointLib.h>
25 #include <Library/PeCoffExtraActionLib.h>
26 #include <Library/ExtractGuidedSectionLib.h>
27 #include <Library/LocalApicLib.h>
28 #include <Library/CpuExceptionHandlerLib.h>
29 #include <Ppi/TemporaryRamSupport.h>
30 #include <Library/PlatformInitLib.h>
31 #include <Library/CcProbeLib.h>
34 #define SEC_IDT_ENTRY_COUNT 34
36 typedef struct _SEC_IDT_TABLE
{
37 EFI_PEI_SERVICES
*PeiService
;
38 IA32_IDT_GATE_DESCRIPTOR IdtTable
[SEC_IDT_ENTRY_COUNT
];
49 TemporaryRamMigration (
50 IN CONST EFI_PEI_SERVICES
**PeiServices
,
51 IN EFI_PHYSICAL_ADDRESS TemporaryMemoryBase
,
52 IN EFI_PHYSICAL_ADDRESS PermanentMemoryBase
,
59 EFI_PEI_TEMPORARY_RAM_SUPPORT_PPI mTemporaryRamSupportPpi
= {
63 EFI_PEI_PPI_DESCRIPTOR mPrivateDispatchTable
[] = {
65 (EFI_PEI_PPI_DESCRIPTOR_PPI
| EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST
),
66 &gEfiTemporaryRamSupportPpiGuid
,
67 &mTemporaryRamSupportPpi
72 // Template of an IDT entry pointing to 10:FFFFFFE4h.
74 IA32_IDT_GATE_DESCRIPTOR mIdtEntryTemplate
= {
79 IA32_IDT_GATE_TYPE_INTERRUPT_32
, // GateType
85 Locates the main boot firmware volume.
87 @param[in,out] BootFv On input, the base of the BootFv
88 On output, the decompressed main firmware volume
90 @retval EFI_SUCCESS The main firmware volume was located and decompressed
91 @retval EFI_NOT_FOUND The main firmware volume was not found
96 IN OUT EFI_FIRMWARE_VOLUME_HEADER
**BootFv
99 EFI_FIRMWARE_VOLUME_HEADER
*Fv
;
102 ASSERT (((UINTN
)*BootFv
& EFI_PAGE_MASK
) == 0);
105 Distance
= (UINTN
)(*BootFv
)->FvLength
;
107 Fv
= (EFI_FIRMWARE_VOLUME_HEADER
*)((UINT8
*)Fv
- EFI_PAGE_SIZE
);
108 Distance
+= EFI_PAGE_SIZE
;
109 if (Distance
> SIZE_32MB
) {
110 return EFI_NOT_FOUND
;
113 if (Fv
->Signature
!= EFI_FVH_SIGNATURE
) {
117 if ((UINTN
)Fv
->FvLength
> Distance
) {
127 Locates a section within a series of sections
128 with the specified section type.
130 The Instance parameter indicates which instance of the section
131 type to return. (0 is first instance, 1 is second...)
133 @param[in] Sections The sections to search
134 @param[in] SizeOfSections Total size of all sections
135 @param[in] SectionType The section type to locate
136 @param[in] Instance The section instance number
137 @param[out] FoundSection The FFS section if found
139 @retval EFI_SUCCESS The file and section was found
140 @retval EFI_NOT_FOUND The file and section was not found
141 @retval EFI_VOLUME_CORRUPTED The firmware volume was corrupted
145 FindFfsSectionInstance (
147 IN UINTN SizeOfSections
,
148 IN EFI_SECTION_TYPE SectionType
,
150 OUT EFI_COMMON_SECTION_HEADER
**FoundSection
153 EFI_PHYSICAL_ADDRESS CurrentAddress
;
155 EFI_PHYSICAL_ADDRESS EndOfSections
;
156 EFI_COMMON_SECTION_HEADER
*Section
;
157 EFI_PHYSICAL_ADDRESS EndOfSection
;
160 // Loop through the FFS file sections within the PEI Core FFS file
162 EndOfSection
= (EFI_PHYSICAL_ADDRESS
)(UINTN
)Sections
;
163 EndOfSections
= EndOfSection
+ SizeOfSections
;
165 if (EndOfSection
== EndOfSections
) {
169 CurrentAddress
= (EndOfSection
+ 3) & ~(3ULL);
170 if (CurrentAddress
>= EndOfSections
) {
171 return EFI_VOLUME_CORRUPTED
;
174 Section
= (EFI_COMMON_SECTION_HEADER
*)(UINTN
)CurrentAddress
;
176 Size
= SECTION_SIZE (Section
);
177 if (Size
< sizeof (*Section
)) {
178 return EFI_VOLUME_CORRUPTED
;
181 EndOfSection
= CurrentAddress
+ Size
;
182 if (EndOfSection
> EndOfSections
) {
183 return EFI_VOLUME_CORRUPTED
;
187 // Look for the requested section type
189 if (Section
->Type
== SectionType
) {
191 *FoundSection
= Section
;
199 return EFI_NOT_FOUND
;
203 Locates a section within a series of sections
204 with the specified section type.
