Series consists of 2 parts: 1st is lockable SMRAM at SMBASE and the 2nd adds means to enumerate APIC IDs for possible CPUs.
1st part [1-2/8]: In order to support CPU hotplug in secure boot mode, UEFI firmware needs to relocate SMI handler of hotplugged CPU, in a way that won't allow ring 0 user to break in priveleged SMM mode that firmware maintains during runtime. Used approach allows to hide RAM at default SMBASE to make it accessible only to SMM mode, which lets us to make sure that SMI handler installed by firmware can not be hijacked by unpriveleged user (similar to TSEG behavior). 2nd part: mostly fixes and extra documentation on how to detect and use modern CPU hotplug interface (MMIO block). So firmware could reuse it for enumerating possible CPUs and detecting hotplugged CPU(s). It also adds support for CPHP_GET_CPU_ID_CMD command [7/8], which should allow firmware to fetch APIC IDs for possible CPUs which is necessary for initializing internal structures for possible CPUs on boot. CC: m...@redhat.com CC: pbonz...@redhat.com CC: ler...@redhat.com CC: phi...@redhat.com Igor Mammedov (8): q35: implement 128K SMRAM at default SMBASE address tests: q35: MCH: add default SMBASE SMRAM lock test acpi: cpuhp: spec: clarify 'CPU selector' register usage and endianness acpi: cpuhp: spec: fix 'Command data' description acpi: cpuhp: spec: clarify store into 'Command data' when 'Command field' == 0 acpi: cpuhp: spec: add typical usecases acpi: cpuhp: add CPHP_GET_CPU_ID_CMD command acpi: cpuhp: spec: document procedure for enabling modern CPU hotplug include/hw/pci-host/q35.h | 10 ++++ docs/specs/acpi_cpu_hotplug.txt | 91 +++++++++++++++++++++++++++------- hw/acpi/cpu.c | 15 ++++++ hw/acpi/trace-events | 1 + hw/i386/pc.c | 4 +- hw/pci-host/q35.c | 80 +++++++++++++++++++++++++++--- tests/q35-test.c | 105 ++++++++++++++++++++++++++++++++++++++++ 7 files changed, 281 insertions(+), 25 deletions(-) -- 2.7.4