File tboot-Unmask-NMI-after-returning-from-SINIT.patch of Package tboot.18210
From dd6f88f7d336504dd9d01f79be9b99624a736052 Mon Sep 17 00:00:00 2001
From: Lukasz Hawrylko <lukasz.hawrylko@intel.com>
Date: Thu, 25 Jun 2020 10:13:14 +0200
Subject: [PATCH] Unmask NMI# after returning from SINIT
One of the effect of GETSEC[SENTER] instruction is masking both SMI# and NMI#
interrupts. TBOOT unblocks SMI# by calling GETSEC[SMCTRL], however NMI# remains
masked till first OS ISR execution.
This patch adds NMI# unmasking by calling IRET instruction together with
GETSEC[SMCTRL] to not depend on OS ISR.
Signed-off-by: Lukasz Hawrylko <lukasz.hawrylko@intel.com>
---
tboot/common/boot.S | 7 +++++++
tboot/txt/txt.c | 10 +++++++---
2 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/tboot/common/boot.S b/tboot/common/boot.S
index df910e8..ff600e4 100644
--- a/tboot/common/boot.S
+++ b/tboot/common/boot.S
@@ -200,6 +200,13 @@ ENTRY(__start)
call begin_launch
ud2
+ENTRY(__enable_nmi)
+ pushf
+ push %cs
+ push $(1f)
+ iret
+1: ret
+
/*
* vmexit handler
*/
diff --git a/tboot/txt/txt.c b/tboot/txt/txt.c
index 2afd81a..2dc5aed 100644
--- a/tboot/txt/txt.c
+++ b/tboot/txt/txt.c
@@ -91,6 +91,8 @@ extern void print_event(const tpm12_pcr_event_t *evt);
extern void print_event_2(void *evt, uint16_t alg);
extern uint32_t print_event_2_1(void *evt);
+extern void __enable_nmi(void);
+
/*
* this is the structure whose addr we'll put in TXT heap
* it needs to be within the MLE pages, so force it to the .text section
@@ -739,8 +741,9 @@ static void txt_wakeup_cpus(void)
/* enable SMIs on BSP before waking APs (which will enable them on APs)
because some SMM may take immediate SMI and hang if AP gets in first */
- printk(TBOOT_DETA"enabling SMIs on BSP\n");
+ printk(TBOOT_DETA"enabling SMIs and NMI on BSP\n");
__getsec_smctrl();
+ __enable_nmi();
atomic_set(&ap_wfs_count, 0);
@@ -1189,9 +1192,10 @@ void txt_cpu_wakeup(void)
if ( !verify_stm(cpuid) )
apply_policy(TB_ERR_POST_LAUNCH_VERIFICATION);
- /* enable SMIs */
- printk(TBOOT_DETA"enabling SMIs on cpu %u\n", cpuid);
+ /* enable SMIs and NMI */
+ printk(TBOOT_DETA"enabling SMIs and NMI on cpu %u\n", cpuid);
__getsec_smctrl();
+ __enable_nmi();
atomic_inc(&ap_wfs_count);
if ( use_mwait() )
--
2.26.2