206 @param[in] Sections The sections to search
207 @param[in] SizeOfSections Total size of all sections
208 @param[in] SectionType The section type to locate
209 @param[out] FoundSection The FFS section if found
211 @retval EFI_SUCCESS The file and section was found
212 @retval EFI_NOT_FOUND The file and section was not found
213 @retval EFI_VOLUME_CORRUPTED The firmware volume was corrupted
217 FindFfsSectionInSections (
219 IN UINTN SizeOfSections
,
220 IN EFI_SECTION_TYPE SectionType
,
221 OUT EFI_COMMON_SECTION_HEADER
**FoundSection
224 return FindFfsSectionInstance (
234 Locates a FFS file with the specified file type and a section
235 within that file with the specified section type.
237 @param[in] Fv The firmware volume to search
238 @param[in] FileType The file type to locate
239 @param[in] SectionType The section type to locate
240 @param[out] FoundSection The FFS section if found
242 @retval EFI_SUCCESS The file and section was found
243 @retval EFI_NOT_FOUND The file and section was not found
244 @retval EFI_VOLUME_CORRUPTED The firmware volume was corrupted
248 FindFfsFileAndSection (
249 IN EFI_FIRMWARE_VOLUME_HEADER
*Fv
,
250 IN EFI_FV_FILETYPE FileType
,
251 IN EFI_SECTION_TYPE SectionType
,
252 OUT EFI_COMMON_SECTION_HEADER
**FoundSection
256 EFI_PHYSICAL_ADDRESS CurrentAddress
;
257 EFI_PHYSICAL_ADDRESS EndOfFirmwareVolume
;
258 EFI_FFS_FILE_HEADER
*File
;
260 EFI_PHYSICAL_ADDRESS EndOfFile
;
262 if (Fv
->Signature
!= EFI_FVH_SIGNATURE
) {
263 DEBUG ((DEBUG_ERROR
, "FV at %p does not have FV header signature\n", Fv
));
264 return EFI_VOLUME_CORRUPTED
;
267 CurrentAddress
= (EFI_PHYSICAL_ADDRESS
)(UINTN
)Fv
;
268 EndOfFirmwareVolume
= CurrentAddress
+ Fv
->FvLength
;
271 // Loop through the FFS files in the Boot Firmware Volume
273 for (EndOfFile
= CurrentAddress
+ Fv
->HeaderLength
; ; ) {
274 CurrentAddress
= (EndOfFile
+ 7) & ~(7ULL);
275 if (CurrentAddress
> EndOfFirmwareVolume
) {
276 return EFI_VOLUME_CORRUPTED
;
279 File
= (EFI_FFS_FILE_HEADER
*)(UINTN
)CurrentAddress
;
280 Size
= FFS_FILE_SIZE (File
);
281 if (Size
< (sizeof (*File
) + sizeof (EFI_COMMON_SECTION_HEADER
))) {
282 return EFI_VOLUME_CORRUPTED
;
285 EndOfFile
= CurrentAddress
+ Size
;
286 if (EndOfFile
> EndOfFirmwareVolume
) {
287 return EFI_VOLUME_CORRUPTED
;
