]> git.proxmox.com Git - mirror_edk2.git/blame - MdePkg/Include/Register/Intel/StmApi.h
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
MdePkg: Apply uncrustify changes
[mirror_edk2.git] / MdePkg / Include / Register / Intel / StmApi.h
CommitLineData
e057908f
RN		 1/** @file\r
2 STM API definition\r
3\r
4 Copyright (c) 2015 - 2019, Intel Corporation. All rights reserved.<BR>\r
5 SPDX-License-Identifier: BSD-2-Clause-Patent\r
6\r
7 @par Specification Reference:\r
8 SMI Transfer Monitor (STM) User Guide Revision 1.00\r
9\r
10**/\r
11\r
12#ifndef _INTEL_STM_API_H_\r
13#define _INTEL_STM_API_H_\r
14\r
15#include <Register/Intel/StmStatusCode.h>\r
16#include <Register/Intel/StmResourceDescriptor.h>\r
17#include <Register/Intel/ArchitecturalMsr.h>\r
18\r
19#pragma pack (1)\r
20\r
21/**\r
22 STM Header Structures\r
23**/\r
24\r
25typedef struct {\r
2f88bd3a
MK		 26 UINT32 Intel64ModeSupported : 1; /// > bitfield\r
27 UINT32 EptSupported : 1; /// > bitfield\r
28 UINT32 Reserved : 30; /// > must be 0\r
e057908f
RN		 29} STM_FEAT;\r
30\r
31#define STM_SPEC_VERSION_MAJOR 1\r
32#define STM_SPEC_VERSION_MINOR 0\r
33\r
34typedef struct {\r
2f88bd3a
MK		 35 UINT8 StmSpecVerMajor;\r
36 UINT8 StmSpecVerMinor;\r
e057908f
RN		 37 ///\r
38 /// Must be zero\r
39 ///\r
2f88bd3a
MK		 40 UINT16 Reserved;\r
41 UINT32 StaticImageSize;\r
42 UINT32 PerProcDynamicMemorySize;\r
43 UINT32 AdditionalDynamicMemorySize;\r
44 STM_FEAT StmFeatures;\r
45 UINT32 NumberOfRevIDs;\r
46 UINT32 StmSmmRevID[1];\r
e057908f
RN		 47 ///\r
48 /// The total STM_HEADER should be 4K.\r
49 ///\r
50} SOFTWARE_STM_HEADER;\r
51\r
52typedef struct {\r
2f88bd3a
MK		 53 MSEG_HEADER HwStmHdr;\r
54 SOFTWARE_STM_HEADER SwStmHdr;\r
e057908f
RN		 55} STM_HEADER;\r
56\r
e057908f
RN		 57/**\r
58 VMCALL API Numbers\r
59 API number convention: BIOS facing VMCALL interfaces have bit 16 clear\r
60**/\r
61\r
62/**\r
63 StmMapAddressRange enables a SMM guest to create a non-1:1 virtual to\r
64 physical mapping of an address range into the SMM guest's virtual\r
65 memory space.\r
66\r
67 @param EAX #STM_API_MAP_ADDRESS_RANGE (0x00000001)\r
68 @param EBX Low 32 bits of physical address of caller allocated\r
69 STM_MAP_ADDRESS_RANGE_DESCRIPTOR structure.\r
70 @param ECX High 32 bits of physical address of caller allocated\r
71 STM_MAP_ADDRESS_RANGE_DESCRIPTOR structure. If Intel64Mode is\r
72 clear (0), ECX must be 0.\r
73\r
74 @note All fields of STM_MAP_ADDRESS_RANGE_DESCRIPTOR are inputs only. They\r
75 are not modified by StmMapAddressRange.\r
76\r
77 @retval CF 0\r
78 No error, EAX set to STM_SUCCESS.\r
79 The memory range was mapped as requested.\r
80 @retval CF 1\r
81 An error occurred, EAX holds relevant error value.\r
82 @retval EAX #ERROR_STM_SECURITY_VIOLATION\r
83 The requested mapping contains a protected resource.\r
84 @retval EAX #ERROR_STM_CACHE_TYPE_NOT_SUPPORTED\r
85 The requested cache type could not be satisfied.\r
86 @retval EAX #ERROR_STM_PAGE_NOT_FOUND\r
87 Page count must not be zero.\r
88 @retval EAX #ERROR_STM_FUNCTION_NOT_SUPPORTED\r
89 STM supports EPT and has not implemented StmMapAddressRange().\r
90 @retval EAX #ERROR_STM_UNSPECIFIED\r
91 An unspecified error occurred.\r
92\r
93 @note All other registers unmodified.\r
94**/\r
2f88bd3a 95#define STM_API_MAP_ADDRESS_RANGE 0x00000001\r
e057908f
RN		 96\r
97/**\r
98 STM Map Address Range Descriptor for #STM_API_MAP_ADDRESS_RANGE VMCALL\r
99**/\r
100typedef struct {\r
2f88bd3a
MK		 101 UINT64 PhysicalAddress;\r
102 UINT64 VirtualAddress;\r
103 UINT32 PageCount;\r
104 UINT32 PatCacheType;\r
e057908f
RN		 105} STM_MAP_ADDRESS_RANGE_DESCRIPTOR;\r
106\r
107/**\r
108 Define values for PatCacheType field of #STM_MAP_ADDRESS_RANGE_DESCRIPTOR\r
109 @{\r
110**/\r
111#define STM_MAP_ADDRESS_RANGE_PAT_CACHE_TYPE_ST_UC 0x00\r
112#define STM_MAP_ADDRESS_RANGE_PAT_CACHE_TYPE_WC 0x01\r
113#define STM_MAP_ADDRESS_RANGE_PAT_CACHE_TYPE_WT 0x04\r
114#define STM_MAP_ADDRESS_RANGE_PAT_CACHE_TYPE_WP 0x05\r
115#define STM_MAP_ADDRESS_RANGE_PAT_CACHE_TYPE_WB 0x06\r
116#define STM_MAP_ADDRESS_RANGE_PAT_CACHE_TYPE_UC 0x07\r
117#define STM_MAP_ADDRESS_RANGE_PAT_CACHE_TYPE_FOLLOW_MTRR 0xFFFFFFFF\r
118/// @}\r
119\r
120/**\r
121 StmUnmapAddressRange enables a SMM guest to remove mappings from its page\r
122 table.\r
123\r
124 If TXT_PROCESSOR_SMM_DESCRIPTOR.EptEnabled bit is set by the STM, BIOS can\r
125 control its own page tables. In this case, the STM implementation may\r
126 optionally return ERROR_STM_FUNCTION_NOT_SUPPORTED.\r
127\r
128 @param EAX #STM_API_UNMAP_ADDRESS_RANGE (0x00000002)\r
