From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail.byosoft.com.cn (mail.byosoft.com.cn [58.240.74.242]) by mx.groups.io with SMTP id smtpd.web08.1875.1646968787977168603 for ; Thu, 10 Mar 2022 19:19:49 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=none, err=permanent DNS error (domain: byosoft.com.cn, ip: 58.240.74.242, mailfrom: gaoliming@byosoft.com.cn) Received: from DESKTOPS6D0PVI ([58.246.60.130]) (envelope-sender ) by 192.168.6.13 with ESMTP for ; Fri, 11 Mar 2022 11:19:38 +0800 X-WM-Sender: gaoliming@byosoft.com.cn X-Originating-IP: 58.246.60.130 X-WM-AuthFlag: YES X-WM-AuthUser: gaoliming@byosoft.com.cn From: "gaoliming" To: , Cc: "'Brijesh Singh'" , "'Dong, Eric'" , "'Aktas, Erdem'" , "'Wu, Hao A'" , "'Wang, Jian J'" , "'James Bottomley'" , "'Yao, Jiewen'" , "'Kinney, Michael D'" , "'Ni, Ray'" , "'Kumar, Rahul1'" , "'Tom Lendacky'" , "'Liu, Zhiguang'" , "'Gerd Hoffmann'" References: <02e701d82d12$d8412980$88c37c80$@byosoft.com.cn> In-Reply-To: Subject: =?UTF-8?B?5Zue5aSNOiBbZWRrMi1kZXZlbF0gW1BBVENIIFY3IDAwLzM3XSBFbmFibGUgSW50ZWwgVERYIGluIE92bWZQa2cgKENvbmZpZy1BKQ==?= Date: Fri, 11 Mar 2022 11:19:41 +0800 Message-ID: <000601d834f6$d9106880$8b313980$@byosoft.com.cn> MIME-Version: 1.0 X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQGIxg7/Wn4ulh3/mIwStkBVWAx7QAHon6GzARgMaKWtQFtW0A== Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Content-Language: zh-cn Min: I have one minor comment for TdxLib.h. This header file doesn't need to in= clude below header files. Other patches in MdePkg are good to me. Reviewed-= by: Liming Gao #include #include #include #include Thanks Liming > -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6----- > =E5=8F=91=E4=BB=B6=E4=BA=BA: devel@edk2.groups.io = =E4=BB=A3=E8=A1=A8 Min Xu > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2022=E5=B9=B43=E6=9C=8810=E6=97=A5 = 14:21 > =E6=94=B6=E4=BB=B6=E4=BA=BA: devel@edk2.groups.io; Gao, Liming > =E6=8A=84=E9=80=81: 'Brijesh Singh' ; Dong, Eric > ; Aktas, Erdem ; Wu, Hao > A ; Wang, Jian J ; 'James > Bottomley' ; Yao, Jiewen ; > Kinney, Michael D ; Ni, Ray ; > Kumar, Rahul1 ; 'Tom Lendacky' > ; Liu, Zhiguang ; > 'Gerd Hoffmann' > =E4=B8=BB=E9=A2=98: Re: [edk2-devel] [PATCH V7 00/37] Enable Intel TDX in= OvmfPkg > (Config-A) >=20 > Hi, Lingming > Besides below 2 comments in MdePkg, what's your opinion about below > patches in MdePkg? > Patch 01 includes the Intel Trust Domain Extension definitions. > Patch 07-10 is about the BaseIoLibIntrinsic > Patch 12 add macros CC_GUEST_IS_SEV / CC_GUEST_IS_TDX to check SEV / > TDX guest. >=20 > I am looking forward your comments about Patch 07 - 10. >=20 > 01-MdePkg-Add-Tdx.h.patch > - https://edk2.groups.io/g/devel/message/87049 > 03-MdePkg-Add-TdxLib-to-wrap-Tdx-operations.patch > - https://edk2.groups.io/g/devel/message/87051 >=20 > 07-MdePkg-Add-helper-functions-for-Tdx-guest-in-BaseIoL.patch > - https://edk2.groups.io/g/devel/message/87055 > 08-MdePkg-Support-mmio-for-Tdx-guest-in-BaseIoLibIntrin.patch > - https://edk2.groups.io/g/devel/message/87056 > 09-MdePkg-Support-IoFifo-for-Tdx-guest-in-BaseIoLibIntr.patch > - https://edk2.groups.io/g/devel/message/87057 > 10-MdePkg-Support-IoRead-IoWrite-for-Tdx-guest-in-BaseI.patch > - https://edk2.groups.io/g/devel/message/87058 >=20 > 12-MdePkg-Add-macro-to-check-SEV-TDX-guest.patch > - https://edk2.groups.io/g/devel/message/87060 >=20 > Thanks much! >=20 > > -----Original Message----- > > From: devel@edk2.groups.io On Behalf Of > gaoliming > > Sent: Tuesday, March 1, 2022 10:20 AM > > To: devel@edk2.groups.io; Xu, Min M > > Cc: 'Brijesh Singh' ; Dong, Eric > > ; Aktas, Erdem ; Wu, Hao > A > > ; Wang, Jian J ; 'James > > Bottomley' ; Yao, Jiewen ; > > Kinney, Michael D ; Ni, Ray > ; > > Kumar, Rahul1 ; 'Tom Lendacky' > > ; Liu, Zhiguang ; > 'Gerd > > Hoffmann' > > Subject: =E5=9B=9E=E5=A4=8D: [edk2-devel] [PATCH V7 00/37] Enable Intel= TDX in OvmfPkg > > (Config-A) > > > > Min: > > I have two comments in MdePkg. The changes in MdeModulePkg are > good to > > me. > > 1. Seemly, new APIs (TdCall, TdVmCall, TdIsEnabled) in BaseLib are X86 > specific. > > How about define them in #if defined (MDE_CPU_IA32) || defined > > (MDE_CPU_X64) in BaseLib.h? > > 2. I don't find new resource attribute > EFI_RESOURCE_ATTRIBUTE_ENCRYPTED in > > the latest PI PI_Spec_1_7_A_final_May1.pdf. Can you let me know which > spec > > defines it? > > > > Thanks > > Liming > > > -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6----- > > > =E5=8F=91=E4=BB=B6=E4=BA=BA: devel@edk2.groups.io =E4=BB=A3=E8=A1=A8 Min Xu > > > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2022=E5=B9=B42=E6=9C=8828=E6=97= =A5 15:21 > > > =E6=94=B6=E4=BB=B6=E4=BA=BA: devel@edk2.groups.io > > > =E6=8A=84=E9=80=81: Min Xu ; Brijesh Singh > > > ; Eric Dong ; Erdem > Aktas > > > ; Hao A Wu ; Jian J > Wang > > > ; James Bottomley ; > Jiewen > > > Yao ; Liming Gao ; > > > Michael D Kinney ; Ray Ni > > > ; Rahul Kumar ; Tom > Lendacky > > > ; Zhiguang Liu ; > Gerd > > > Hoffmann > > > =E4=B8=BB=E9=A2=98: [edk2-devel] [PATCH V7 00/37] Enable Intel TDX in= OvmfPkg > > > (Config-A) > > > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3249 > > > > > > Intel's Trust Domain Extensions (Intel TDX) refers to an Intel > > > technology that extends Virtual Machines Extensions (VMX) and > > > Multi-Key Total Memory Encryption (MKTME) with a new kind of virutal > > > machines guest called a Trust Domain (TD). A TD is desinged to run in > > > a CPU mode that protects the confidentiality of TD memory contents an= d > > > the TD's CPU state from other software, including the hosting > > > Virtual-Machine Monitor (VMM), unless explicitly shared by the TD its= elf. > > > > > > There are 2 configurations for TDVF to upstream. See below link for > > > the definitions of the 2 configurations. > > > https://edk2.groups.io/g/devel/message/76367 > > > > > > This patch-set is to enable Config-A in OvmfPkg. > > > - Merge the *basic* TDVF feature to existing OvmfX64Pkg.dsc. (Align > > > with existing SEV) > > > - Threat model: VMM is NOT out of TCB. (We don=E2=80=99t make things= worse.) > > > - The OvmfX64Pkg.dsc includes SEV/TDX/normal OVMF basic boot > capability. > > > The final binary can run on SEV/TDX/normal OVMF > > > - No changes to existing OvmfPkgX64 image