Merge tag 'x86_boot_for_v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

	  See Documentation/admin-guide/efi-stub.rst for more information.

config EFI_HANDOVER_PROTOCOL

	bool "EFI handover protocol (DEPRECATED)"

	depends on EFI_STUB

	default y

	help

	  Select this in order to include support for the deprecated EFI

	  handover protocol, which defines alternative entry points into the

	  EFI stub.  This is a practice that has no basis in the UEFI

	  specification, and requires a priori knowledge on the part of the

	  bootloader about Linux/x86 specific ways of passing the command line

	  and initrd, and where in memory those assets may be loaded.

	  If in doubt, say Y. Even though the corresponding support is not

	  present in upstream GRUB or other bootloaders, most distros build

	  GRUB with numerous downstream patches applied, and may rely on the

	  handover protocol as as result.

config EFI_MIXED

	bool "EFI mixed-mode support"

	depends on EFI_STUB && X86_64

ifdef CONFIG_X86_64

	vmlinux-objs-y += $(obj)/ident_map_64.o

	vmlinux-objs-y += $(obj)/idt_64.o $(obj)/idt_handlers_64.o

	vmlinux-objs-y += $(obj)/mem_encrypt.o

	vmlinux-objs-$(CONFIG_AMD_MEM_ENCRYPT) += $(obj)/mem_encrypt.o

	vmlinux-objs-y += $(obj)/pgtable_64.o

	vmlinux-objs-$(CONFIG_AMD_MEM_ENCRYPT) += $(obj)/sev.o

endif

vmlinux-objs-$(CONFIG_ACPI) += $(obj)/acpi.o

vmlinux-objs-$(CONFIG_INTEL_TDX_GUEST) += $(obj)/tdx.o $(obj)/tdcall.o

vmlinux-objs-$(CONFIG_EFI_MIXED) += $(obj)/efi_thunk_$(BITS).o

vmlinux-objs-$(CONFIG_EFI) += $(obj)/efi.o

efi-obj-$(CONFIG_EFI_STUB) = $(objtree)/drivers/firmware/efi/libstub/lib.a

vmlinux-objs-$(CONFIG_EFI_MIXED) += $(obj)/efi_mixed.o

vmlinux-objs-$(CONFIG_EFI_STUB) += $(objtree)/drivers/firmware/efi/libstub/lib.a

$(obj)/vmlinux: $(vmlinux-objs-y) $(efi-obj-y) FORCE

$(obj)/vmlinux: $(vmlinux-objs-y) FORCE

	$(call if_changed,ld)

OBJCOPYFLAGS_vmlinux.bin :=  -R .comment -S

	.code64

	.text

/*

 * When booting in 64-bit mode on 32-bit EFI firmware, startup_64_mixed_mode()

 * is the first thing that runs after switching to long mode. Depending on

 * whether the EFI handover protocol or the compat entry point was used to

 * enter the kernel, it will either branch to the 64-bit EFI handover

 * entrypoint at offset 0x390 in the image, or to the 64-bit EFI PE/COFF

 * entrypoint efi_pe_entry(). In the former case, the bootloader must provide a

 * struct bootparams pointer as the third argument, so the presence of such a

 * pointer is used to disambiguate.

 *

 *                                                             +--------------+

 *  +------------------+     +------------+            +------>| efi_pe_entry |

 *  | efi32_pe_entry   |---->|            |            |       +-----------+--+

 *  +------------------+     |            |     +------+----------------+  |

 *                           | startup_32 |---->| startup_64_mixed_mode |  |

 *  +------------------+     |            |     +------+----------------+  V

 *  | efi32_stub_entry |---->|            |            |     +------------------+

 *  +------------------+     +------------+            +---->| efi64_stub_entry |

 *                                                           +-------------+----+

 *                           +------------+     +----------+               |

 *                           | startup_64 |<----| efi_main |<--------------+

 *                           +------------+     +----------+

 */

SYM_FUNC_START(startup_64_mixed_mode)

	lea	efi32_boot_args(%rip), %rdx

	mov	0(%rdx), %edi

	mov	4(%rdx), %esi

	mov	8(%rdx), %edx		// saved bootparams pointer

	test	%edx, %edx

	jnz	efi64_stub_entry

	/*

	 * efi_pe_entry uses MS calling convention, which requires 32 bytes of

	 * shadow space on the stack even if all arguments are passed in

	 * registers. We also need an additional 8 bytes for the space that

	 * would be occupied by the return address, and this also results in

	 * the correct stack alignment for entry.