129 @param EBX Low 32 bits of virtual address of caller allocated\r
130 STM_UNMAP_ADDRESS_RANGE_DESCRIPTOR structure.\r
131 @param ECX High 32 bits of virtual address of caller allocated\r
132 STM_UNMAP_ADDRESS_RANGE_DESCRIPTOR structure. If Intel64Mode is\r
133 clear (0), ECX must be zero.\r
134\r
135 @retval CF 0\r
136 No error, EAX set to STM_SUCCESS. The memory range was unmapped\r
137 as requested.\r
138 @retval CF 1\r
139 An error occurred, EAX holds relevant error value.\r
140 @retval EAX #ERROR_STM_FUNCTION_NOT_SUPPORTED\r
141 STM supports EPT and has not implemented StmUnmapAddressRange().\r
142 @retval EAX #ERROR_STM_UNSPECIFIED\r
143 An unspecified error occurred.\r
144\r
145 @note All other registers unmodified.\r
146**/\r
2f88bd3a 147#define STM_API_UNMAP_ADDRESS_RANGE 0x00000002\r
e057908f
RN		 148\r
149/**\r
150 STM Unmap Address Range Descriptor for #STM_API_UNMAP_ADDRESS_RANGE VMCALL\r
151**/\r
152typedef struct {\r
2f88bd3a
MK		 153 UINT64 VirtualAddress;\r
154 UINT32 Length;\r
e057908f
RN		 155} STM_UNMAP_ADDRESS_RANGE_DESCRIPTOR;\r
156\r
e057908f
RN		 157/**\r
158 Since the normal OS environment runs with a different set of page tables than\r
159 the SMM guest, virtual mappings will certainly be different. In order to do a\r
160 guest virtual to host physical translation of an address from the normal OS\r
161 code (EIP for example), it is necessary to walk the page tables governing the\r
162 OS page mappings. Since the SMM guest has no direct access to the page tables,\r
163 it must ask the STM to do this page table walk. This is supported via the\r
164 StmAddressLookup VMCALL. All OS page table formats need to be supported,\r
165 (e.g. PAE, PSE, Intel64, EPT, etc.)\r
166\r
167 StmAddressLookup takes a CR3 value and a virtual address from the interrupted\r
168 code as input and returns the corresponding physical address. It also\r
169 optionally maps the physical address into the SMM guest's virtual address\r
170 space. This new mapping persists ONLY for the duration of the SMI and if\r
171 needed in subsequent SMIs it must be remapped. PAT cache types follow the\r
172 interrupted environment's page table.\r
173\r
174 If EPT is enabled, OS CR3 only provides guest physical address information,\r
175 but the SMM guest might also need to know the host physical address. Since\r
176 SMM does not have direct access rights to EPT (it is protected by the STM),\r
177 SMM can input InterruptedEptp to let STM help to walk through it, and output\r
178 the host physical address.\r
179\r
180 @param EAX #STM_API_ADDRESS_LOOKUP (0x00000003)\r
181 @param EBX Low 32 bits of virtual address of caller allocated\r
182 STM_ADDRESS_LOOKUP_DESCRIPTOR structure.\r
183 @param ECX High 32 bits of virtual address of caller allocated\r
184 STM_ADDRESS_LOOKUP_DESCRIPTOR structure. If Intel64Mode is\r
185 clear (0), ECX must be zero.\r
186\r
187 @retval CF 0\r
188 No error, EAX set to STM_SUCCESS. PhysicalAddress contains the\r
189 host physical address determined by walking the interrupted SMM\r
190 guest's page tables. SmmGuestVirtualAddress contains the SMM\r
191 guest's virtual mapping of the requested address.\r
192 @retval CF 1\r
193 An error occurred, EAX holds relevant error value.\r
194 @retval EAX #ERROR_STM_SECURITY_VIOLATION\r
195 The requested page was a protected page.\r
196 @retval EAX #ERROR_STM_PAGE_NOT_FOUND\r
197 The requested virtual address did not exist in the page given\r
198 page table.\r
199 @retval EAX #ERROR_STM_BAD_CR3\r
200 The CR3 input was invalid. CR3 values must be from one of the\r
201 interrupted guest, or from the interrupted guest of another\r
202 processor.\r
203 @retval EAX #ERROR_STM_PHYSICAL_OVER_4G\r
204 The resulting physical address is greater than 4G and no virtual\r
205 address was supplied. The STM could not determine what address\r
206 within the SMM guest's virtual address space to do the mapping.\r
207 STM_ADDRESS_LOOKUP_DESCRIPTOR field PhysicalAddress contains the\r
208 physical address determined by walking the interrupted\r
209 environment's page tables.\r
210 @retval EAX #ERROR_STM_VIRTUAL_SPACE_TOO_SMALL\r
211 A specific virtual mapping was requested, but\r
212 SmmGuestVirtualAddress + Length exceeds 4G and the SMI handler\r
213 is running in 32 bit mode.\r
214 @retval EAX #ERROR_STM_UNSPECIFIED\r
215 An unspecified error occurred.\r
216\r
217 @note All other registers unmodified.\r
218**/\r
2f88bd3a 219#define STM_API_ADDRESS_LOOKUP 0x00000003\r
e057908f
RN		 220\r
221/**\r
222 STM Lookup Address Range Descriptor for #STM_API_ADDRESS_LOOKUP VMCALL\r