291 // Look for the request file type
293 if (File
->Type
!= FileType
) {
297 Status
= FindFfsSectionInSections (
299 (UINTN
)EndOfFile
- (UINTN
)(File
+ 1),
303 if (!EFI_ERROR (Status
) || (Status
== EFI_VOLUME_CORRUPTED
)) {
310 Locates the compressed main firmware volume and decompresses it.
312 @param[in,out] Fv On input, the firmware volume to search
313 On output, the decompressed BOOT/PEI FV
315 @retval EFI_SUCCESS The file and section was found
316 @retval EFI_NOT_FOUND The file and section was not found
317 @retval EFI_VOLUME_CORRUPTED The firmware volume was corrupted
322 IN OUT EFI_FIRMWARE_VOLUME_HEADER
**Fv
326 EFI_GUID_DEFINED_SECTION
*Section
;
327 UINT32 OutputBufferSize
;
328 UINT32 ScratchBufferSize
;
329 UINT16 SectionAttribute
;
330 UINT32 AuthenticationStatus
;
333 EFI_COMMON_SECTION_HEADER
*FvSection
;
334 EFI_FIRMWARE_VOLUME_HEADER
*PeiMemFv
;
335 EFI_FIRMWARE_VOLUME_HEADER
*DxeMemFv
;
337 UINT32 FvSectionSize
;
339 FvSection
= (EFI_COMMON_SECTION_HEADER
*)NULL
;
341 Status
= FindFfsFileAndSection (
343 EFI_FV_FILETYPE_FIRMWARE_VOLUME_IMAGE
,
344 EFI_SECTION_GUID_DEFINED
,
345 (EFI_COMMON_SECTION_HEADER
**)&Section
347 if (EFI_ERROR (Status
)) {
348 DEBUG ((DEBUG_ERROR
, "Unable to find GUID defined section\n"));
352 Status
= ExtractGuidedSectionGetInfo (
358 if (EFI_ERROR (Status
)) {
359 DEBUG ((DEBUG_ERROR
, "Unable to GetInfo for GUIDed section\n"));
363 OutputBuffer
= (VOID
*)((UINT8
*)(UINTN
)PcdGet32 (PcdOvmfDxeMemFvBase
) + SIZE_1MB
);
364 ScratchBuffer
= ALIGN_POINTER ((UINT8
*)OutputBuffer
+ OutputBufferSize
, SIZE_1MB
);
368 "%a: OutputBuffer@%p+0x%x ScratchBuffer@%p+0x%x "
369 "PcdOvmfDecompressionScratchEnd=0x%x\n",
375 PcdGet32 (PcdOvmfDecompressionScratchEnd
)
378 (UINTN
)ScratchBuffer
+ ScratchBufferSize
==
379 PcdGet32 (PcdOvmfDecompressionScratchEnd
)
382 Status
= ExtractGuidedSectionDecode (
386 &AuthenticationStatus
388 if (EFI_ERROR (Status
)) {
389 DEBUG ((DEBUG_ERROR
, "Error during GUID section decode\n"));
393 Status
= FindFfsSectionInstance (
396 EFI_SECTION_FIRMWARE_VOLUME_IMAGE
,
400 if (EFI_ERROR (Status
)) {
401 DEBUG ((DEBUG_ERROR
, "Unable to find PEI FV section\n"));
406 SECTION_SIZE (FvSection
) ==
407 (PcdGet32 (PcdOvmfPeiMemFvSize
) + sizeof (*FvSection
))
409 ASSERT (FvSection
->Type
== EFI_SECTION_FIRMWARE_VOLUME_IMAGE
);
411 PeiMemFv
= (EFI_FIRMWARE_VOLUME_HEADER
*)(UINTN
)PcdGet32 (PcdOvmfPeiMemFvBase
);
412 CopyMem (PeiMemFv
, (VOID
*)(FvSection
+ 1), PcdGet32 (PcdOvmfPeiMemFvSize
));
414 if (PeiMemFv
->Signature
!= EFI_FVH_SIGNATURE
) {
415 DEBUG ((DEBUG_ERROR
, "Extracted FV at %p does not have FV header signature\n", PeiMemFv
));
417 return EFI_VOLUME_CORRUPTED
;
420 Status
= FindFfsSectionInstance (
423 EFI_SECTION_FIRMWARE_VOLUME_IMAGE
,
427 if (EFI_ERROR (Status
)) {
428 DEBUG ((DEBUG_ERROR