	 */

	sub	$40, %rsp

	mov	%rdi, %rcx		// MS calling convention

	mov	%rsi, %rdx

	jmp	efi_pe_entry

SYM_FUNC_END(startup_64_mixed_mode)

SYM_FUNC_START(__efi64_thunk)

	push	%rbp

	push	%rbx

	leaq	0x20(%rsp), %rbx

	sgdt	(%rbx)

	addq	$16, %rbx

	sidt	(%rbx)

	sidt	16(%rbx)

	leaq	1f(%rip), %rbp

	/*

	 * Switch to IDT and GDT with 32-bit segments. This is the firmware GDT

	 * and IDT that was installed when the kernel started executing. The

	 * pointers were saved at the EFI stub entry point in head_64.S.

	 * Switch to IDT and GDT with 32-bit segments. These are the firmware

	 * GDT and IDT that were installed when the kernel started executing.

	 * The pointers were saved by the efi32_entry() routine below.

	 *

	 * Pass the saved DS selector to the 32-bit code, and use far return to

	 * restore the saved CS selector.

	 */

	leaq	efi32_boot_idt(%rip), %rax

	lidt	(%rax)

	leaq	efi32_boot_gdt(%rip), %rax

	lgdt	(%rax)

	lidt	efi32_boot_idt(%rip)

	lgdt	efi32_boot_gdt(%rip)

	movzwl	efi32_boot_ds(%rip), %edx

	movzwq	efi32_boot_cs(%rip), %rax

	 */

	cli

	lidtl	(%ebx)

	subl	$16, %ebx

	lidtl	16(%ebx)

	lgdtl	(%ebx)

	movl	%cr4, %eax

	lret

SYM_FUNC_END(efi_enter32)

/*

 * This is the common EFI stub entry point for mixed mode.

 *

 * Arguments:	%ecx	image handle

 * 		%edx	EFI system table pointer

 *		%esi	struct bootparams pointer (or NULL when not using

 *			the EFI handover protocol)

 *

 * Since this is the point of no return for ordinary execution, no registers

 * are considered live except for the function parameters. [Note that the EFI

 * stub may still exit and return to the firmware using the Exit() EFI boot

 * service.]

 */

SYM_FUNC_START(efi32_entry)

	call	1f

1:	pop	%ebx

	/* Save firmware GDTR and code/data selectors */

	sgdtl	(efi32_boot_gdt - 1b)(%ebx)

	movw	%cs, (efi32_boot_cs - 1b)(%ebx)

	movw	%ds, (efi32_boot_ds - 1b)(%ebx)

	/* Store firmware IDT descriptor */

	sidtl	(efi32_boot_idt - 1b)(%ebx)

	/* Store boot arguments */

	leal	(efi32_boot_args - 1b)(%ebx), %ebx

	movl	%ecx, 0(%ebx)

	movl	%edx, 4(%ebx)

	movl	%esi, 8(%ebx)

	movb	$0x0, 12(%ebx)          // efi_is64

	/* Disable paging */

	movl	%cr0, %eax

	btrl	$X86_CR0_PG_BIT, %eax

	movl	%eax, %cr0

	jmp	startup_32

SYM_FUNC_END(efi32_entry)

#define ST32_boottime		60 // offsetof(efi_system_table_32_t, boottime)

#define BS32_handle_protocol	88 // offsetof(efi_boot_services_32_t, handle_protocol)

