1

I am currently working on an x86 operating system that is booted the way similar to tboot. A lot of the logic is copied from tboot. Currently the OS' boot sequence is:

  • BIOS launches the OS using multiboot standard, OS runs in protected mode (32-bit) now.
  • The OS executes GETSEC[SENTER] to start a measured launch environment
  • The OS's first CPU (ILP / BSP) runs GETSEC[WAKEUP] or *sinit_mle_data->rlp_wakeup_addr = 1 to wake up other CPUs (RLPs / APs)
  • All CPUs are awake at this point, so we can do useful work

All the code above runs in protected mode (32-bit). However, I would like to port my OS to run in 64-bit. Due to how the OS is already written, I would like to run as many part of the OS in x86-64 as possible. I am hoping to change the boot sequence as:

  • BIOS launches the OS using multiboot standard, OS runs in protected mode (32-bit) now.
  • OS upgrades to long mode (64-bit). From now on everything runs in 64-bit mode.
  • The OS executes GETSEC[SENTER] to start a measured launch environment
  • The OS's first CPU (ILP / BSP) runs GETSEC[WAKEUP] or *sinit_mle_data->rlp_wakeup_addr = 1 to wake up other CPUs (RLPs / APs)
  • All CPUs are awake at this point, so we can do useful work

So I am wondering whether Intel supports running GETSEC[SENTER] and GETSEC[WAKEUP] in 64-bit mode. The only documentation I can find is "Intel(R) Trusted Execution Technology (Intel(R) TXT) Software Development Guide Measured Launched Environment Developer's Guide" in December 2009, which is downloaded from an unofficial site. In this documentation nothing is mentioned about long mode.

Tboot uses only x86, and in tboot's 1.10.4's /docs/tboot_flow.md it says "There a few requirements for platform state before GETSEC[SENTER] can be called: CPU has to be in protected mode ...". I wonder whether this comment means that long mode is not supported. In my understanding it intends to imply that real mode is not supported.

Sorry in advance if my terminologies is confusing. I can't find offical documents from Intel that describes these names. It would be helpful if someone can point me to Intel's official documents about TXT / DRTM / MLE / SINIT / etc.

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
Eric Stdlib
  • 1,292
  • 1
  • 18
  • 32
  • The usual assumption in instruction documentation is that instructions still do the same thing in 64-bit mode (e.g. `rdtsc` still writes EDX:EAX), although perhaps that doesn't apply to special modes / states like TXT or SMM. I have no experience with that. If the doc you looked at didn't specifically mention legacy or compat mode either, there's a good chance that it's mode agnostic. (At least that's my guess based on your question, not having read the actual doc or knowing much about how TXT works) – Peter Cordes Mar 16 '22 at 21:38
  • Intel SDM volume 2D, chapter 6, section 6.3: All GETSEC leaf functions are available in protected mode, including the compatibility sub-mode of IA-32e mode and the 64-bit sub-mode of IA-32e mode. Unless otherwise noted, the behavior of all GETSEC functions and interactions related to the measured environment are independent of IA-32e mode. This also applies to the interpretation of register widths passed as input parameters to GETSEC functions and to register results returned as output parameters. – prl Mar 17 '22 at 05:51

0 Answers0