#include <Uefi.h>
#include <Uefi/UefiBaseType.h>
#include <Library/CpuLib.h>
#include <Library/BaseLib.h>
#include <Library/DebugLib.h>
#include <Library/MemEncryptTdxLib.h>
#include "VirtualMemory.h"
#include <IndustryStandard/Tdx.h>
#include <Library/TdxLib.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Protocol/MemoryAccept.h>
#include <ConfidentialComputingGuestAttr.h>

Macros
#define	MAX_RETRIES_PER_PAGE 3

Enumerations
enum	TDX_PAGETABLE_MODE { SetSharedBit , ClearSharedBit }

Functions
BOOLEAN EFIAPI	MemEncryptTdxIsEnabled (VOID)

STATIC UINT64	GetMemEncryptionAddressMask (VOID)

STATIC BOOLEAN	InitializePageTablePool (IN UINTN PoolPages)

STATIC VOID *EFIAPI	AllocatePageTableMemory (IN UINTN Pages)

STATIC VOID	Split2MPageTo4K (IN PHYSICAL_ADDRESS PhysicalAddress, IN OUT UINT64 *PageEntry2M, IN PHYSICAL_ADDRESS StackBase, IN UINTN StackSize, IN UINT64 AddressEncMask)

STATIC VOID	SetPageTablePoolReadOnly (IN UINTN PageTableBase, IN EFI_PHYSICAL_ADDRESS Address, IN BOOLEAN Level4Paging)

STATIC VOID	EnablePageTableProtection (IN UINTN PageTableBase, IN BOOLEAN Level4Paging)

STATIC VOID	Split1GPageTo2M (IN PHYSICAL_ADDRESS PhysicalAddress, IN OUT UINT64 *PageEntry1G, IN PHYSICAL_ADDRESS StackBase, IN UINTN StackSize)

STATIC EFI_STATUS	SetOrClearSharedBit (IN OUT UINT64 *PageTablePointer, IN TDX_PAGETABLE_MODE Mode, IN PHYSICAL_ADDRESS PhysicalAddress, IN UINT64 Length)

STATIC BOOLEAN	IsReadOnlyPageWriteProtected (VOID)

STATIC VOID	DisableReadOnlyPageWriteProtect (VOID)

VOID	EnableReadOnlyPageWriteProtect (VOID)

STATIC RETURN_STATUS EFIAPI	SetMemorySharedOrPrivate (IN PHYSICAL_ADDRESS Cr3BaseAddress, IN PHYSICAL_ADDRESS PhysicalAddress, IN UINTN Length, IN TDX_PAGETABLE_MODE Mode)

RETURN_STATUS EFIAPI	MemEncryptTdxSetPageSharedBit (IN PHYSICAL_ADDRESS Cr3BaseAddress, IN PHYSICAL_ADDRESS BaseAddress, IN UINTN NumPages)

RETURN_STATUS EFIAPI	MemEncryptTdxClearPageSharedBit (IN PHYSICAL_ADDRESS Cr3BaseAddress, IN PHYSICAL_ADDRESS BaseAddress, IN UINTN NumPages)

Variables
STATIC PAGE_TABLE_POOL *	mPageTablePool = NULL

Detailed Description

Virtual Memory Management Services to set or clear the memory encryption.

SPDX-License-Identifier: BSD-2-Clause-Patent

Code is derived from MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c

Note: There a lot of duplicated codes for Page Table operations. These codes should be moved to a common library (PageTablesLib) so that it is more friendly for review and maintain. There is a new feature requirement https://bugzilla.tianocore.org/show_bug.cgi?id=847 which is to implement the library. After the lib is introduced, this file will be refactored.

Definition in file MemoryEncryption.c.

Macro Definition Documentation

◆ MAX_RETRIES_PER_PAGE

#define MAX_RETRIES_PER_PAGE 3

Definition at line 41 of file MemoryEncryption.c.

Enumeration Type Documentation

◆ TDX_PAGETABLE_MODE

enum TDX_PAGETABLE_MODE

Definition at line 34 of file MemoryEncryption.c.

Function Documentation

◆ AllocatePageTableMemory()

STATIC VOID *EFIAPI AllocatePageTableMemory ( IN UINTN Pages )

This API provides a way to allocate memory for page table.

This API can be called more than once to allocate memory for page tables.

Allocates the number of 4KB pages and returns a pointer to the allocated buffer. The buffer returned is aligned on a 4KB boundary.

If Pages is 0, then NULL is returned. If there is not enough memory remaining to satisfy the request, then NULL is returned.

Parameters

Pages The number of 4 KB pages to allocate.

Returns: A pointer to the allocated buffer or NULL if allocation fails.

Definition at line 155 of file MemoryEncryption.c.