layout. > > > - No need to add additional security features if they do not exist > > > today > > > - No need to remove features if they exist today. > > > - RTMR is not supported > > > - PEI phase is NOT skipped in either Td or Non-Td > > > > > > Patch 01 - 23 are changes in SEC phase. Also some libraries in these > > > patches are workable in SEC/PEI/DXE. > > > > > > Patch 17 - 20 extract the common codes from OvmfPkg/PlatformPei to a > > > new PlatformInitLib. Then OvmfPkg/PlatformPei is refactored with this= lib. > > > This is because there are 3 variants of PlatformPei in OvmfPkg and > > > hence many codes are duplicated. > > > Patch 21 then add Tdx specific codes in PlatformInitLib. > > > > > > Patch 24 - 29 are changes in PEI phase. > > > > > > Patch 30 - 34 are changes in DXE phase. > > > > > > Patch 35 - 37 are for local Apic timer DXE driver. > > > > > > [TDX]: https://software.intel.com/content/dam/develop/external/us/en/ > > > documents/tdx-whitepaper-final9-17.pdf > > > > > > [TDX-Module]: > https://software.intel.com/content/dam/develop/external/ > > > us/en/documents/tdx-module-1.0-public-spec-v0.931.pdf > > > > > > [TDVF]: > https://software.intel.com/content/dam/develop/external/us/en/ > > > documents/tdx-virtual-firmware-design-guide-rev-1.pdf > > > > > > [GCHI]: > https://software.intel.com/content/dam/develop/external/us/en/ > > > > documents/intel-tdx-guest-hypervisor-communication-interface-1.0-34442 > > > 6- > > > 002.pdf > > > > > > Code is at https://github.com/mxu9/edk2/tree/tdvf_wave2.v7 > > > > > > v7 changes: > > > - Based on the comments from last review, 8 PlatformInitLib patches > > > are squashed into 4 patches (#17-#20). These 4 patches are not > > > related to Tdx guest. Tdx related codes of PlatformInitLib is > > > in #21. > > > - gUefiOvmfPkgTdxPlatformGuid is renamed as > > > gUefiOvmfPkgPlatformInfoGuid. > > > Because this GUID is used not only by Tdx guest, but also by > > > Legacy guest. > > > - PlatformInitLibNull is deleted. > > > - In PlatformPei Pml4Entries is cap at 512 entries when > > > mPhysMemAddressWidth > 48. > > > > > > v7 not-addressed comments > > > - Comments in MpInitLib have not been addressed yet. It will be > > > addressed in the following version. > > > - Thanks much for your understanding. > > > > > > v6 changes: > > > - PlatformInitLib and OvmfPkg/PlatformPei refactoring are covered in > > > patch from 17 - 24. These patches are not related to Tdx guest. Td= x > > > related codes of PlatformInitLib is in patch 25. > > > - In the previous patch-sets, TdHob is processed in > > > OvmfPkg/Sec/IntelTdx.c. Per Gerd's suggestion they are now moved > > > to PlatformInitLib/IntelTdx.c. So that they can be reused in Confi= g-B. > > > - The default Accept page size is changed from 4K to 2M. > > > - The BspAcceptMemoryResourceRange is refactored according to > Gerd's > > > comment. > > > - In ApRunLoop.nasm command field is set to zero as acknowledgement. > > > This is a fix based on the ACPI Spec v6.4,Sec titled "Multiprocess= or > > > Wakeup Structure". > > > > > > v6 not-addressed comments > > > - Comments in MpInitLib have not been addressed yet. It