, "Unable to find DXE FV section\n"));
432 ASSERT (FvSection
->Type
== EFI_SECTION_FIRMWARE_VOLUME_IMAGE
);
434 if (IS_SECTION2 (FvSection
)) {
435 FvSectionSize
= SECTION2_SIZE (FvSection
);
436 FvHeaderSize
= sizeof (EFI_COMMON_SECTION_HEADER2
);
438 FvSectionSize
= SECTION_SIZE (FvSection
);
439 FvHeaderSize
= sizeof (EFI_COMMON_SECTION_HEADER
);
442 ASSERT (FvSectionSize
== (PcdGet32 (PcdOvmfDxeMemFvSize
) + FvHeaderSize
));
444 DxeMemFv
= (EFI_FIRMWARE_VOLUME_HEADER
*)(UINTN
)PcdGet32 (PcdOvmfDxeMemFvBase
);
445 CopyMem (DxeMemFv
, (VOID
*)((UINTN
)FvSection
+ FvHeaderSize
), PcdGet32 (PcdOvmfDxeMemFvSize
));
447 if (DxeMemFv
->Signature
!= EFI_FVH_SIGNATURE
) {
448 DEBUG ((DEBUG_ERROR
, "Extracted FV at %p does not have FV header signature\n", DxeMemFv
));
450 return EFI_VOLUME_CORRUPTED
;
458 Locates the PEI Core entry point address
460 @param[in] Fv The firmware volume to search
461 @param[out] PeiCoreEntryPoint The entry point of the PEI Core image
463 @retval EFI_SUCCESS The file and section was found
464 @retval EFI_NOT_FOUND The file and section was not found
465 @retval EFI_VOLUME_CORRUPTED The firmware volume was corrupted
469 FindPeiCoreImageBaseInFv (
470 IN EFI_FIRMWARE_VOLUME_HEADER
*Fv
,
471 OUT EFI_PHYSICAL_ADDRESS
*PeiCoreImageBase
475 EFI_COMMON_SECTION_HEADER
*Section
;
477 Status
= FindFfsFileAndSection (
479 EFI_FV_FILETYPE_PEI_CORE
,
483 if (EFI_ERROR (Status
)) {
484 Status
= FindFfsFileAndSection (
486 EFI_FV_FILETYPE_PEI_CORE
,
490 if (EFI_ERROR (Status
)) {
491 DEBUG ((DEBUG_ERROR
, "Unable to find PEI Core image\n"));
496 *PeiCoreImageBase
= (EFI_PHYSICAL_ADDRESS
)(UINTN
)(Section
+ 1);
501 Reads 8-bits of CMOS data.
503 Reads the 8-bits of CMOS data at the location specified by Index.
504 The 8-bit read value is returned.
506 @param Index The CMOS location to read.
508 @return The value read.
517 IoWrite8 (0x70, (UINT8
)Index
);
518 return IoRead8 (0x71);
527 return (CmosRead8 (0xF) == 0xFE);
533 IN OUT EFI_FIRMWARE_VOLUME_HEADER
**PeiFv
536 *PeiFv
= (EFI_FIRMWARE_VOLUME_HEADER
*)(UINTN
)PcdGet32 (PcdOvmfPeiMemFvBase
);
541 Locates the PEI Core entry point address
543 @param[in,out] Fv The firmware volume to search
544 @param[out] PeiCoreEntryPoint The entry point of the PEI Core image
546 @retval EFI_SUCCESS The file and section was found
547 @retval EFI_NOT_FOUND The file and section was not found
548 @retval EFI_VOLUME_CORRUPTED The firmware volume was corrupted
552 FindPeiCoreImageBase (
553 IN OUT EFI_FIRMWARE_VOLUME_HEADER
**BootFv
,
554 OUT EFI_PHYSICAL_ADDRESS
*PeiCoreImageBase
559 *PeiCoreImageBase
= 0;
561 S3Resume
= IsS3Resume ();
562 if (S3Resume
&& !FeaturePcdGet (PcdSmmSmramRequire
)) {
564 // A malicious runtime OS may have injected something into our previously
565 // decoded PEI FV, but we don't care about that unless SMM/SMRAM is required.