#define LI32_image_base		32 // offsetof(efi_loaded_image_32_t, image_base)

/*

 * efi_status_t efi32_pe_entry(efi_handle_t image_handle,

 *			       efi_system_table_32_t *sys_table)

 */

SYM_FUNC_START(efi32_pe_entry)

	pushl	%ebp

	movl	%esp, %ebp

	pushl	%eax				// dummy push to allocate loaded_image

	pushl	%ebx				// save callee-save registers

	pushl	%edi

	call	verify_cpu			// check for long mode support

	testl	%eax, %eax

	movl	$0x80000003, %eax		// EFI_UNSUPPORTED

	jnz	2f

	call	1f

1:	pop	%ebx

	/* Get the loaded image protocol pointer from the image handle */

	leal	-4(%ebp), %eax

	pushl	%eax				// &loaded_image

	leal	(loaded_image_proto - 1b)(%ebx), %eax

	pushl	%eax				// pass the GUID address

	pushl	8(%ebp)				// pass the image handle

	/*

	 * Note the alignment of the stack frame.

	 *   sys_table

	 *   handle             <-- 16-byte aligned on entry by ABI

	 *   return address

	 *   frame pointer

	 *   loaded_image       <-- local variable

	 *   saved %ebx		<-- 16-byte aligned here

	 *   saved %edi

	 *   &loaded_image

	 *   &loaded_image_proto

	 *   handle             <-- 16-byte aligned for call to handle_protocol

	 */

	movl	12(%ebp), %eax			// sys_table

	movl	ST32_boottime(%eax), %eax	// sys_table->boottime

	call	*BS32_handle_protocol(%eax)	// sys_table->boottime->handle_protocol

	addl	$12, %esp			// restore argument space

	testl	%eax, %eax

	jnz	2f

	movl	8(%ebp), %ecx			// image_handle

	movl	12(%ebp), %edx			// sys_table

	movl	-4(%ebp), %esi			// loaded_image

	movl	LI32_image_base(%esi), %esi	// loaded_image->image_base

	leal	(startup_32 - 1b)(%ebx), %ebp	// runtime address of startup_32

	/*

	 * We need to set the image_offset variable here since startup_32() will

	 * use it before we get to the 64-bit efi_pe_entry() in C code.

	 */

	subl	%esi, %ebp			// calculate image_offset

	movl	%ebp, (image_offset - 1b)(%ebx)	// save image_offset

	xorl	%esi, %esi

	jmp	efi32_entry			// pass %ecx, %edx, %esi

						// no other registers remain live

2:	popl	%edi				// restore callee-save registers

	popl	%ebx

	leave

	RET

SYM_FUNC_END(efi32_pe_entry)

	.section ".rodata"

	/* EFI loaded image protocol GUID */

	.balign 4

SYM_DATA_START_LOCAL(loaded_image_proto)

	.long	0x5b1b31a1

	.word	0x9562, 0x11d2

	.byte	0x8e, 0x3f, 0x00, 0xa0, 0xc9, 0x69, 0x72, 0x3b

SYM_DATA_END(loaded_image_proto)

	.data

	.balign	8

SYM_DATA_START(efi32_boot_gdt)

SYM_DATA_START_LOCAL(efi32_boot_gdt)

	.word	0

	.quad	0

SYM_DATA_END(efi32_boot_gdt)

SYM_DATA_START(efi32_boot_idt)

SYM_DATA_START_LOCAL(efi32_boot_idt)

	.word	0

	.quad	0

SYM_DATA_END(efi32_boot_idt)

SYM_DATA_START(efi32_boot_cs)

	.word	0

SYM_DATA_END(efi32_boot_cs)

SYM_DATA_START(efi32_boot_ds)

	.word	0

SYM_DATA_END(efi32_boot_ds)

SYM_DATA_LOCAL(efi32_boot_cs, .word 0)

SYM_DATA_LOCAL(efi32_boot_ds, .word 0)