will be > > > addressed in the following version. > > > - Thanks much for your understanding. > > > > > > v5 changes: > > > - PlatformInitLib is introduced which wraps the common functions in > > > OvmfPkg/PlatformPei. It is because there are a lot of duplicated > > > codes for Platform initialization in PEI phase and there are at le= ast > > > 3 variants of PlatformPei. Another reason is that in TDVF Config-B > > > PEI-less boot needs the similar initiliazation as PlatformPei. Bas= ed > > > on the discussion with the community, PlatformInitLib is introduce= d. > > > As the first stage OvmfPkg/PlatformPei is refactored with this lib= . > > > In the future the other 2 PlatformPei variants will be refactored > > > as well. > > > - PcdIgnoreVeHalt is deprecated. > > > - Add spec link for Mailbox. > > > - Other minor changes, such as comments, uncrustify formats, etc. > > > > > > v5 not-addressed comments > > > - Comments in MpInitLib have not been addressed yet. It will be > > > addressed in the following version. > > > - Some comments may be missed. I will re-visit the review emails. > > > - Thanks much for your understanding. > > > > > > v4 changes: > > > - Split the TdxLib into 2 libraries. The TDX basic functions > > > (TdCall / TdVmCall / TdIsEnabled) are moved to BaseLib (#2). > > > The other functions are in TdxLib. (#3) > > > - Based on above changes (TdCall/TdVmCall/TdIsEnabled in BaseLib) > > > the TdxLib.inf is not necessary in some Pkgs, such as > > > UefiPayloadPkg. The duplicated source code are deleted (BaseIoLib > > > is the sample). > > > - Drop the Accepting pages with TDX MP service. Instead only BSP > > > accepts pages. There maybe boot performance issue. There are some > > > mitigations to it, such as 2M accept page size, lazy accept, etc. > > > We will re-visit this issue in a separate patch-set. > > > - Relocate Mailbox in TdxDxe driver instead of in PlatformPei. This > > > is to keep consistence with Config-B (PEI is skipped in Config-B). > > > - SetMmioSharedBit in TdxDxe driver instead of in DxeIplPeim after > > > CreateIdentityMappingPageTables. This is to keep consistence with > > > Config-B (PEI is skipped in Config-B). > > > - Some other minor changes, such as switch-case indention. > > > - Rebase the code base (commit: 8c06c53b585a) and update the code > with > > > uncrustify. > > > > > > v4 not-addressed comments: > > > - Comments in MpInitLib have not been addressed yet. It will be > > > addressed in the next version. > > > - BaseMemEncryptTdxLib is suggested to be merged with > > > BaseMemEncryptSevLib. It will be addressed in the next version. > > > - Gerd suggests a generic page table walker which is able to set > > > and clear bits for a given memory range in both SEV and TDX guest. > > > This suggestion will be addressed in the next version. > > > - Some comments may be missed. I will re-visit the review emails. > > > - Thanks much for your understanding. > > > > > > v3 changes: > > > - LocalApicTimerDxe is split out to be a separate patch-series. > > > - VmTdExitLibNull/VmgExitLib are removed. Instead the VmgExitLib > > > is extended to handle #VE exception. (Patch 