UefiCpuPkg: Add a 16-bit protected mode code segment descriptor

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 A hypervisor is not allowed to update an SEV-ES guests register state, so when booting an SEV-ES guest AP, the hypervisor is not allowed to set the RIP to the guest requested value. Instead, an SEV-ES AP must be transition from 64-bit long mode to 16-bit real mode in response to an INIT-SIPI-SIPI sequence. This requires a 16-bit code segment descriptor. For PEI, create this descriptor in the reset vector GDT table. For DXE, create this descriptor from the newly reserved entry at location 0x28. Cc: Eric Dong <eric.dong@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Eric Dong <eric.dong@intel.com> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
2020-08-12 15:21:42 -05:00
parent 437eb3f7a8
commit 0d7601e546
3 changed files with 15 additions and 6 deletions
--- a/UefiCpuPkg/CpuDxe/CpuGdt.c
+++ b/UefiCpuPkg/CpuDxe/CpuGdt.c
@@ -70,14 +70,14 @@ STATIC GDT_ENTRIES GdtTemplate = {
    0x0,
  },
  //
-  // SPARE4_SEL
+  // SYS_CODE16_SEL
  //
  {
-    0x0,            // limit 15:0
+    0x0FFFF,        // limit 15:0
    0x0,            // base 15:0
    0x0,            // base 23:16
-    0x0,            // type
-    0x0,            // limit 19:16, flags
+    0x09A,          // present, ring 0, code, execute/read
+    0x08F,          // page-granular, 16-bit
    0x0,            // base 31:24
  },
  //