223**/\r
224typedef struct {\r
2f88bd3a
MK		 225 UINT64 InterruptedGuestVirtualAddress;\r
226 UINT32 Length;\r
227 UINT64 InterruptedCr3;\r
228 UINT64 InterruptedEptp;\r
229 UINT32 MapToSmmGuest : 2;\r
230 UINT32 InterruptedCr4Pae : 1;\r
231 UINT32 InterruptedCr4Pse : 1;\r
232 UINT32 InterruptedIa32eMode : 1;\r
233 UINT32 Reserved1 : 27;\r
234 UINT32 Reserved2;\r
235 UINT64 PhysicalAddress;\r
236 UINT64 SmmGuestVirtualAddress;\r
e057908f
RN		 237} STM_ADDRESS_LOOKUP_DESCRIPTOR;\r
238\r
239/**\r
240 Define values for the MapToSmmGuest field of #STM_ADDRESS_LOOKUP_DESCRIPTOR\r
241 @{\r
242**/\r
243#define STM_ADDRESS_LOOKUP_DESCRIPTOR_DO_NOT_MAP 0\r
244#define STM_ADDRESS_LOOKUP_DESCRIPTOR_ONE_TO_ONE 1\r
245#define STM_ADDRESS_LOOKUP_DESCRIPTOR_VIRTUAL_ADDRESS_SPECIFIED 3\r
246/// @}\r
247\r
e057908f
RN		 248/**\r
249 When returning from a protection exception (see section 6.2), the SMM guest\r
250 can instruct the STM to take one of two paths. It can either request a value\r
251 be logged to the TXT.ERRORCODE register and subsequently reset the machine\r
252 (indicating it couldn't resolve the problem), or it can request that the STM\r
253 resume the SMM guest again with the specified register state.\r
254\r
255 Unlike other VMCALL interfaces, StmReturnFromProtectionException behaves more\r
256 like a jump or an IRET instruction than a "call". It does not return directly\r
257 to the caller, but indirectly to a different location specified on the\r
258 caller's stack (see section 6.2) or not at all.\r
259\r
260 If the SMM guest STM protection exception handler itself causes a protection\r
261 exception (e.g. a single nested exception), or more than 100 un-nested\r
262 exceptions occur within the scope of a single SMI event, the STM must write\r
263 STM_CRASH_PROTECTION_EXCEPTION_FAILURE to the TXT.ERRORCODE register and\r
264 assert TXT.CMD.SYS_RESET. The reason for these restrictions is to simplify\r
265 the code requirements while still enabling a reasonable debugging capability.\r
266\r
267 @param EAX #STM_API_RETURN_FROM_PROTECTION_EXCEPTION (0x00000004)\r
268 @param EBX If 0, resume SMM guest using register state found on exception\r
269 stack. If in range 0x01..0x0F, EBX contains a BIOS error code\r
270 which the STM must record in the TXT.ERRORCODE register and\r
271 subsequently reset the system via TXT.CMD.SYS_RESET. The value\r
272 of the TXT.ERRORCODE register is calculated as follows:\r
273\r
274 TXT.ERRORCODE = (EBX & 0x0F) | STM_CRASH_BIOS_PANIC\r
275\r
276 Values 0x10..0xFFFFFFFF are reserved, do not use.\r
277\r
278**/\r
2f88bd3a 279#define STM_API_RETURN_FROM_PROTECTION_EXCEPTION 0x00000004\r
e057908f
RN		 280\r
281/**\r
282 VMCALL API Numbers\r
283 API number convention: MLE facing VMCALL interfaces have bit 16 set.\r
284\r
285 The STM configuration lifecycle is as follows:\r
286 1. SENTER->SINIT->MLE: MLE begins execution with SMI disabled (masked).\r
287 2. MLE invokes #STM_API_INITIALIZE_PROTECTION VMCALL to prepare STM for\r
288 setup of initial protection profile. This is done on a single CPU and\r
289 has global effect.\r
290 3. MLE invokes #STM_API_PROTECT_RESOURCE VMCALL to define the initial\r
291 protection profile. The protection profile is global across all CPUs.\r
292 4. MLE invokes #STM_API_START VMCALL to enable the STM to begin receiving\r
293 SMI events. This must be done on every logical CPU.\r
294 5. MLE may invoke #STM_API_PROTECT_RESOURCE VMCALL or\r
295 #STM_API_UNPROTECT_RESOURCE VMCALL during runtime as many times as\r
296 necessary.\r
297 6. MLE invokes #STM_API_STOP VMCALL to disable the STM. SMI is again masked\r
298 following #STM_API_STOP VMCALL.\r
299**/\r
300\r
301/**\r
302 StartStmVmcall() is used to configure an STM that is present in MSEG. SMIs\r
303 should remain disabled from the invocation of GETSEC[SENTER] until they are\r
304 re-enabled by StartStmVMCALL(). When StartStmVMCALL() returns, SMI is\r
305 enabled and the STM has been started and is active. Prior to invoking\r
306 StartStmVMCALL(), the MLE root should first invoke\r
307 InitializeProtectionVMCALL() followed by as many iterations of\r
308 ProtectResourceVMCALL() as necessary to establish the initial protection\r
309 profile. StartStmVmcall() must be invoked on all processor threads.\r
310\r
311 @param EAX #STM_API_START (0x00010001)\r
312 @param EDX STM configuration options. These provide the MLE with the\r
313 ability to pass configuration parameters to the STM.\r
314\r
315 @retval CF 0\r
316 No error, EAX set to STM_SUCCESS. The STM has been configured\r