567 DEBUG ((DEBUG_VERBOSE
, "SEC: S3 resume\n"));
568 GetS3ResumePeiFv (BootFv
);
571 // We're either not resuming, or resuming "securely" -- we'll decompress
572 // both PEI FV and DXE FV from pristine flash.
577 S3Resume
? "S3 resume (with PEI decompression)" : "Normal boot"
581 DecompressMemFvs (BootFv
);
584 FindPeiCoreImageBaseInFv (*BootFv
, PeiCoreImageBase
);
588 Find core image base.
593 IN EFI_FIRMWARE_VOLUME_HEADER
*BootFirmwareVolumePtr
,
594 OUT EFI_PHYSICAL_ADDRESS
*SecCoreImageBase
597 EFI_PHYSICAL_ADDRESS CurrentAddress
;
598 EFI_PHYSICAL_ADDRESS EndOfFirmwareVolume
;
599 EFI_FFS_FILE_HEADER
*File
;
601 EFI_PHYSICAL_ADDRESS EndOfFile
;
602 EFI_COMMON_SECTION_HEADER
*Section
;
603 EFI_PHYSICAL_ADDRESS EndOfSection
;
605 *SecCoreImageBase
= 0;
607 CurrentAddress
= (EFI_PHYSICAL_ADDRESS
)(UINTN
)BootFirmwareVolumePtr
;
608 EndOfFirmwareVolume
= CurrentAddress
+ BootFirmwareVolumePtr
->FvLength
;
611 // Loop through the FFS files in the Boot Firmware Volume
613 for (EndOfFile
= CurrentAddress
+ BootFirmwareVolumePtr
->HeaderLength
; ; ) {
614 CurrentAddress
= (EndOfFile
+ 7) & 0xfffffffffffffff8ULL
;
615 if (CurrentAddress
> EndOfFirmwareVolume
) {
616 return EFI_NOT_FOUND
;
619 File
= (EFI_FFS_FILE_HEADER
*)(UINTN
)CurrentAddress
;
620 Size
= FFS_FILE_SIZE (File
);
621 if (Size
< sizeof (*File
)) {
622 return EFI_NOT_FOUND
;
625 EndOfFile
= CurrentAddress
+ Size
;
626 if (EndOfFile
> EndOfFirmwareVolume
) {
627 return EFI_NOT_FOUND
;
633 if (File
->Type
!= EFI_FV_FILETYPE_SECURITY_CORE
) {
638 // Loop through the FFS file sections within the FFS file
640 EndOfSection
= (EFI_PHYSICAL_ADDRESS
)(UINTN
)(File
+ 1);
642 CurrentAddress
= (EndOfSection
+ 3) & 0xfffffffffffffffcULL
;
643 Section
= (EFI_COMMON_SECTION_HEADER
*)(UINTN
)CurrentAddress
;
645 Size
= SECTION_SIZE (Section
);
646 if (Size
< sizeof (*Section
)) {
647 return EFI_NOT_FOUND
;
650 EndOfSection
= CurrentAddress
+ Size
;
651 if (EndOfSection
> EndOfFile
) {
652 return EFI_NOT_FOUND
;
656 // Look for executable sections
658 if ((Section
->Type
== EFI_SECTION_PE32
) || (Section
->Type
== EFI_SECTION_TE
)) {
659 if (File
->Type
== EFI_FV_FILETYPE_SECURITY_CORE
) {
660 *SecCoreImageBase
= (PHYSICAL_ADDRESS
)(UINTN
)(Section
+ 1);
668 // SEC Core image found
670 if (*SecCoreImageBase
!= 0) {
677 Find and return Pei Core entry point.
679 It also find SEC and PEI Core file debug information. It will report them if
680 remote debug is enabled.
