confidential-containers
Showing with 18 additions and 9 deletions.

+2 −2 devtools/td-layout-config/config_image.json

+7 −7 td-layout/src/build_time.rs

+1 −0 td-shim/ResetVector/Ia32/Flat32ToFlat64.asm

+2 −0 td-shim/ResetVector/X64/PageTables.asm

+6 −0 td-shim/src/bin/td-shim/memory.rs
diff --git a/devtools/td-layout-config/config_image.json b/devtools/td-layout-config/config_image.json
@@ -5,6 +5,6 @@
     "TempHeap": "0x020000",
     "Metadata": "0x001000",
     "Payload": "0xC2D000",
-    "Ipl": "0x34A000",
-    "ResetVector": "0x007000"
+    "Ipl": "0x349000",
+    "ResetVector": "0x008000"
 }
diff --git a/td-layout/src/build_time.rs b/td-layout/src/build_time.rs
@@ -21,9 +21,9 @@ Image Layout
 +----------------------------------------+ <- 0xCAE000
 |                METADATA                |   (0x1000) 4 kB
 +----------------------------------------+ <- 0xCAF000
-|                  IPL                   |   (0x34A000) 3.29 MB
-+----------------------------------------+ <- 0xFF9000
-|              RESET_VECTOR              |   (0x7000) 28 kB
+|                  IPL                   |   (0x349000) 3.29 MB
++----------------------------------------+ <- 0xFF8000
+|              RESET_VECTOR              |   (0x8000) 32 kB
 +----------------------------------------+ <- 0x1000000
 Image size: 0x1000000 (16 MB)
 */
@@ -52,10 +52,10 @@ pub const TD_SHIM_METADATA_OFFSET: u32 = 0xCAE000;
 pub const TD_SHIM_METADATA_SIZE: u32 = 0x1000; // 4 kB
 
 pub const TD_SHIM_IPL_OFFSET: u32 = 0xCAF000;
-pub const TD_SHIM_IPL_SIZE: u32 = 0x34A000; // 3.29 MB
+pub const TD_SHIM_IPL_SIZE: u32 = 0x349000; // 3.29 MB
 
-pub const TD_SHIM_RESET_VECTOR_OFFSET: u32 = 0xFF9000;
-pub const TD_SHIM_RESET_VECTOR_SIZE: u32 = 0x7000; // 28 kB
+pub const TD_SHIM_RESET_VECTOR_OFFSET: u32 = 0xFF8000;
+pub const TD_SHIM_RESET_VECTOR_SIZE: u32 = 0x8000; // 32 kB
 
 // Offset when Loading into Memory
 pub const TD_SHIM_FIRMWARE_BASE: u32 = 0xFF000000;
@@ -75,4 +75,4 @@ pub const TD_SHIM_FREE_BASE: u32 = 0xFF081000;
 pub const TD_SHIM_PAYLOAD_BASE: u32 = 0xFF081000;
 pub const TD_SHIM_METADATA_BASE: u32 = 0xFFCAE000;
 pub const TD_SHIM_IPL_BASE: u32 = 0xFFCAF000;
-pub const TD_SHIM_RESET_VECTOR_BASE: u32 = 0xFFFF9000;
+pub const TD_SHIM_RESET_VECTOR_BASE: u32 = 0xFFFF8000;
diff --git a/td-shim/ResetVector/Ia32/Flat32ToFlat64.asm b/td-shim/ResetVector/Ia32/Flat32ToFlat64.asm
@@ -19,6 +19,7 @@ Transition32FlatTo64Flat:
     mov     cr4, eax
 
     mov     ecx, ADDR_OF(TopLevelPageDirectory)
+    add     ecx, 0x1000                 ; point to level-4 page table entry
     mov     cr3, ecx
     mov     eax, cr0
     bts     eax, 31                     ; set PG

diff --git a/td-shim/ResetVector/X64/PageTables.asm b/td-shim/ResetVector/X64/PageTables.asm
@@ -27,9 +27,11 @@ TopLevelPageDirectory:
     TIMES 511 DQ 0
 
     DQ      PDP(0x2000)
+    TIMES 511 DQ 0
     DQ      PDP(0x3000)
     DQ      PDP(0x4000)
     DQ      PDP(0x5000)
+    DQ      PDP(0x6000)
 
     ;
     ; Page Table Entries (2048 * 2MB entries => 4GB)

diff --git a/td-shim/src/bin/td-shim/memory.rs b/td-shim/src/bin/td-shim/memory.rs
@@ -14,6 +14,7 @@ use td_shim_interface::td_uefi_pi::pi::hob::{
     RESOURCE_SYSTEM_MEMORY,
 };
 use x86_64::{
+    registers::control::{Cr4, Cr4Flags},
     structures::paging::PageTableFlags as Flags,
     structures::paging::{OffsetPageTable, PageTable},
     PhysAddr, VirtAddr,
@@ -125,6 +126,11 @@ impl<'a> Memory<'a> {
             }
         }
 
+        if Cr4::read().contains(Cr4Flags::L5_PAGING) {
+            panic!(
+                "5-Level paging is not supported by td-shim but it is enabled in CR4 unexpectedly"
+            );
+        }
         td_paging::cr3_write(
             self.get_layout_region(SliceType::PayloadPageTable)
                 .base_address as u64,