317 and is now active and the guarding all requested resources.\r
318 @retval CF 1\r
319 An error occurred, EAX holds relevant error value.\r
320 @retval EAX #ERROR_STM_ALREADY_STARTED\r
321 The STM is already configured and active. STM remains active and\r
322 guarding previously enabled resource list.\r
323 @retval EAX #ERROR_STM_WITHOUT_SMX_UNSUPPORTED\r
324 The StartStmVMCALL() was invoked from VMX root mode, but outside\r
325 of SMX. This error code indicates the STM or platform does not\r
326 support the STM outside of SMX. The SMI handler remains active\r
327 and operates in legacy mode. See Appendix C\r
328 @retval EAX #ERROR_STM_UNSUPPORTED_MSR_BIT\r
329 The CPU doesn't support the MSR bit. The STM is not active.\r
330 @retval EAX #ERROR_STM_UNSPECIFIED\r
331 An unspecified error occurred.\r
332\r
333 @note All other registers unmodified.\r
334**/\r
2f88bd3a 335#define STM_API_START (BIT16 | 1)\r
e057908f
RN		 336\r
337/**\r
338 Bit values for EDX input parameter to #STM_API_START VMCALL\r
339 @{\r
340**/\r
341#define STM_CONFIG_SMI_UNBLOCKING_BY_VMX_OFF BIT0\r
342/// @}\r
343\r
e057908f
RN		 344/**\r
345 The StopStmVMCALL() is invoked by the MLE to teardown an active STM. This is\r
346 normally done as part of a full teardown of the SMX environment when the\r
347 system is being shut down. At the time the call is invoked, SMI is enabled\r
348 and the STM is active. When the call returns, the STM has been stopped and\r
349 all STM context is discarded and SMI is disabled.\r
350\r
351 @param EAX #STM_API_STOP (0x00010002)\r
352\r
353 @retval CF 0\r
354 No error, EAX set to STM_SUCCESS. The STM has been stopped and\r
355 is no longer processing SMI events. SMI is blocked.\r
356 @retval CF 1\r
357 An error occurred, EAX holds relevant error value.\r
358 @retval EAX #ERROR_STM_STOPPED\r
359 The STM was not active.\r
360 @retval EAX #ERROR_STM_UNSPECIFIED\r
361 An unspecified error occurred.\r
362\r
363 @note All other registers unmodified.\r
364**/\r
2f88bd3a 365#define STM_API_STOP (BIT16 | 2)\r
e057908f
RN		 366\r
367/**\r
368 The ProtectResourceVMCALL() is invoked by the MLE root to request protection\r
369 of specific resources. The request is defined by a STM_RESOURCE_LIST, which\r
370 may contain more than one resource descriptor. Each resource descriptor is\r
371 processed separately by the STM. Whether or not protection for any specific\r
372 resource is granted is returned by the STM via the ReturnStatus bit in the\r
373 associated STM_RSC_DESC_HEADER.\r
374\r
375 @param EAX #STM_API_PROTECT_RESOURCE (0x00010003)\r
376 @param EBX Low 32 bits of physical address of caller allocated\r
377 STM_RESOURCE_LIST. Bits 11:0 are ignored and assumed to be zero,\r
378 making the buffer 4K aligned.\r
379 @param ECX High 32 bits of physical address of caller allocated\r
380 STM_RESOURCE_LIST.\r
381\r
382 @note All fields of STM_RESOURCE_LIST are inputs only, except for the\r
383 ReturnStatus bit. On input, the ReturnStatus bit must be clear. On\r
384 return, the ReturnStatus bit is set for each resource request granted,\r
385 and clear for each resource request denied. There are no other fields\r
386 modified by ProtectResourceVMCALL(). The STM_RESOURCE_LIST must be\r
387 contained entirely within a single 4K page.\r
388\r
389 @retval CF 0\r
390 No error, EAX set to STM_SUCCESS. The STM has successfully\r
391 merged the entire protection request into the active protection\r
392 profile. There is therefore no need to check the ReturnStatus\r
393 bits in the STM_RESOURCE_LIST.\r
394 @retval CF 1\r
395 An error occurred, EAX holds relevant error value.\r
396 @retval EAX #ERROR_STM_UNPROTECTABLE_RESOURCE\r
397 At least one of the requested resource protections intersects a\r
398 BIOS required resource. Therefore, the caller must walk through\r
399 the STM_RESOURCE_LIST to determine which of the requested\r
400 resources was not granted protection. The entire list must be\r
401 traversed since there may be multiple failures.\r
402 @retval EAX #ERROR_STM_MALFORMED_RESOURCE_LIST\r
403 The resource list could not be parsed correctly, or did not\r
404 terminate before crossing a 4K page boundary. The caller must\r
405 walk through the STM_RESOURCE_LIST to determine which of the\r
406 requested resources was not granted protection. The entire list\r
407 must be traversed since there may be multiple failures.\r
408 @retval EAX #ERROR_STM_OUT_OF_RESOURCES\r
409 The STM has encountered an internal error and cannot complete\r
410 the request.\r
411 @retval EAX #ERROR_STM_UNSPECIFIED\r
