UefiCpuPkg: Add a 16-bit protected mode code segment descriptor

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198

A hypervisor is not allowed to update an SEV-ES guests register state,
so when booting an SEV-ES guest AP, the hypervisor is not allowed to
set the RIP to the guest requested value. Instead, an SEV-ES AP must be
transition from 64-bit long mode to 16-bit real mode in response to an
INIT-SIPI-SIPI sequence. This requires a 16-bit code segment descriptor.
For PEI, create this descriptor in the reset vector GDT table. For DXE,
create this descriptor from the newly reserved entry at location 0x28.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Regression-tested-by: Laszlo Ersek <lersek@redhat.com>

1 files changed, 4 insertions, 4 deletions

diff --git a/UefiCpuPkg/CpuDxe/CpuGdt.c b/UefiCpuPkg/CpuDxe/CpuGdt.c
index 64efadeba6..a1ab543f2d 100644
--- a/UefiCpuPkg/CpuDxe/CpuGdt.c
+++ b/UefiCpuPkg/CpuDxe/CpuGdt.c
@@ -70,14 +70,14 @@ STATIC GDT_ENTRIES GdtTemplate = {
     0x0,

   },

   //

-  // SPARE4_SEL

+  // SYS_CODE16_SEL

   //

   {

-    0x0,            // limit 15:0

+    0x0FFFF,        // limit 15:0

     0x0,            // base 15:0

     0x0,            // base 23:16

-    0x0,            // type

-    0x0,            // limit 19:16, flags

+    0x09A,          // present, ring 0, code, execute/read

+    0x08F,          // page-granular, 16-bit

     0x0,            // base 31:24

   },

   //