684 FindAndReportEntryPoints (
685 IN EFI_FIRMWARE_VOLUME_HEADER
**BootFirmwareVolumePtr
,
686 OUT EFI_PEI_CORE_ENTRY_POINT
*PeiCoreEntryPoint
690 EFI_PHYSICAL_ADDRESS SecCoreImageBase
;
691 EFI_PHYSICAL_ADDRESS PeiCoreImageBase
;
692 PE_COFF_LOADER_IMAGE_CONTEXT ImageContext
;
695 // Find SEC Core and PEI Core image base
697 Status
= FindImageBase (*BootFirmwareVolumePtr
, &SecCoreImageBase
);
698 ASSERT_EFI_ERROR (Status
);
700 FindPeiCoreImageBase (BootFirmwareVolumePtr
, &PeiCoreImageBase
);
702 ZeroMem ((VOID
*)&ImageContext
, sizeof (PE_COFF_LOADER_IMAGE_CONTEXT
));
704 // Report SEC Core debug information when remote debug is enabled
706 ImageContext
.ImageAddress
= SecCoreImageBase
;
707 ImageContext
.PdbPointer
= PeCoffLoaderGetPdbPointer ((VOID
*)(UINTN
)ImageContext
.ImageAddress
);
708 PeCoffLoaderRelocateImageExtraAction (&ImageContext
);
711 // Report PEI Core debug information when remote debug is enabled
713 ImageContext
.ImageAddress
= (EFI_PHYSICAL_ADDRESS
)(UINTN
)PeiCoreImageBase
;
714 ImageContext
.PdbPointer
= PeCoffLoaderGetPdbPointer ((VOID
*)(UINTN
)ImageContext
.ImageAddress
);
715 PeCoffLoaderRelocateImageExtraAction (&ImageContext
);
718 // Find PEI Core entry point
720 Status
= PeCoffLoaderGetEntryPoint ((VOID
*)(UINTN
)PeiCoreImageBase
, (VOID
**)PeiCoreEntryPoint
);
721 if (EFI_ERROR (Status
)) {
722 *PeiCoreEntryPoint
= 0;
730 SecCoreStartupWithStack (
731 IN EFI_FIRMWARE_VOLUME_HEADER
*BootFv
,
732 IN VOID
*TopOfCurrentStack
735 EFI_SEC_PEI_HAND_OFF SecCoreData
;
736 SEC_IDT_TABLE IdtTableInStack
;
737 IA32_DESCRIPTOR IdtDescriptor
;
739 volatile UINT8
*Table
;
741 #if defined (TDX_GUEST_SUPPORTED)
742 if (CcProbe () == CcGuestTypeIntelTdx
) {
744 // For Td guests, the memory map info is in TdHobLib. It should be processed
745 // first so that the memory is accepted. Otherwise access to the unaccepted
746 // memory will trigger tripple fault.
748 if (ProcessTdxHobList () != EFI_SUCCESS
) {
756 // To ensure SMM can't be compromised on S3 resume, we must force re-init of
757 // the BaseExtractGuidedSectionLib. Since this is before library contructors
758 // are called, we must use a loop rather than SetMem.
760 Table
= (UINT8
*)(UINTN
)FixedPcdGet64 (PcdGuidedExtractHandlerTableAddress
);
762 Index
< FixedPcdGet32 (PcdGuidedExtractHandlerTableSize
);
769 // Initialize IDT - Since this is before library constructors are called,
770 // we use a loop rather than CopyMem.
772 IdtTableInStack
.PeiService
= NULL
;
774 for (Index
= 0; Index
< SEC_IDT_ENTRY_COUNT
; Index
++) {
776 // Declare the local variables that actually move the data elements as
777 // volatile to prevent the optimizer from replacing this function with
778 // the intrinsic memcpy()
784 Src
= (CONST UINT8
*)&mIdtEntryTemplate
;
785 Dst
= (volatile UINT8
*)&IdtTableInStack
.IdtTable
[Index
];
786 for (Byte
= 0; Byte
< sizeof (mIdtEntryTemplate
); Byte
++) {
787 Dst
[Byte
] = Src
[Byte
];
791 IdtDescriptor
.Base
= (UINTN
)&IdtTableInStack
.IdtTable
;
792 IdtDescriptor
.Limit
= (UINT16
)(sizeof (IdtTableInStack
.IdtTable
) - 1);
794 if (SevEsIsEnabled ()) {
795 SevEsProtocolCheck ();
798 // For SEV-ES guests, the exception handler is needed before calling
799 // ProcessLibraryConstructorList() because some of the library constructors
800 // perform some functions that result in #VC exceptions being generated.