3-5) > > > - Split the Tdx support of base IoLib into 4 commits. (Patch 6-9) > > > - Alter of MADT table is updated. In previous version it was > > > created from scratch. Now it gets the installed table, copy > > > it to a larger buffer and append the ACPI_MADT_MPWK to it. > > > (Patch 25) > > > - Changes in BaseXApicX2ApicLib is refined based on the > > > feedbacks. (Add spec link of MSR access definition, rename > > > some funtion name, etc.) (Patch 11) > > > - Use PcdConfidentialComputingGuestAttr to probe TDX guest instead > > > of CPUID. But in some cases PcdConfidentialComputingGuestAttr > > > cannot be used because it has not been set yet. > > > - Some other minor changes. > > > > > > v3 not-addressed comments: > > > - Some of the comments have not been addressed. This is because I > > > need more time to consider how to address these comments. > > > At the same time I want to submit a new version based on the above > > > changes so that community can review in a more efficient way. > > > (v2 is the version one month ago). > > > - Comments in MpInitLib have not been addressed yet. It will be > > > addressed in v4. > > > - BaseMemEncryptTdxLib should be merged with > BaseMemEncryptSevLib. > > > It will be addressed in v4. > > > - Some comments may be missed. I will re-visit the review emails. > > > - Thanks much for your understanding. > > > > > > v2 changes: > > > - Remove TdxProbeLib. It is to reduce the depencies of the lib. > > > - In v1 a new function (AllocatePagesWithMemoryType) is added in > > > PeiMemoryAllocationLib. This function is not necessary. It can > > > be replaced by PeiServicesAllocatePages. > > > - IoLibFifo.c is added in BaseIoLibIntrinsic. This file includes > > > the functions of read/write of I/O port fifo. These functions > > > will call TdIoReadFifo or SevIoReadFifo by checking TDX or SEV > > > in run-time. > > > - DXE related patches are added. (Patch 22-28) > > > - Fix typo in commit/comment message, or some minor changes. > > > - Rebase the edk2 code base. (4cc1458dbe00) > > > > > > Cc: Brijesh Singh > > > Cc: Eric Dong > > > Cc: Erdem Aktas > > > Cc: Hao A Wu > > > Cc: Jian J Wang > > > Cc: James Bottomley > > > Cc: Jiewen Yao > > > Cc: Liming Gao > > > Cc: Michael D Kinney > > > Cc: Ray Ni > > > Cc: Rahul Kumar > > > Cc: Tom Lendacky > > > Cc: Zhiguang Liu > > > Cc: Gerd Hoffmann > > > Signed-off-by: Min Xu > > > > > > Min Xu (37): > > > MdePkg: Add Tdx.h > > > MdePkg: Introduce basic Tdx functions in BaseLib > > > MdePkg: Add TdxLib to wrap Tdx operations > > > UefiCpuPkg: Extend VmgExitLibNull to handle #VE exception > > > OvmfPkg: Extend VmgExitLib to handle #VE exception > > > UefiCpuPkg/CpuExceptionHandler: Add base support for the #VE > exception > > > MdePkg: Add helper functions for Tdx guest in BaseIoLibIntrinsic > > > MdePkg: Support mmio for Tdx guest in BaseIoLibIntrinsic > > > MdePkg: Support IoFifo for Tdx guest in BaseIoLibIntrinsic > > > MdePkg: Support IoRead/IoWrite for Tdx guest in BaseIoLibIntrinsic > > > UefiCpuPkg: Support TDX in BaseXApicX2ApicLib > > > MdePkg: Add macro to check SEV / TDX guest > > > UefiCpuPkg: Enable Tdx support in