Building Secure Firmware by Jiewen Yao & Vincent Zimmer
Author:Jiewen Yao & Vincent Zimmer
Language: eng
Format: epub
ISBN: 9781484261064
Publisher: Apress
Letâs take one example â the CPUID instruction. The CPUID instruction uses the EAX register for the input and uses the EAX, EBX, ECX, and EDX registers for the output. In the virtualization environment without SEV-ES, when the guest domain executes the CPUID instruction, it triggers a VmExit. The hypervisor parses the VmExit reason to know it was a CPUID instruction that triggered the VmExit. Then the hypervisor gets the EAX value as the CPUID index and sets EAX/EBX/ECX/EDX in the guest general-purpose register fields and resumes the guest.
However, this flow does not work with SEV-ES because the hypervisor is not allowed to read EAX from the guest or write EAX/EBX/ECD/EDX to the guest directly. There are two ways to resolve this problem: 1) The guest software can replace the CPUID instruction with an alternate operation which writes to EAX in the GHCB, triggers VmExit, and reads EAX/EBX/ECX/EDX from the GHCB. This brings compatibility problems with existing guest software binaries. 2) Another way is to leverage a new VMM communication exception (#VC). See Figure 13-6. When the guest software executes CPUID, the CPU hardware triggers a #VC exception with an error code to indicate what the instruction is. Then the guest #VC exception handler can write the instruction (CPUID) and its input parameters (EAX) to the GHCB and trigger VmExit. The corresponding hypervisor handler parses the instruction and input data in the GHCB, writes the output data for the instruction to the GHCB, and resumes to the guest. Then the guest #VC handler reads the output parameters (EAX/EBX/ECX/EDX) of the instruction (CPUID) into the CPU registers. With the help of the new #VC handler, the compatibility is maintained.
Figure 13-6AMD SEV-ES Communication with GHCB and #VC
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(7808)
Grails in Action by Glen Smith Peter Ledbrook(7719)
Azure Containers Explained by Wesley Haakman & Richard Hooper(6807)
Configuring Windows Server Hybrid Advanced Services Exam Ref AZ-801 by Chris Gill(6803)
Running Windows Containers on AWS by Marcio Morales(6323)
Kotlin in Action by Dmitry Jemerov(5089)
Microsoft 365 Identity and Services Exam Guide MS-100 by Aaron Guilmette(5051)
Combating Crime on the Dark Web by Nearchos Nearchou(4623)
Microsoft Cybersecurity Architect Exam Ref SC-100 by Dwayne Natwick(4575)
Management Strategies for the Cloud Revolution: How Cloud Computing Is Transforming Business and Why You Can't Afford to Be Left Behind by Charles Babcock(4437)
The Ruby Workshop by Akshat Paul Peter Philips Dániel Szabó and Cheyne Wallace(4314)
The Age of Surveillance Capitalism by Shoshana Zuboff(3977)
Python for Security and Networking - Third Edition by José Manuel Ortega(3875)
The Ultimate Docker Container Book by Schenker Gabriel N.;(3534)
Learn Windows PowerShell in a Month of Lunches by Don Jones(3528)
Learn Wireshark by Lisa Bock(3491)
Mastering Python for Networking and Security by José Manuel Ortega(3376)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3353)
Blockchain Basics by Daniel Drescher(3322)
