On 15.06.21 11:31, Peter Maydell wrote: > On Wed, 19 May 2021 at 21:23, Alexander Graf <ag...@csgraf.de> wrote: >> Windows 10 calls an SMCCC call via SMC unconditionally on boot. It lives >> in the trusted application call number space, but its purpose is unknown. >> >> In our current SMC implementation, we inject a UDEF for unknown SMC calls, >> including this one. However, Windows breaks on boot when we do this. Instead, >> let's return an error code. >> >> With this patch applied I can successfully boot the current Windows 10 >> Insider Preview in HVF. >> >> Signed-off-by: Alexander Graf <ag...@csgraf.de> >> >> --- >> >> v7 -> v8: >> >> - fix checkpatch >> --- >> target/arm/hvf/hvf.c | 4 ++++ >> 1 file changed, 4 insertions(+) >> >> diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c >> index 65c33e2a14..be670af578 100644 >> --- a/target/arm/hvf/hvf.c >> +++ b/target/arm/hvf/hvf.c >> @@ -931,6 +931,10 @@ int hvf_vcpu_exec(CPUState *cpu) >> cpu_synchronize_state(cpu); >> if (!hvf_handle_psci_call(cpu)) { >> advance_pc = true; >> + } else if (env->xregs[0] == QEMU_SMCCC_TC_WINDOWS10_BOOT) { >> + /* This special SMC is called by Windows 10 on boot. Return >> error */ >> + env->xregs[0] = -1; >> + advance_pc = true; >> } else { >> trace_hvf_unknown_smc(env->xregs[0]); >> hvf_raise_exception(env, EXCP_UDEF, syn_uncategorized()); > Where can I find documentation on what this SMC call is and what > it's supposed to do ?
It's 0xc3000001 which according to the SMCCC spec [1] means OR'ed values of the following: 0x80000000 = Fast Call 0x40000000 = SMC64 0x03000000 = OEM Service Calls 0x00000001 = Function number 1 So, uh. I'm not sure how to answer the question above. I don't have source level access to Windows to read what the call is supposed to do :). But it's definitely calling something OEM specific that it really shouldn't be callling. Reading the SMCCC spec section 5.2, unknown SMCCC calls should return -1. It advises against probing by just calling them, but does not specify any other fault behavior than the -1 return (such as the #UDEF we inject in TCG). Alex [1] https://developer.arm.com/documentation/den0028/latest