◆ DisableReadOnlyPageWriteProtect()

STATIC VOID DisableReadOnlyPageWriteProtect ( VOID )

Disable Write Protect on pages marked as read-only.

Definition at line 643 of file MemoryEncryption.c.

◆ EnablePageTableProtection()

STATIC VOID EnablePageTableProtection	(	IN UINTN	PageTableBase,
		IN BOOLEAN	Level4Paging
	)

Prevent the memory pages used for page table from been overwritten.

Parameters

[in]	PageTableBase	Base address of page table (CR3).
[in]	Level4Paging	Level 4 paging flag.

Definition at line 398 of file MemoryEncryption.c.

◆ EnableReadOnlyPageWriteProtect()

VOID EnableReadOnlyPageWriteProtect ( VOID )

Enable Write Protect on pages marked as read-only.

Definition at line 654 of file MemoryEncryption.c.

◆ GetMemEncryptionAddressMask()

STATIC UINT64 GetMemEncryptionAddressMask ( VOID )

Get the memory encryption mask

Parameters

[out] EncryptionMask contains the pte mask.

Definition at line 68 of file MemoryEncryption.c.

◆ InitializePageTablePool()

STATIC BOOLEAN InitializePageTablePool ( IN UINTN PoolPages )

Initialize a buffer pool for page table use only.

To reduce the potential split operation on page table, the pages reserved for page table should be allocated in the times of PAGE_TABLE_POOL_UNIT_PAGES and at the boundary of PAGE_TABLE_POOL_ALIGNMENT. So the page pool is always initialized with number of pages greater than or equal to the given PoolPages.

Once the pages in the pool are used up, this method should be called again to reserve at least another PAGE_TABLE_POOL_UNIT_PAGES. Usually this won't happen often in practice.

Parameters

[in] PoolPages The least page number of the pool to be created.

Return values

TRUE	The pool is initialized successfully.
FALSE	The memory is out of resource.

Definition at line 95 of file MemoryEncryption.c.

◆ IsReadOnlyPageWriteProtected()

STATIC BOOLEAN IsReadOnlyPageWriteProtected ( VOID )

Check the WP status in CR0 register. This bit is used to lock or unlock write access to pages marked as read-only.

Return values

TRUE	Write protection is enabled.
FALSE	Write protection is disabled.

Definition at line 631 of file MemoryEncryption.c.

◆ MemEncryptTdxClearPageSharedBit()

RETURN_STATUS EFIAPI MemEncryptTdxClearPageSharedBit	(	IN PHYSICAL_ADDRESS	Cr3BaseAddress,
		IN PHYSICAL_ADDRESS	BaseAddress,
		IN UINTN	NumPages
	)

This function sets memory shared bit for the memory region specified by BaseAddress and NumPages from the current page table context.

Parameters

[in]	Cr3BaseAddress	Cr3 Base Address (if zero then use current CR3)
[in]	BaseAddress	The physical address that is the start address of a memory region.
[in]	NumPages	The number of pages from start memory region.

Return values

RETURN_SUCCESS	The attributes were set for the memory region.
RETURN_INVALID_PARAMETER	Number of pages is zero.
RETURN_UNSUPPORTED	Setting the memory encryption attribute is not supported

Definition at line 1013 of file MemoryEncryption.c.

◆ MemEncryptTdxIsEnabled()

BOOLEAN EFIAPI MemEncryptTdxIsEnabled ( VOID )

Returns boolean to indicate whether to indicate which, if any, memory encryption is enabled

Parameters

[in] Type Bitmask of encryption technologies to check is enabled

Return values

TRUE	The encryption type(s) are enabled
FALSE	The encryption type(s) are not enabled

Definition at line 53 of file MemoryEncryption.c.

◆ MemEncryptTdxSetPageSharedBit()

RETURN_STATUS EFIAPI MemEncryptTdxSetPageSharedBit	(	IN PHYSICAL_ADDRESS	Cr3BaseAddress,
		IN PHYSICAL_ADDRESS	BaseAddress,
		IN UINTN	NumPages
	)

This function clears memory shared bit for the memory region specified by BaseAddress and NumPages from the current page table context.

Parameters

[in]	Cr3BaseAddress	Cr3 Base Address (if zero then use current CR3)
[in]	BaseAddress	The physical address that is the start address of a memory region.
[in]	NumPages	The number of pages from start memory region.

Return values

RETURN_SUCCESS	The attributes were cleared for the memory region.
RETURN_INVALID_PARAMETER	Number of pages is zero.
RETURN_UNSUPPORTED	Clearing the memory encryption attribute is not supported

Definition at line 980 of file MemoryEncryption.c.