412 An unspecified error occurred.\r
413\r
414 @note All other registers unmodified.\r
415**/\r
2f88bd3a 416#define STM_API_PROTECT_RESOURCE (BIT16 | 3)\r
e057908f
RN		 417\r
418/**\r
419 The UnProtectResourceVMCALL() is invoked by the MLE root to request that the\r
420 STM allow the SMI handler access to the specified resources.\r
421\r
422 @param EAX #STM_API_UNPROTECT_RESOURCE (0x00010004)\r
423 @param EBX Low 32 bits of physical address of caller allocated\r
424 STM_RESOURCE_LIST. Bits 11:0 are ignored and assumed to be zero,\r
425 making the buffer 4K aligned.\r
426 @param ECX High 32 bits of physical address of caller allocated\r
427 STM_RESOURCE_LIST.\r
428\r
429 @note All fields of STM_RESOURCE_LIST are inputs only, except for the\r
430 ReturnStatus bit. On input, the ReturnStatus bit must be clear. On\r
431 return, the ReturnStatus bit is set for each resource processed. For\r
432 a properly formed STM_RESOURCE_LIST, this should be all resources\r
433 listed. There are no other fields modified by\r
434 UnProtectResourceVMCALL(). The STM_RESOURCE_LIST must be contained\r
435 entirely within a single 4K page.\r
436\r
437 @retval CF 0\r
438 No error, EAX set to STM_SUCCESS. The requested resources are\r
439 not being guarded by the STM.\r
440 @retval CF 1\r
441 An error occurred, EAX holds relevant error value.\r
442 @retval EAX #ERROR_STM_MALFORMED_RESOURCE_LIST\r
443 The resource list could not be parsed correctly, or did not\r
444 terminate before crossing a 4K page boundary. The caller must\r
445 walk through the STM_RESOURCE_LIST to determine which of the\r
446 requested resources were not able to be unprotected. The entire\r
447 list must be traversed since there may be multiple failures.\r
448 @retval EAX #ERROR_STM_UNSPECIFIED\r
449 An unspecified error occurred.\r
450\r
451 @note All other registers unmodified.\r
452**/\r
2f88bd3a 453#define STM_API_UNPROTECT_RESOURCE (BIT16 | 4)\r
e057908f
RN		 454\r
455/**\r
456 The GetBiosResourcesVMCALL() is invoked by the MLE root to request the list\r
457 of BIOS required resources from the STM.\r
458\r
459 @param EAX #STM_API_GET_BIOS_RESOURCES (0x00010005)\r
460 @param EBX Low 32 bits of physical address of caller allocated destination\r
461 buffer. Bits 11:0 are ignored and assumed to be zero, making the\r
462 buffer 4K aligned.\r
463 @param ECX High 32 bits of physical address of caller allocated destination\r
464 buffer.\r
465 @param EDX Indicates which page of the BIOS resource list to copy into the\r
466 destination buffer. The first page is indicated by 0, the second\r
467 page by 1, etc.\r
468\r
469 @retval CF 0\r
470 No error, EAX set to STM_SUCCESS. The destination buffer\r
471 contains the BIOS required resources. If the page retrieved is\r
472 the last page, EDX will be cleared to 0. If there are more pages\r
473 to retrieve, EDX is incremented to the next page index. Calling\r
474 software should iterate on GetBiosResourcesVMCALL() until EDX is\r
475 returned cleared to 0.\r
476 @retval CF 1\r
477 An error occurred, EAX holds relevant error value.\r
478 @retval EAX #ERROR_STM_PAGE_NOT_FOUND\r
479 The page index supplied in EDX input was out of range.\r
480 @retval EAX #ERROR_STM_UNSPECIFIED\r
481 An unspecified error occurred.\r
482 @retval EDX Page index of next page to read. A return of EDX=0 signifies\r
483 that the entire list has been read.\r
484 @note EDX is both an input and an output register.\r
485\r
486 @note All other registers unmodified.\r
487**/\r
2f88bd3a 488#define STM_API_GET_BIOS_RESOURCES (BIT16 | 5)\r
e057908f
RN		 489\r
490/**\r
491 The ManageVmcsDatabaseVMCALL() is invoked by the MLE root to add or remove an\r
492 MLE guest (including the MLE root) from the list of protected domains.\r
493\r
494 @param EAX #STM_API_MANAGE_VMCS_DATABASE (0x00010006)\r
495 @param EBX Low 32 bits of physical address of caller allocated\r
496 STM_VMCS_DATABASE_REQUEST. Bits 11:0 are ignored and assumed to\r
497 be zero, making the buffer 4K aligned.\r
498 @param ECX High 32 bits of physical address of caller allocated\r
499 STM_VMCS_DATABASE_REQUEST.\r
500\r
501 @note All fields of STM_VMCS_DATABASE_REQUEST are inputs only. They are not\r
502 modified by ManageVmcsDatabaseVMCALL().\r
503\r
504 @retval CF 0\r
505 No error, EAX set to STM_SUCCESS.\r
506 @retval CF 1\r
507 An error occurred, EAX holds relevant error value.\r
508 @retval EAX #ERROR_STM_INVALID_VMCS\r
509 Indicates a request to remove a VMCS from the database was made,\r
510 but the referenced VMCS was not found in the database.\r
