I am currently working on an x86 operating system that is booted the way similar to tboot. A lot of the logic is copied from tboot. Currently the OS' boot sequence is:
- BIOS launches the OS using multiboot standard, OS runs in protected mode (32-bit) now.
- The OS executes
GETSEC[SENTER]
to start a measured launch environment - The OS's first CPU (ILP / BSP) runs
GETSEC[WAKEUP]
or*sinit_mle_data->rlp_wakeup_addr = 1
to wake up other CPUs (RLPs / APs) - All CPUs are awake at this point, so we can do useful work
All the code above runs in protected mode (32-bit). However, I would like to port my OS to run in 64-bit. Due to how the OS is already written, I would like to run as many part of the OS in x86-64 as possible. I am hoping to change the boot sequence as:
- BIOS launches the OS using multiboot standard, OS runs in protected mode (32-bit) now.
- OS upgrades to long mode (64-bit). From now on everything runs in 64-bit mode.
- The OS executes
GETSEC[SENTER]
to start a measured launch environment - The OS's first CPU (ILP / BSP) runs
GETSEC[WAKEUP]
or*sinit_mle_data->rlp_wakeup_addr = 1
to wake up other CPUs (RLPs / APs) - All CPUs are awake at this point, so we can do useful work
So I am wondering whether Intel supports running GETSEC[SENTER]
and GETSEC[WAKEUP]
in 64-bit mode. The only documentation I can find is "Intel(R) Trusted Execution Technology (Intel(R) TXT) Software Development Guide Measured Launched Environment Developer's Guide" in December 2009, which is downloaded from an unofficial site. In this documentation nothing is mentioned about long mode.
Tboot uses only x86, and in tboot's 1.10.4's /docs/tboot_flow.md
it says "There a few requirements for platform state before GETSEC[SENTER] can be called: CPU has to be in protected mode ...". I wonder whether this comment means that long mode is not supported. In my understanding it intends to imply that real mode is not supported.
Sorry in advance if my terminologies is confusing. I can't find offical documents from Intel that describes these names. It would be helpful if someone can point me to Intel's official documents about TXT / DRTM / MLE / SINIT / etc.