On 09/12/2014 03:56 AM, Wei, Gang wrote: > On Sep 8, 2014 23:45, Benjamin Block wrote: >> Hello, >> >> just a short question about some of the more bloody details of Intel >> TXT. There are 2 specs atm - Intel TXT SDG (May 2014, rev 11) and the >> Intel 64/IA-32 Arch SDM (June 2014, rev. 51). Both define the state of >> the platform after SINIT ran and returned control to the user (the mle). >> Both manuals contract each other. The Intel TXT SDG even contracts >> itself. > > IA SDM and TXT SDG(MLE DG) define two completely different states: after > SENTER and after SINIT. > > SDM describes CPU state after GETSEC.SENTER *instruction*. This state is in > effect when SINIT module gets control i.e. at the very first SINIT > instruction. This state is interesting only to SINIT module code developer > and is of no interest to MLE developer. > > MLE DG describes the state of platform after GETSEC.EXITAC *instruction*. > This is state when SINIT modules returns control to MLE i.e. at the very > first MLE instruction. This state is the only one important for MLE > developer, and this state is a *convention* which is concluded between SINIT > developer and MLE developer. > >> I'd like to know what I should use as reference and reliable information. > > So definitely to write a MLE we should refer to MLE DG. >
Yes; i got confused there. Sry for the rubbel from me, you are right of course. That makes much more sense now. >> My problem is, at compile-time I don't know at which address my MLE >> will be located once it has been loaded. That means, I have to write >> address-independent code, at least for the boot-strapping. For this I >> need the value of EIP. >> >> In the Intel TXT SDG it is specified that the value of EIP will also >> be written to EBX. In the Instruction Manual EBX contains SINIT.BASE. >> >> If I don't have access to the EIP through EBX, than I need a good >> stack to make a call+pop to get the EIP value. Again, in the Intel TXT >> spec, all segments but CS are "undefined" (also ESP/EBP). In the >> Instruction Manual these are defined to be values supplied from SINIT >> (without defining the value of ESP, but with EBP). >> >> Further the Intel TXT SDG contracts itself in the same table. For EBX >> it lists, that it contains the same value as EIP. But further down it >> writes "SINIT.Base (EBX)", which is not the value of EIP (but which >> would be correct according to the Instruction Manual). > > "SINIT.Base (EBX)" is really a confused express. The EBX in this is refer to > actually the value at beginning of SINIT, not at start of MLE. This confused > expression will be updated in next revision of MLE DG. > >> So, what am I supposed to use? I need a valid address of my current >> environment to boot-strap the rest (load gdt, set segement-registers, >> ...). >> >> I would be very thankful for any concrete information. I only know >> tboot and flicker as users of txt, where I can read the sources. Tboot >> knows its place in memory from the start and doesn't need to find out >> the value of EIP. flicker uses the call+pop idiom, which is not >> reliable according to both specs (Instruction Manual defines a (sort >> of) valid stack, but doesn't supply a value for ESP). > > To simplify life of MLE writer MMX registers was preserved in SINIT - this is > also part of convention. This can be used to pass information from pre-MLE > state. > I finally got it to work, well at least to get into the MLE, still have to get back to Linux, but this will be the smaller part of the work. Over the last days I had some really weired problems with the starting-process though. The CPU work execute the ACM-Sinit, but it would fail with the error-code "0xC0000481" - that means "interrupt occurred". I could fix this by starting linux with "intremap=off", this turns interrupt-remapping and this in turn x2apic off. After that my MLE would launch. The thing is, I never read about this in the spec. The spec tells me only that DMA remapping should off - which it was/is - neither irq-remap, nor x2apic are mentioned. Additionally the SDM on SMX says that before going to the ACM - I learned ;) - it turns off all interrupt-sources (external and internal). Is this some new requirement that is not yet in the spec or should this not happen, even with irq-rmapping and x2apic? Maybe I'm also fixing around a completely different issue by turning those off. best regards, - Benjamin
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho
_______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