◆ SetMemorySharedOrPrivate()

STATIC RETURN_STATUS EFIAPI SetMemorySharedOrPrivate	(	IN PHYSICAL_ADDRESS	Cr3BaseAddress,
		IN PHYSICAL_ADDRESS	PhysicalAddress,
		IN UINTN	Length,
		IN TDX_PAGETABLE_MODE	Mode
	)

This function either sets or clears memory encryption for the memory region specified by PhysicalAddress and Length from the current page table context.

The function iterates through the PhysicalAddress one page at a time, and set or clears the memory encryption in the page table. If it encounters that a given physical address range is part of large page then it attempts to change the attribute at one go (based on size), otherwise it splits the large pages into smaller (e.g 2M page into 4K pages) and then try to set or clear the shared bit on the smallest page size.

Parameters

[in]	Cr3BaseAddress	Cr3 Base Address (if zero then use current CR3)
[in]	PhysicalAddress	The physical address that is the start address of a memory region.
[in]	Length	The length of memory region
[in]	Mode	Set or Clear mode

Return values

RETURN_SUCCESS	The attributes were cleared for the memory region.
RETURN_INVALID_PARAMETER	Number of pages is zero.
RETURN_UNSUPPORTED	Setting the memory encyrption attribute is not supported

Definition at line 689 of file MemoryEncryption.c.

◆ SetOrClearSharedBit()

STATIC EFI_STATUS SetOrClearSharedBit	(	IN OUT UINT64 *	PageTablePointer,
		IN TDX_PAGETABLE_MODE	Mode,
		IN PHYSICAL_ADDRESS	PhysicalAddress,
		IN UINT64	Length
	)

Set or Clear the memory shared bit

Parameters

[in]	PagetablePoint	Page table entry pointer (PTE).
[in]	Mode	Set or Clear shared bit

Return values

EFI_SUCCESS	Successfully set or clear the memory shared bit
Others	Other error as indicated

Definition at line 520 of file MemoryEncryption.c.

◆ SetPageTablePoolReadOnly()

STATIC VOID SetPageTablePoolReadOnly	(	IN UINTN	PageTableBase,
		IN EFI_PHYSICAL_ADDRESS	Address,
		IN BOOLEAN	Level4Paging
	)

Set one page of page table pool memory to be read-only.

Parameters

[in]	PageTableBase	Base address of page table (CR3).
[in]	Address	Start address of a page to be set as read-only.
[in]	Level4Paging	Level 4 paging flag.

Definition at line 266 of file MemoryEncryption.c.

◆ Split1GPageTo2M()

STATIC VOID Split1GPageTo2M	(	IN PHYSICAL_ADDRESS	PhysicalAddress,
		IN OUT UINT64 *	PageEntry1G,
		IN PHYSICAL_ADDRESS	StackBase,
		IN UINTN	StackSize
	)

Split 1G page to 2M.

Parameters

[in]	PhysicalAddress	Start physical address the 1G page covered.
[in,out]	PageEntry1G	Pointer to 1G page entry.
[in]	StackBase	Stack base address.
[in]	StackSize	Stack size.

Definition at line 449 of file MemoryEncryption.c.

◆ Split2MPageTo4K()

STATIC VOID Split2MPageTo4K	(	IN PHYSICAL_ADDRESS	PhysicalAddress,
		IN OUT UINT64 *	PageEntry2M,
		IN PHYSICAL_ADDRESS	StackBase,
		IN UINTN	StackSize,
		IN UINT64	AddressEncMask
	)

Split 2M page to 4K.

Parameters

[in]	PhysicalAddress	Start physical address the 2M page covered.
[in,out]	PageEntry2M	Pointer to 2M page entry.
[in]	StackBase	Stack base address.
[in]	StackSize	Stack size.

Definition at line 205 of file MemoryEncryption.c.

Variable Documentation

◆ mPageTablePool

STATIC PAGE_TABLE_POOL* mPageTablePool = NULL

Definition at line 39 of file MemoryEncryption.c.

Macros

Enumerations

Functions

Variables

Detailed Description

Macro Definition Documentation

◆ MAX_RETRIES_PER_PAGE

Enumeration Type Documentation

◆ TDX_PAGETABLE_MODE

Function Documentation

◆ AllocatePageTableMemory()

◆ DisableReadOnlyPageWriteProtect()

◆ EnablePageTableProtection()

◆ EnableReadOnlyPageWriteProtect()

◆ GetMemEncryptionAddressMask()

◆ InitializePageTablePool()

◆ IsReadOnlyPageWriteProtected()

◆ MemEncryptTdxClearPageSharedBit()

◆ MemEncryptTdxIsEnabled()

◆ MemEncryptTdxSetPageSharedBit()

◆ SetMemorySharedOrPrivate()

◆ SetOrClearSharedBit()

◆ SetPageTablePoolReadOnly()

◆ Split1GPageTo2M()

◆ Split2MPageTo4K()

Variable Documentation

◆ mPageTablePool