SYM_DATA_LOCAL(efi32_boot_args, .long 0, 0, 0)

SYM_DATA(efi_is64, .byte 1)

	.quad	0x00cf92000000ffff	/* __KERNEL_DS */

SYM_DATA_END_LABEL(gdt, SYM_L_LOCAL, gdt_end)

#ifdef CONFIG_EFI_STUB

SYM_DATA(image_offset, .long 0)

#endif

/*

 * Stack and heap for uncompression

 */

1:

	/* Setup Exception handling for SEV-ES */

#ifdef CONFIG_AMD_MEM_ENCRYPT

	call	startup32_load_idt

#endif

	/* Make sure cpu supports long mode. */

	call	verify_cpu

  */

	/*

	 * If SEV is active then set the encryption mask in the page tables.

	 * This will insure that when the kernel is copied and decompressed

	 * This will ensure that when the kernel is copied and decompressed

	 * it will be done so encrypted.

	 */

	call	get_sev_encryption_bit

	xorl	%edx, %edx

#ifdef	CONFIG_AMD_MEM_ENCRYPT

	call	get_sev_encryption_bit

	xorl	%edx, %edx

	testl	%eax, %eax

	jz	1f

	subl	$32, %eax	/* Encryption bit is always above bit 31 */

	movl    $__BOOT_TSS, %eax

	ltr	%ax

#ifdef CONFIG_AMD_MEM_ENCRYPT

	/* Check if the C-bit position is correct when SEV is active */

	call	startup32_check_sev_cbit

#endif

	/*

	 * Setup for the jump to 64bit mode

	 *

	 */

	leal	rva(startup_64)(%ebp), %eax

#ifdef CONFIG_EFI_MIXED

	movl	rva(efi32_boot_args)(%ebp), %edi

	testl	%edi, %edi

	jz	1f

	leal	rva(efi64_stub_entry)(%ebp), %eax

	movl	rva(efi32_boot_args+4)(%ebp), %esi

	movl	rva(efi32_boot_args+8)(%ebp), %edx	// saved bootparams pointer

	testl	%edx, %edx

	jnz	1f

	/*

	 * efi_pe_entry uses MS calling convention, which requires 32 bytes of

	 * shadow space on the stack even if all arguments are passed in

	 * registers. We also need an additional 8 bytes for the space that

	 * would be occupied by the return address, and this also results in

	 * the correct stack alignment for entry.

	 */

	subl	$40, %esp

	leal	rva(efi_pe_entry)(%ebp), %eax

	movl	%edi, %ecx			// MS calling convention

	movl	%esi, %edx

	cmpb	$1, rva(efi_is64)(%ebp)

	je	1f

	leal	rva(startup_64_mixed_mode)(%ebp), %eax

1:

#endif

	/* Check if the C-bit position is correct when SEV is active */

	call	startup32_check_sev_cbit

	pushl	$__KERNEL_CS

	pushl	%eax

	lret

SYM_FUNC_END(startup_32)

#ifdef CONFIG_EFI_MIXED

#if IS_ENABLED(CONFIG_EFI_MIXED) && IS_ENABLED(CONFIG_EFI_HANDOVER_PROTOCOL)

	.org 0x190

SYM_FUNC_START(efi32_stub_entry)

	add	$0x4, %esp		/* Discard return address */

	popl	%ecx

	popl	%edx

	popl	%esi

	call	1f

1:	pop	%ebp

	subl	$ rva(1b), %ebp

	movl	%esi, rva(efi32_boot_args+8)(%ebp)

SYM_INNER_LABEL(efi32_pe_stub_entry, SYM_L_LOCAL)

	movl	%ecx, rva(efi32_boot_args)(%ebp)

	movl	%edx, rva(efi32_boot_args+4)(%ebp)

	movb	$0, rva(efi_is64)(%ebp)

	/* Save firmware GDTR and code/data selectors */

	sgdtl	rva(efi32_boot_gdt)(%ebp)

	movw	%cs, rva(efi32_boot_cs)(%ebp)

	movw	%ds, rva(efi32_boot_ds)(%ebp)

