tdx_guest/
lib.rs

1// SPDX-License-Identifier: BSD-3-Clause
2// Copyright(c) 2023-2024 Intel Corporation.
3
4#![cfg_attr(not(test), no_std)]
5#![allow(dead_code)]
6#![allow(unused_variables)]
7
8extern crate alloc;
9
10mod asm;
11pub mod tdcall;
12pub mod tdvmcall;
13mod ve;
14
15use core::sync::atomic::{AtomicBool, Ordering::Relaxed};
16
17use raw_cpuid::{native_cpuid::cpuid_count, CpuIdResult};
18use tdcall::{InitError, TdgVpInfo};
19use ve::{handle_io, handle_mmio};
20
21pub use self::{
22    tdcall::{get_veinfo, TdgVeInfo, TdxVirtualExceptionType},
23    tdvmcall::{cpuid, hlt, print, rdmsr, wrmsr},
24};
25
26pub const SHARED_BIT: u8 = 51;
27pub const SHARED_MASK: u64 = 1u64 << SHARED_BIT;
28
29static TDX_ENABLED: AtomicBool = AtomicBool::new(false);
30
31pub type TdxGpa = usize;
32
33pub trait TdxTrapFrame {
34    fn rax(&self) -> usize;
35    fn set_rax(&mut self, rax: usize);
36    fn rbx(&self) -> usize;
37    fn set_rbx(&mut self, rbx: usize);
38    fn rcx(&self) -> usize;
39    fn set_rcx(&mut self, rcx: usize);
40    fn rdx(&self) -> usize;
41    fn set_rdx(&mut self, rdx: usize);
42    fn rsi(&self) -> usize;
43    fn set_rsi(&mut self, rsi: usize);
44    fn rdi(&self) -> usize;
45    fn set_rdi(&mut self, rdi: usize);
46    fn rip(&self) -> usize;
47    fn set_rip(&mut self, rip: usize);
48    fn r8(&self) -> usize;
49    fn set_r8(&mut self, r8: usize);
50    fn r9(&self) -> usize;
51    fn set_r9(&mut self, r9: usize);
52    fn r10(&self) -> usize;
53    fn set_r10(&mut self, r10: usize);
54    fn r11(&self) -> usize;
55    fn set_r11(&mut self, r11: usize);
56    fn r12(&self) -> usize;
57    fn set_r12(&mut self, r12: usize);
58    fn r13(&self) -> usize;
59    fn set_r13(&mut self, r13: usize);
60    fn r14(&self) -> usize;
61    fn set_r14(&mut self, r14: usize);
62    fn r15(&self) -> usize;
63    fn set_r15(&mut self, r15: usize);
64    fn rbp(&self) -> usize;
65    fn set_rbp(&mut self, rbp: usize);
66}
67
68#[inline(always)]
69pub fn tdx_is_enabled() -> bool {
70    TDX_ENABLED.load(Relaxed)
71}
72
73pub fn init_tdx() -> Result<TdgVpInfo, InitError> {
74    check_tdx_guest()?;
75    TDX_ENABLED.store(true, Relaxed);
76    Ok(tdcall::get_tdinfo()?)
77}
78
79fn check_tdx_guest() -> Result<(), InitError> {
80    const TDX_CPUID_LEAF_ID: u64 = 0x21;
81    let cpuid_leaf = cpuid_count(0, 0).eax as u64;
82    if cpuid_leaf < TDX_CPUID_LEAF_ID {
83        return Err(InitError::TdxCpuLeafIdError);
84    }
85    let cpuid_result: CpuIdResult = cpuid_count(TDX_CPUID_LEAF_ID as u32, 0);
86    if &cpuid_result.ebx.to_ne_bytes() != b"Inte"
87        || &cpuid_result.edx.to_ne_bytes() != b"lTDX"
88        || &cpuid_result.ecx.to_ne_bytes() != b"    "
89    {
90        return Err(InitError::TdxVendorIdError);
91    }
92    Ok(())
93}
94
95pub fn handle_virtual_exception(trapframe: &mut dyn TdxTrapFrame, ve_info: &TdgVeInfo) {
96    let mut instr_len = ve_info.exit_instruction_length;
97    match ve_info.exit_reason.into() {
98        TdxVirtualExceptionType::Hlt => {
99            hlt();
100        }
101        TdxVirtualExceptionType::Io => {
102            if !handle_io(trapframe, ve_info) {
103                serial_println!("Handle tdx ioexit errors, ready to halt");
104                hlt();
105            }
106        }
107        TdxVirtualExceptionType::MsrRead => {
108            let msr = unsafe { rdmsr(trapframe.rcx() as u32).unwrap() };
109            trapframe.set_rax((msr as u32 & u32::MAX) as usize);
110            trapframe.set_rdx(((msr >> 32) as u32 & u32::MAX) as usize);
111        }
112        TdxVirtualExceptionType::MsrWrite => {
113            let data = trapframe.rax() as u64 | ((trapframe.rdx() as u64) << 32);
114            unsafe { wrmsr(trapframe.rcx() as u32, data).unwrap() };
115        }
116        TdxVirtualExceptionType::CpuId => {
117            let cpuid_info = cpuid(trapframe.rax() as u32, trapframe.rcx() as u32).unwrap();
118            let mask = 0xFFFF_FFFF_0000_0000_usize;
119            trapframe.set_rax((trapframe.rax() & mask) | cpuid_info.eax);
120            trapframe.set_rbx((trapframe.rbx() & mask) | cpuid_info.ebx);
121            trapframe.set_rcx((trapframe.rcx() & mask) | cpuid_info.ecx);
122            trapframe.set_rdx((trapframe.rdx() & mask) | cpuid_info.edx);
123        }
124        TdxVirtualExceptionType::EptViolation => {
125            if is_protected_gpa(ve_info.guest_physical_address as TdxGpa) {
126                serial_println!("Unexpected EPT-violation on private memory");
127                hlt();
128            }
129            instr_len = handle_mmio(trapframe, ve_info).unwrap() as u32;
130        }
131        TdxVirtualExceptionType::Other => {
132            serial_println!("Unknown TDX vitrual exception type");
133            hlt();
134        }
135        _ => return,
136    }
137    trapframe.set_rip(trapframe.rip() + instr_len as usize);
138}
139
140pub(crate) fn is_protected_gpa(gpa: TdxGpa) -> bool {
141    (gpa as u64 & SHARED_MASK) == 0
142}
tdx_guest/lib.rs

tdx_guest/
lib.rs
