Expand description
Loader-side CPU diagnostics and SSE/XMM enablement.
The Block IO decrypt hook runs AES-256-XTS during the boot window, which on AES-NI-capable CPUs executes SSE/AES-NI instructions (XMM registers). Those require the OS-managed control-register bits to be set:
CR0.MP[1] = 1— monitor coprocessorCR0.EM[2] = 0— disable x87 emulation (else SSE faults with #UD)CR4.OSFXSR[9] = 1— enable FXSAVE/FXRSTOR + SSECR4.OSXMMEXCPT[10] = 1— route unmasked SSE FP exceptions to #XF
UEFI firmware normally sets these already, but we verify and (when AES-NI is present) set them defensively before any AES-NI code runs. The loader is a ring-0 UEFI application, so writing CR0/CR4 is permitted.
Functions§
- report_
and_ enable_ xmm - Log AES-NI support and the SSE/XMM control bits, then (only when AES-NI is supported) set them to the values required for AES-NI execution.