x86/tdx: Provide common base for SEAMCALL and TDCALL C wrappersSecure Arbitration Mode (SEAM) is an extension of VMX architecture. Itdefines a new VMX root operation (SEAM VMX root) and a new VMX
x86/tdx: Provide common base for SEAMCALL and TDCALL C wrappersSecure Arbitration Mode (SEAM) is an extension of VMX architecture. Itdefines a new VMX root operation (SEAM VMX root) and a new VMX non-rootoperation (SEAM VMX non-root) which are both isolated from the legacyVMX operation where the host kernel runs.A CPU-attested software module (called 'TDX module') runs in SEAM VMXroot to manage and protect VMs running in SEAM VMX non-root. SEAM VMXroot is also used to host another CPU-attested software module (called'P-SEAMLDR') to load and update the TDX module.Host kernel transits to either P-SEAMLDR or TDX module via the newSEAMCALL instruction, which is essentially a VMExit from VMX root modeto SEAM VMX root mode. SEAMCALLs are leaf functions defined byP-SEAMLDR and TDX module around the new SEAMCALL instruction.A guest kernel can also communicate with TDX module via TDCALLinstruction.TDCALLs and SEAMCALLs use an ABI different from the x86-64 system-v ABI.RAX is used to carry both the SEAMCALL leaf function number (input) andthe completion status (output). Additional GPRs (RCX, RDX, R8-R11) maybe further used as both input and output operands in individual leaf.TDCALL and SEAMCALL share the same ABI and require the largely samecode to pass down arguments and retrieve results.Define an assembly macro that can be used to implement C wrapper forboth TDCALL and SEAMCALL.Suggested-by: Thomas Gleixner <tglx@linutronix.de>Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com>Reviewed-by: Thomas Gleixner <tglx@linutronix.de>Link: https://lkml.kernel.org/r/20220405232939.73860-3-kirill.shutemov@linux.intel.com
show more ...