	/* Store firmware IDT descriptor */

	sidtl	rva(efi32_boot_idt)(%ebp)

	/* Disable paging */

	movl	%cr0, %eax

	btrl	$X86_CR0_PG_BIT, %eax

	movl	%eax, %cr0

	jmp	startup_32

	jmp	efi32_entry

SYM_FUNC_END(efi32_stub_entry)

#endif

SYM_CODE_END(startup_64)

#ifdef CONFIG_EFI_STUB

#ifdef CONFIG_EFI_HANDOVER_PROTOCOL

	.org 0x390

#endif

SYM_FUNC_START(efi64_stub_entry)

	and	$~0xf, %rsp			/* realign the stack */

	movq	%rdx, %rbx			/* save boot_params pointer */

	jmp     1b

SYM_FUNC_END(.Lno_longmode)

	.globl	verify_cpu

#include "../../kernel/verify_cpu.S"

	.data

	.endr

SYM_DATA_END_LABEL(boot_idt, SYM_L_GLOBAL, boot_idt_end)

#ifdef CONFIG_AMD_MEM_ENCRYPT

SYM_DATA_START(boot32_idt_desc)

	.word   boot32_idt_end - boot32_idt - 1

	.long   0

SYM_DATA_END(boot32_idt_desc)

	.balign 8

SYM_DATA_START(boot32_idt)

	.rept 32

	.quad 0

	.endr

SYM_DATA_END_LABEL(boot32_idt, SYM_L_GLOBAL, boot32_idt_end)

#endif

#ifdef CONFIG_EFI_STUB

SYM_DATA(image_offset, .long 0)

#endif

#ifdef CONFIG_EFI_MIXED

SYM_DATA_LOCAL(efi32_boot_args, .long 0, 0, 0)

SYM_DATA(efi_is64, .byte 1)

#define ST32_boottime		60 // offsetof(efi_system_table_32_t, boottime)

#define BS32_handle_protocol	88 // offsetof(efi_boot_services_32_t, handle_protocol)

#define LI32_image_base		32 // offsetof(efi_loaded_image_32_t, image_base)

	__HEAD

	.code32

SYM_FUNC_START(efi32_pe_entry)

/*

 * efi_status_t efi32_pe_entry(efi_handle_t image_handle,

 *			       efi_system_table_32_t *sys_table)

 */

	pushl	%ebp

	movl	%esp, %ebp

	pushl	%eax				// dummy push to allocate loaded_image

	pushl	%ebx				// save callee-save registers

	pushl	%edi

	call	verify_cpu			// check for long mode support

	testl	%eax, %eax

	movl	$0x80000003, %eax		// EFI_UNSUPPORTED

	jnz	2f

	call	1f

1:	pop	%ebx

	subl	$ rva(1b), %ebx

	/* Get the loaded image protocol pointer from the image handle */

	leal	-4(%ebp), %eax

	pushl	%eax				// &loaded_image

	leal	rva(loaded_image_proto)(%ebx), %eax

	pushl	%eax				// pass the GUID address

	pushl	8(%ebp)				// pass the image handle

	/*

	 * Note the alignment of the stack frame.

	 *   sys_table

	 *   handle             <-- 16-byte aligned on entry by ABI

	 *   return address

	 *   frame pointer

	 *   loaded_image       <-- local variable

	 *   saved %ebx		<-- 16-byte aligned here

	 *   saved %edi

	 *   &loaded_image

	 *   &loaded_image_proto

	 *   handle             <-- 16-byte aligned for call to handle_protocol

	 */

	movl	12(%ebp), %eax			// sys_table

	movl	ST32_boottime(%eax), %eax	// sys_table->boottime

	call	*BS32_handle_protocol(%eax)	// sys_table->boottime->handle_protocol

	addl	$12, %esp			// restore argument space

	testl	%eax, %eax

	jnz	2f

	movl	8(%ebp), %ecx			// image_handle

	movl	12(%ebp), %edx			// sys_table

	movl	-4(%ebp), %esi			// loaded_image

	movl	LI32_image_base(%esi), %esi	// loaded_image->image_base

	movl	%ebx, %ebp			// startup_32 for efi32_pe_stub_entry

	/*

	 * We need to set the image_offset variable here since startup_32() will

	 * use it before we get to the 64-bit efi_pe_entry() in C code.