802 // Due to this code executing before library constructors, *all* library
803 // API calls are theoretically interface contract violations. However,
804 // because this is SEC (executing in flash), those constructors cannot
805 // write variables with static storage duration anyway. Furthermore, only
806 // a small, restricted set of APIs, such as AsmWriteIdtr() and
807 // InitializeCpuExceptionHandlers(), are called, where we require that the
808 // underlying library not require constructors to have been invoked and
809 // that the library instance not trigger any #VC exceptions.
811 AsmWriteIdtr (&IdtDescriptor
);
812 InitializeCpuExceptionHandlers (NULL
);
815 ProcessLibraryConstructorList (NULL
, NULL
);
817 if (!SevEsIsEnabled ()) {
819 // For non SEV-ES guests, just load the IDTR.
821 AsmWriteIdtr (&IdtDescriptor
);
824 // Under SEV-ES, the hypervisor can't modify CR0 and so can't enable
825 // caching in order to speed up the boot. Enable caching early for
831 #if defined (TDX_GUEST_SUPPORTED)
832 if (CcProbe () == CcGuestTypeIntelTdx
) {
834 // InitializeCpuExceptionHandlers () should be called in Td guests so that
835 // #VE exceptions can be handled correctly.
837 InitializeCpuExceptionHandlers (NULL
);
844 "SecCoreStartupWithStack(0x%x, 0x%x)\n",
845 (UINT32
)(UINTN
)BootFv
,
846 (UINT32
)(UINTN
)TopOfCurrentStack
850 // Initialize floating point operating environment
851 // to be compliant with UEFI spec.
853 InitializeFloatingPointUnits ();
855 #if defined (MDE_CPU_X64)
857 // ASSERT that the Page Tables were set by the reset vector code to
858 // the address we expect.
860 ASSERT (AsmReadCr3 () == (UINTN
)PcdGet32 (PcdOvmfSecPageTablesBase
));
864 // |-------------| <-- TopOfCurrentStack
868 // |-------------| <-- SecCoreData.TemporaryRamBase
872 (UINTN
)(PcdGet32 (PcdOvmfSecPeiTempRamBase
) +
873 PcdGet32 (PcdOvmfSecPeiTempRamSize
)) ==
874 (UINTN
)TopOfCurrentStack
878 // Initialize SEC hand-off state
880 SecCoreData
.DataSize
= sizeof (EFI_SEC_PEI_HAND_OFF
);
882 SecCoreData
.TemporaryRamSize
= (UINTN
)PcdGet32 (PcdOvmfSecPeiTempRamSize
);
883 SecCoreData
.TemporaryRamBase
= (VOID
*)((UINT8
*)TopOfCurrentStack
- SecCoreData
.TemporaryRamSize
);
885 SecCoreData
.PeiTemporaryRamBase
= SecCoreData
.TemporaryRamBase
;
886 SecCoreData
.PeiTemporaryRamSize
= SecCoreData
.TemporaryRamSize
>> 1;
888 SecCoreData
.StackBase
= (UINT8
*)SecCoreData
.TemporaryRamBase
+ SecCoreData
.PeiTemporaryRamSize
;
889 SecCoreData
.StackSize
= SecCoreData
.TemporaryRamSize
>> 1;
891 SecCoreData
.BootFirmwareVolumeBase
= BootFv
;
892 SecCoreData
.BootFirmwareVolumeSize
= (UINTN
)BootFv
->FvLength
;
895 // Validate the System RAM used in the SEC Phase
897 SecValidateSystemRam ();
900 // Make sure the 8259 is masked before initializing the Debug Agent and the debug timer is enabled
902 IoWrite8 (0x21, 0xff);
903 IoWrite8 (0xA1, 0xff);
906 // Initialize Local APIC Timer hardware and disable Local APIC Timer
907 // interrupts before initializing the Debug Agent and the debug timer is
910 InitializeApicTimer (0, MAX_UINT32
, TRUE
, 5);
911 DisableApicTimerInterrupt ();
914 // Initialize Debug Agent to support source level debug in SEC/PEI phases before memory ready.
916 InitializeDebugAgent (DEBUG_AGENT_INIT_PREMEM_SEC
, &SecCoreData
, SecStartupPhase2
);
920 Caller provided function to be invoked at the end of InitializeDebugAgent().
922 Entry point to the C language phase of SEC. After the SEC assembly
923 code has initialized some temporary memory and set up the stack,
924 the control is transferred to this function.