511 @retval EAX #ERROR_STM_VMCS_PRESENT\r
512 Indicates a request to add a VMCS to the database was made, but\r
513 the referenced VMCS was already present in the database.\r
514 @retval EAX #ERROR_INVALID_PARAMETER\r
515 Indicates non-zero reserved field.\r
516 @retval EAX #ERROR_STM_UNSPECIFIED\r
517 An unspecified error occurred\r
518\r
519 @note All other registers unmodified.\r
520**/\r
2f88bd3a 521#define STM_API_MANAGE_VMCS_DATABASE (BIT16 | 6)\r
e057908f
RN		 522\r
523/**\r
524 STM VMCS Database Request for #STM_API_MANAGE_VMCS_DATABASE VMCALL\r
525**/\r
526typedef struct {\r
527 ///\r
528 /// bits 11:0 are reserved and must be 0\r
529 ///\r
2f88bd3a
MK		 530 UINT64 VmcsPhysPointer;\r
531 UINT32 DomainType : 4;\r
532 UINT32 XStatePolicy : 2;\r
533 UINT32 DegradationPolicy : 4;\r
e057908f
RN		 534 ///\r
535 /// Must be 0\r
536 ///\r
2f88bd3a
MK		 537 UINT32 Reserved1 : 22;\r
538 UINT32 AddOrRemove;\r
e057908f
RN		 539} STM_VMCS_DATABASE_REQUEST;\r
540\r
541/**\r
542 Values for the DomainType field of #STM_VMCS_DATABASE_REQUEST\r
543 @{\r
544**/\r
545#define DOMAIN_UNPROTECTED 0\r
546#define DOMAIN_DISALLOWED_IO_OUT BIT0\r
547#define DOMAIN_DISALLOWED_IO_IN BIT1\r
548#define DOMAIN_INTEGRITY BIT2\r
549#define DOMAIN_CONFIDENTIALITY BIT3\r
550#define DOMAIN_INTEGRITY_PROT_OUT_IN (DOMAIN_INTEGRITY)\r
551#define DOMAIN_FULLY_PROT_OUT_IN (DOMAIN_CONFIDENTIALITY | DOMAIN_INTEGRITY)\r
552#define DOMAIN_FULLY_PROT (DOMAIN_FULLY_PROT_OUT_IN | DOMAIN_DISALLOWED_IO_IN | DOMAIN_DISALLOWED_IO_OUT)\r
553/// @}\r
554\r
555/**\r
556 Values for the XStatePolicy field of #STM_VMCS_DATABASE_REQUEST\r
557 @{\r
558**/\r
559#define XSTATE_READWRITE 0x00\r
560#define XSTATE_READONLY 0x01\r
561#define XSTATE_SCRUB 0x03\r
562/// @}\r
563\r
564/**\r
565 Values for the AddOrRemove field of #STM_VMCS_DATABASE_REQUEST\r
566 @{\r
567**/\r
568#define STM_VMCS_DATABASE_REQUEST_ADD 1\r
569#define STM_VMCS_DATABASE_REQUEST_REMOVE 0\r
570/// @}\r
571\r
e057908f
RN		 572/**\r
573 InitializeProtectionVMCALL() prepares the STM for setup of the initial\r
574 protection profile which is subsequently communicated via one or more\r
575 invocations of ProtectResourceVMCALL(), prior to invoking StartStmVMCALL().\r
576 It is only necessary to invoke InitializeProtectionVMCALL() on one processor\r
577 thread. InitializeProtectionVMCALL() does not alter whether SMIs are masked\r
578 or unmasked. The STM should return back to the MLE with "Blocking by SMI" set\r
579 to 1 in the GUEST_INTERRUPTIBILITY field for the VMCS the STM created for the\r
580 MLE guest.\r
581\r
582 @param EAX #STM_API_INITIALIZE_PROTECTION (0x00010007)\r
583\r
584 @retval CF 0\r
585 No error, EAX set to STM_SUCCESS, EBX bits set to indicate STM\r
586 capabilities as defined below. The STM has set up an empty\r
587 protection profile, except for the resources that it sets up to\r
588 protect itself. The STM must not allow the SMI handler to map\r
589 any pages from the MSEG Base to the top of TSEG. The STM must\r
590 also not allow SMI handler access to those MSRs which the STM\r
591 requires for its own protection.\r
592 @retval CF 1\r
593 An error occurred, EAX holds relevant error value.\r
594 @retval EAX #ERROR_STM_ALREADY_STARTED\r
595 The STM is already configured and active. The STM remains active\r
596 and guarding the previously enabled resource list.\r
597 @retval EAX #ERROR_STM_UNPROTECTABLE\r
598 The STM determines that based on the platform configuration, the\r
599 STM is unable to protect itself. For example, the BIOS required\r
600 resource list contains memory pages in MSEG.\r
601 @retval EAX #ERROR_STM_UNSPECIFIED\r
602 An unspecified error occurred.\r
603\r
604 @note All other registers unmodified.\r
605**/\r
2f88bd3a 606#define STM_API_INITIALIZE_PROTECTION (BIT16 | 7)\r
e057908f
RN		 607\r
608/**\r
609 Byte granular support bits returned in EBX from #STM_API_INITIALIZE_PROTECTION\r
610 @{\r
611**/\r
612#define STM_RSC_BGI BIT1\r
613#define STM_RSC_BGM BIT2\r
614#define STM_RSC_MSR BIT3\r
615/// @}\r
616\r
e057908f
RN		 617/**\r
618 The ManageEventLogVMCALL() is invoked by the MLE root to control the logging\r
619 feature. It consists of several sub-functions to facilitate establishment of\r
620 the log itself, configuring what events will be logged, and functions to\r
621 start, stop, and clear the log.\r
622\r
623 @param EAX #STM_API_MANAGE_EVENT_LOG (0x00010008)\r
624 @param EBX Low 32 bits of physical address of caller allocated\r
625 STM_EVENT_LOG_MANAGEMENT_REQUEST. Bits 11:0 are ignored and\r
626 assumed to be zero, making the buffer 4K aligned.\r