	 */

	subl	%esi, %ebx

	movl	%ebx, rva(image_offset)(%ebp)	// save image_offset

	jmp	efi32_pe_stub_entry

2:	popl	%edi				// restore callee-save registers

	popl	%ebx

	leave

	RET

SYM_FUNC_END(efi32_pe_entry)

	.section ".rodata"

	/* EFI loaded image protocol GUID */

	.balign 4

SYM_DATA_START_LOCAL(loaded_image_proto)

	.long	0x5b1b31a1

	.word	0x9562, 0x11d2

	.byte	0x8e, 0x3f, 0x00, 0xa0, 0xc9, 0x69, 0x72, 0x3b

SYM_DATA_END(loaded_image_proto)

#endif

#ifdef CONFIG_AMD_MEM_ENCRYPT

	__HEAD

	.code32

/*

 * Write an IDT entry into boot32_idt

 *

 * Parameters:

 *

 * %eax:	Handler address

 * %edx:	Vector number

 *

 * Physical offset is expected in %ebp

 */

SYM_FUNC_START(startup32_set_idt_entry)

	push    %ebx

	push    %ecx

	/* IDT entry address to %ebx */

	leal    rva(boot32_idt)(%ebp), %ebx

	shl	$3, %edx

	addl    %edx, %ebx

	/* Build IDT entry, lower 4 bytes */

	movl    %eax, %edx

	andl    $0x0000ffff, %edx	# Target code segment offset [15:0]

	movl    $__KERNEL32_CS, %ecx	# Target code segment selector

	shl     $16, %ecx

	orl     %ecx, %edx

	/* Store lower 4 bytes to IDT */

	movl    %edx, (%ebx)

	/* Build IDT entry, upper 4 bytes */

	movl    %eax, %edx

	andl    $0xffff0000, %edx	# Target code segment offset [31:16]

	orl     $0x00008e00, %edx	# Present, Type 32-bit Interrupt Gate

	/* Store upper 4 bytes to IDT */

	movl    %edx, 4(%ebx)

	pop     %ecx

	pop     %ebx

	RET

SYM_FUNC_END(startup32_set_idt_entry)

#endif

SYM_FUNC_START(startup32_load_idt)

#ifdef CONFIG_AMD_MEM_ENCRYPT

	/* #VC handler */

	leal    rva(startup32_vc_handler)(%ebp), %eax

	movl    $X86_TRAP_VC, %edx

	call    startup32_set_idt_entry

	/* Load IDT */

	leal	rva(boot32_idt)(%ebp), %eax

	movl	%eax, rva(boot32_idt_desc+2)(%ebp)

	lidt    rva(boot32_idt_desc)(%ebp)

#endif

	RET

SYM_FUNC_END(startup32_load_idt)

/*

 * Check for the correct C-bit position when the startup_32 boot-path is used.

 *

 * The check makes use of the fact that all memory is encrypted when paging is

 * disabled. The function creates 64 bits of random data using the RDRAND

 * instruction. RDRAND is mandatory for SEV guests, so always available. If the

 * hypervisor violates that the kernel will crash right here.

 *

 * The 64 bits of random data are stored to a memory location and at the same

 * time kept in the %eax and %ebx registers. Since encryption is always active

 * when paging is off the random data will be stored encrypted in main memory.

 *

 * Then paging is enabled. When the C-bit position is correct all memory is

 * still mapped encrypted and comparing the register values with memory will

 * succeed. An incorrect C-bit position will map all memory unencrypted, so that