926 @param[in] Context The first input parameter of InitializeDebugAgent().
935 EFI_SEC_PEI_HAND_OFF
*SecCoreData
;
936 EFI_FIRMWARE_VOLUME_HEADER
*BootFv
;
937 EFI_PEI_CORE_ENTRY_POINT PeiCoreEntryPoint
;
939 SecCoreData
= (EFI_SEC_PEI_HAND_OFF
*)Context
;
942 // Find PEI Core entry point. It will report SEC and Pei Core debug information if remote debug
945 BootFv
= (EFI_FIRMWARE_VOLUME_HEADER
*)SecCoreData
->BootFirmwareVolumeBase
;
946 FindAndReportEntryPoints (&BootFv
, &PeiCoreEntryPoint
);
947 SecCoreData
->BootFirmwareVolumeBase
= BootFv
;
948 SecCoreData
->BootFirmwareVolumeSize
= (UINTN
)BootFv
->FvLength
;
951 // Transfer the control to the PEI core
953 (*PeiCoreEntryPoint
)(SecCoreData
, (EFI_PEI_PPI_DESCRIPTOR
*)&mPrivateDispatchTable
);
956 // If we get here then the PEI Core returned, which is not recoverable.
964 TemporaryRamMigration (
965 IN CONST EFI_PEI_SERVICES
**PeiServices
,
966 IN EFI_PHYSICAL_ADDRESS TemporaryMemoryBase
,
967 IN EFI_PHYSICAL_ADDRESS PermanentMemoryBase
,
971 IA32_DESCRIPTOR IdtDescriptor
;
976 DEBUG_AGENT_CONTEXT_POSTMEM_SEC DebugAgentContext
;
978 BASE_LIBRARY_JUMP_BUFFER JumpBuffer
;
982 "TemporaryRamMigration(0x%Lx, 0x%Lx, 0x%Lx)\n",
988 OldHeap
= (VOID
*)(UINTN
)TemporaryMemoryBase
;
989 NewHeap
= (VOID
*)((UINTN
)PermanentMemoryBase
+ (CopySize
>> 1));
991 OldStack
= (VOID
*)((UINTN
)TemporaryMemoryBase
+ (CopySize
>> 1));
992 NewStack
= (VOID
*)(UINTN
)PermanentMemoryBase
;
994 DebugAgentContext
.HeapMigrateOffset
= (UINTN
)NewHeap
- (UINTN
)OldHeap
;
995 DebugAgentContext
.StackMigrateOffset
= (UINTN
)NewStack
- (UINTN
)OldStack
;
997 OldStatus
= SaveAndSetDebugTimerInterrupt (FALSE
);
998 InitializeDebugAgent (DEBUG_AGENT_INIT_POSTMEM_SEC
, (VOID
*)&DebugAgentContext
, NULL
);
1003 CopyMem (NewHeap
, OldHeap
, CopySize
>> 1);
1008 CopyMem (NewStack
, OldStack
, CopySize
>> 1);
1011 // Rebase IDT table in permanent memory
1013 AsmReadIdtr (&IdtDescriptor
);
1014 IdtDescriptor
.Base
= IdtDescriptor
.Base
- (UINTN
)OldStack
+ (UINTN
)NewStack
;
1016 AsmWriteIdtr (&IdtDescriptor
);
1019 // Use SetJump()/LongJump() to switch to a new stack.
1021 if (SetJump (&JumpBuffer
) == 0) {
1022 #if defined (MDE_CPU_IA32)
1023 JumpBuffer
.Esp
= JumpBuffer
.Esp
+ DebugAgentContext
.StackMigrateOffset
;
1024 JumpBuffer
.Ebp
= JumpBuffer
.Ebp
+ DebugAgentContext
.StackMigrateOffset
;
1026 #if defined (MDE_CPU_X64)
1027 JumpBuffer
.Rsp
= JumpBuffer
.Rsp
+ DebugAgentContext
.StackMigrateOffset
;
1028 JumpBuffer
.Rbp
= JumpBuffer
.Rbp
+ DebugAgentContext
.StackMigrateOffset
;
1030 LongJump (&JumpBuffer
, (UINTN
)-1);
1033 SaveAndSetDebugTimerInterrupt (OldStatus
);