627 @param ECX High 32 bits of physical address of caller allocated\r
628 STM_EVENT_LOG_MANAGEMENT_REQUEST.\r
629\r
630 @retval CF=0\r
631 No error, EAX set to STM_SUCCESS.\r
632 @retval CF=1\r
633 An error occurred, EAX holds relevant error value. See subfunction\r
634 descriptions below for details.\r
635\r
636 @note All other registers unmodified.\r
637**/\r
2f88bd3a 638#define STM_API_MANAGE_EVENT_LOG (BIT16 | 8)\r
e057908f
RN		 639\r
640///\r
641/// STM Event Log Management Request for #STM_API_MANAGE_EVENT_LOG VMCALL\r
642///\r
643typedef struct {\r
2f88bd3a 644 UINT32 SubFunctionIndex;\r
e057908f
RN		 645 union {\r
646 struct {\r
2f88bd3a 647 UINT32 PageCount;\r
e057908f
RN		 648 //\r
649 // number of elements is PageCount\r
650 //\r
2f88bd3a 651 UINT64 Pages[];\r
e057908f
RN		 652 } LogBuffer;\r
653 //\r
654 // bitmap of EVENT_TYPE\r
655 //\r
656 UINT32 EventEnableBitmap;\r
657 } Data;\r
658} STM_EVENT_LOG_MANAGEMENT_REQUEST;\r
659\r
660/**\r
661 Defines values for the SubFunctionIndex field of\r
662 #STM_EVENT_LOG_MANAGEMENT_REQUEST\r
663 @{\r
664**/\r
665#define STM_EVENT_LOG_MANAGEMENT_REQUEST_NEW_LOG 1\r
666#define STM_EVENT_LOG_MANAGEMENT_REQUEST_CONFIGURE_LOG 2\r
667#define STM_EVENT_LOG_MANAGEMENT_REQUEST_START_LOG 3\r
668#define STM_EVENT_LOG_MANAGEMENT_REQUEST_STOP_LOG 4\r
669#define STM_EVENT_LOG_MANAGEMENT_REQUEST_CLEAR_LOG 5\r
670#define STM_EVENT_LOG_MANAGEMENT_REQUEST_DELETE_LOG 6\r
671/// @}\r
672\r
673/**\r
674 Log Entry Header\r
675**/\r
676typedef struct {\r
2f88bd3a
MK		 677 UINT32 EventSerialNumber;\r
678 UINT16 Type;\r
679 UINT16 Lock : 1;\r
680 UINT16 Valid : 1;\r
681 UINT16 ReadByMle : 1;\r
682 UINT16 Wrapped : 1;\r
683 UINT16 Reserved : 12;\r
e057908f
RN		 684} LOG_ENTRY_HEADER;\r
685\r
686/**\r
687 Enum values for the Type field of #LOG_ENTRY_HEADER\r
688**/\r
689typedef enum {\r
690 EvtLogStarted,\r
691 EvtLogStopped,\r
692 EvtLogInvalidParameterDetected,\r
693 EvtHandledProtectionException,\r
694 ///\r
695 /// unhandled protection exceptions result in reset & cannot be logged\r
696 ///\r
697 EvtBiosAccessToUnclaimedResource,\r
698 EvtMleResourceProtectionGranted,\r
699 EvtMleResourceProtectionDenied,\r
700 EvtMleResourceUnprotect,\r
701 EvtMleResourceUnprotectError,\r
702 EvtMleDomainTypeDegraded,\r
703 ///\r
704 /// add more here\r
705 ///\r
706 EvtMleMax,\r
707 ///\r
708 /// Not used\r
709 ///\r
710 EvtInvalid = 0xFFFFFFFF,\r
711} EVENT_TYPE;\r
712\r
713typedef struct {\r
2f88bd3a 714 UINT32 Reserved;\r
e057908f
RN		 715} ENTRY_EVT_LOG_STARTED;\r
716\r
717typedef struct {\r
2f88bd3a 718 UINT32 Reserved;\r
e057908f
RN		 719} ENTRY_EVT_LOG_STOPPED;\r
720\r
721typedef struct {\r
2f88bd3a 722 UINT32 VmcallApiNumber;\r
e057908f
RN		 723} ENTRY_EVT_LOG_INVALID_PARAM;\r
724\r
725typedef struct {\r
2f88bd3a 726 STM_RSC Resource;\r
e057908f
RN		 727} ENTRY_EVT_LOG_HANDLED_PROTECTION_EXCEPTION;\r
728\r
729typedef struct {\r
2f88bd3a 730 STM_RSC Resource;\r
e057908f
RN		 731} ENTRY_EVT_BIOS_ACCESS_UNCLAIMED_RSC;\r
732\r
733typedef struct {\r
2f88bd3a 734 STM_RSC Resource;\r
e057908f
RN		 735} ENTRY_EVT_MLE_RSC_PROT_GRANTED;\r
736\r
737typedef struct {\r
2f88bd3a 738 STM_RSC Resource;\r
e057908f
RN		 739} ENTRY_EVT_MLE_RSC_PROT_DENIED;\r
740\r
741typedef struct {\r
2f88bd3a 742 STM_RSC Resource;\r
e057908f
RN		 743} ENTRY_EVT_MLE_RSC_UNPROT;\r
744\r
745typedef struct {\r
2f88bd3a 746 STM_RSC Resource;\r
e057908f
RN		 747} ENTRY_EVT_MLE_RSC_UNPROT_ERROR;\r
748\r
749typedef struct {\r
2f88bd3a
MK		 750 UINT64 VmcsPhysPointer;\r
751 UINT8 ExpectedDomainType;\r
752 UINT8 DegradedDomainType;\r
e057908f
RN		 753} ENTRY_EVT_MLE_DOMAIN_TYPE_DEGRADED;\r
754\r
755typedef union {\r
2f88bd3a
MK		 756 ENTRY_EVT_LOG_STARTED Started;\r
757 ENTRY_EVT_LOG_STOPPED Stopped;\r
758 ENTRY_EVT_LOG_INVALID_PARAM InvalidParam;\r
759 ENTRY_EVT_LOG_HANDLED_PROTECTION_EXCEPTION HandledProtectionException;\r
760 ENTRY_EVT_BIOS_ACCESS_UNCLAIMED_RSC BiosUnclaimedRsc;\r
761 ENTRY_EVT_MLE_RSC_PROT_GRANTED MleRscProtGranted;\r
762 ENTRY_EVT_MLE_RSC_PROT_DENIED MleRscProtDenied;\r
763 ENTRY_EVT_MLE_RSC_UNPROT MleRscUnprot;\r
764 ENTRY_EVT_MLE_RSC_UNPROT_ERROR MleRscUnprotError;\r
765 ENTRY_EVT_MLE_DOMAIN_TYPE_DEGRADED MleDomainTypeDegraded;\r
e057908f
RN		 766} LOG_ENTRY_DATA;\r
767\r
768typedef struct {\r
2f88bd3a
MK		 769 LOG_ENTRY_HEADER Hdr;\r
770 LOG_ENTRY_DATA Data;\r
e057908f
RN		 771} STM_LOG_ENTRY;\r
772\r
773/**\r
774 Maximum STM Log Entry Size\r
775**/\r
776#define STM_LOG_ENTRY_SIZE 256\r
777\r
e057908f
RN		 778/**\r
779 STM Protection Exception Stack Frame Structures\r
780**/\r
781\r
782typedef struct {\r
2f88bd3a
MK		 783 UINT32 Rdi;\r
784 UINT32 Rsi;\r
785 UINT32 Rbp;\r
786 UINT32 Rdx;\r
787 UINT32 Rcx;\r
788 UINT32 Rbx;\r
789 UINT32 Rax;\r
790 UINT32 Cr3;\r
791 UINT32 Cr2;\r
792 UINT32 Cr0;\r
793 UINT32 VmcsExitInstructionInfo;\r
794 UINT32 VmcsExitInstructionLength;\r
795 UINT64 VmcsExitQualification;\r
e057908f
RN		 796 ///\r
797 /// An TXT_SMM_PROTECTION_EXCEPTION_TYPE num value\r
798 ///\r
2f88bd3a
MK		 799 UINT32 ErrorCode;\r
800 UINT32 Rip;\r
801 UINT32 Cs;\r
802 UINT32 Rflags;\r
803 UINT32 Rsp;\r
804 UINT32 Ss;\r
e057908f
RN		 805} STM_PROTECTION_EXCEPTION_STACK_FRAME_IA32;\r
806\r
807typedef struct {\r
2f88bd3a
MK		 808 UINT64 R15;\r
809 UINT64 R14;\r
810 UINT64 R13;\r
811 UINT64 R12;\r
812 UINT64 R11;\r
813 UINT64 R10;\r
814 UINT64 R9;\r
815 UINT64 R8;\r
816 UINT64 Rdi;\r
817 UINT64 Rsi;\r
818 UINT64 Rbp;\r
819 UINT64 Rdx;\r
820 UINT64 Rcx;\r
821 UINT64 Rbx;\r
822 UINT64 Rax;\r
823 UINT64 Cr8;\r
824 UINT64 Cr3;\r
825 UINT64 Cr2;\r
826 UINT64 Cr0;\r
827 UINT64 VmcsExitInstructionInfo;\r
828 UINT64 VmcsExitInstructionLength;\r
829 UINT64 VmcsExitQualification;\r
e057908f
RN		 830 ///\r
831 /// An TXT_SMM_PROTECTION_EXCEPTION_TYPE num value\r
832 ///\r
2f88bd3a
MK		 833 UINT64 ErrorCode;\r
834 UINT64 Rip;\r
835 UINT64 Cs;\r
836 UINT64 Rflags;\r
837 UINT64 Rsp;\r
838 UINT64 Ss;\r
e057908f
RN		 839} STM_PROTECTION_EXCEPTION_STACK_FRAME_X64;\r
840\r
841typedef union {\r
2f88bd3a
MK		 842 STM_PROTECTION_EXCEPTION_STACK_FRAME_IA32 *Ia32StackFrame;\r
843 STM_PROTECTION_EXCEPTION_STACK_FRAME_X64 *X64StackFrame;\r
e057908f
RN		 844} STM_PROTECTION_EXCEPTION_STACK_FRAME;\r
845\r
846/**\r
847 Enum values for the ErrorCode field in\r
848 #STM_PROTECTION_EXCEPTION_STACK_FRAME_IA32 and\r
849 #STM_PROTECTION_EXCEPTION_STACK_FRAME_X64\r
850**/\r
851typedef enum {\r
852 TxtSmmPageViolation = 1,\r
853 TxtSmmMsrViolation,\r
854 TxtSmmRegisterViolation,\r
855 TxtSmmIoViolation,\r
856 TxtSmmPciViolation\r
857} TXT_SMM_PROTECTION_EXCEPTION_TYPE;\r
858\r
859/**\r
860 TXT Pocessor SMM Descriptor (PSD) structures\r
861**/\r
862\r
863typedef struct {\r
2f88bd3a
MK		 864 UINT64 SpeRip;\r
865 UINT64 SpeRsp;\r
866 UINT16 SpeSs;\r
867 UINT16 PageViolationException : 1;\r
868 UINT16 MsrViolationException : 1;\r
869 UINT16 RegisterViolationException : 1;\r
870 UINT16 IoViolationException : 1;\r
871 UINT16 PciViolationException : 1;\r
872 UINT16 Reserved1 : 11;\r
873 UINT32 Reserved2;\r
e057908f
RN		 874} STM_PROTECTION_EXCEPTION_HANDLER;\r
875\r
876typedef struct {\r
2f88bd3a
MK		 877 UINT8 ExecutionDisableOutsideSmrr : 1;\r
878 UINT8 Intel64Mode : 1;\r
879 UINT8 Cr4Pae : 1;\r
880 UINT8 Cr4Pse : 1;\r
881 UINT8 Reserved1 : 4;\r
e057908f
RN		 882} STM_SMM_ENTRY_STATE;\r
883\r
884typedef struct {\r
2f88bd3a
MK		 885 UINT8 SmramToVmcsRestoreRequired : 1; /// > BIOS restore hint\r
886 UINT8 ReinitializeVmcsRequired : 1; /// > BIOS request\r
887 UINT8 Reserved2 : 6;\r
e057908f
RN		 888} STM_SMM_RESUME_STATE;\r
889\r
890typedef struct {\r
2f88bd3a
MK		 891 UINT8 DomainType : 4; /// > STM input to BIOS on each SMI\r
892 UINT8 XStatePolicy : 2; /// > STM input to BIOS on each SMI\r
893 UINT8 EptEnabled : 1;\r
894 UINT8 Reserved3 : 1;\r
e057908f
RN		 895} STM_SMM_STATE;\r
896\r
897#define TXT_SMM_PSD_OFFSET 0xfb00\r
898#define TXT_PROCESSOR_SMM_DESCRIPTOR_SIGNATURE SIGNATURE_64('T', 'X', 'T', 'P', 'S', 'S', 'I', 'G')\r
899#define TXT_PROCESSOR_SMM_DESCRIPTOR_VERSION_MAJOR 1\r
900#define TXT_PROCESSOR_SMM_DESCRIPTOR_VERSION_MINOR 0\r
901\r
902typedef struct {\r
2f88bd3a
MK		 903 UINT64 Signature;\r
904 UINT16 Size;\r
905 UINT8 SmmDescriptorVerMajor;\r
906 UINT8 SmmDescriptorVerMinor;\r
907 UINT32 LocalApicId;\r
908 STM_SMM_ENTRY_STATE SmmEntryState;\r
909 STM_SMM_RESUME_STATE SmmResumeState;\r
910 STM_SMM_STATE StmSmmState;\r
911 UINT8 Reserved4;\r
912 UINT16 SmmCs;\r
913 UINT16 SmmDs;\r
914 UINT16 SmmSs;\r
915 UINT16 SmmOtherSegment;\r
916 UINT16 SmmTr;\r
917 UINT16 Reserved5;\r
918 UINT64 SmmCr3;\r
919 UINT64 SmmStmSetupRip;\r
920 UINT64 SmmStmTeardownRip;\r
921 UINT64 SmmSmiHandlerRip;\r
922 UINT64 SmmSmiHandlerRsp;\r
923 UINT64 SmmGdtPtr;\r
924 UINT32 SmmGdtSize;\r
925 UINT32 RequiredStmSmmRevId;\r
926 STM_PROTECTION_EXCEPTION_HANDLER StmProtectionExceptionHandler;\r
927 UINT64 Reserved6;\r
928 UINT64 BiosHwResourceRequirementsPtr;\r
e057908f 929 // extend area\r
2f88bd3a
MK		 930 UINT64 AcpiRsdp;\r
931 UINT8 PhysicalAddressBits;\r
e057908f
RN		 932} TXT_PROCESSOR_SMM_DESCRIPTOR;\r
933\r
934#pragma pack ()\r
935\r
936#endif\r
EFI Development Kit II mirror for PVE