MpInitLib > > > OvmfPkg: Add IntelTdx.h in OvmfPkg/Include/IndustryStandard > > > OvmfPkg: Add TdxMailboxLib > > > MdePkg: Add EFI_RESOURCE_ATTRIBUTE_ENCRYPTED in PiHob.h > > > OvmfPkg: Create initial version of PlatformInitLib > > > OvmfPkg/PlatformInitLib: Add hob functions > > > OvmfPkg/PlatformInitLib: Add memory functions > > > OvmfPkg/PlatformInitLib: Add platform functions > > > OvmfPkg: Update PlatformInitLib to process Tdx hoblist > > > OvmfPkg/Sec: Declare local variable as volatile in > > > SecCoreStartupWithStack > > > OvmfPkg: Update Sec to support Tdx > > > OvmfPkg: Check Tdx in QemuFwCfgPei to avoid DMA operation > > > MdeModulePkg: EFER should not be changed in TDX > > > MdeModulePkg: Add PcdTdxSharedBitMask > > > UefiCpuPkg: Update AddressEncMask in CpuPageTable > > > OvmfPkg: Update PlatformInitLib for Tdx guest to publish ram region= s > > > OvmfPkg: Update PlatformPei to support Tdx guest > > > OvmfPkg: Update AcpiPlatformDxe to alter MADT table > > > OvmfPkg/BaseMemEncryptTdxLib: Add TDX helper library > > > OvmfPkg: Add TdxDxe driver > > > OvmfPkg/QemuFwCfgLib: Support Tdx in QemuFwCfgDxe > > > OvmfPkg: Update IoMmuDxe to support TDX > > > OvmfPkg: Rename XenTimerDxe to LocalApicTimerDxe > > > UefiCpuPkg: Setting initial-count register as the last step > > > OvmfPkg: Switch timer in build time for OvmfPkg > > > > > > MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 1 + > > > .../Core/DxeIplPeim/X64/VirtualMemory.c | 7 + > > > MdeModulePkg/MdeModulePkg.dec | 9 + > > > .../Include/ConfidentialComputingGuestAttr.h | 3 + > > > MdePkg/Include/IndustryStandard/Tdx.h | 203 ++++ > > > MdePkg/Include/Library/BaseLib.h | 62 ++ > > > MdePkg/Include/Library/TdxLib.h | 97 ++ > > > MdePkg/Include/Pi/PiHob.h | 8 + > > > .../BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf | 2 + > > > .../BaseIoLibIntrinsicSev.inf | 7 + > > > MdePkg/Library/BaseIoLibIntrinsic/IoLib.c | 81 +- > > > MdePkg/Library/BaseIoLibIntrinsic/IoLibFifo.c | 216 ++++ > > > MdePkg/Library/BaseIoLibIntrinsic/IoLibGcc.c | 51 +- > > > .../BaseIoLibIntrinsic/IoLibInternalTdx.c | 675 +++++++++++++ > > > .../BaseIoLibIntrinsic/IoLibInternalTdxNull.c | 497 +++++++++ > > > MdePkg/Library/BaseIoLibIntrinsic/IoLibMsc.c | 73 +- > > > MdePkg/Library/BaseIoLibIntrinsic/IoLibSev.h | 166 +++ > > > MdePkg/Library/BaseIoLibIntrinsic/IoLibTdx.h | 410 ++++++++ > > > .../BaseIoLibIntrinsic/X64/IoFifoSev.nasm | 34 +- > > > MdePkg/Library/BaseLib/BaseLib.inf | 11 + > > > MdePkg/Library/BaseLib/IntelTdxNull.c | 83 ++ > > > MdePkg/Library/BaseLib/X64/TdCall.nasm | 85 ++ > > > MdePkg/Library/BaseLib/X64/TdProbe.c | 62 ++ > > > MdePkg/Library/BaseLib/X64/TdVmcall.nasm | 145 +++ > > > MdePkg/Library/TdxLib/AcceptPages.c | 180 ++++ > > > MdePkg/Library/TdxLib/Rtmr.c | 83 ++ > > > MdePkg/Library/TdxLib/TdInfo.c | 114 +++ > > > MdePkg/Library/TdxLib/TdxLib.inf | 37 + > > > MdePkg/Library/TdxLib/TdxLibNull.c | 107 ++ > > > MdePkg/MdePkg.dec | 3 + > > > MdePkg/MdePkg.dsc | 1 + > > > OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf | 1 + > > > OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpi.c | 14 +- > > > OvmfPkg/AmdSev/AmdSevX64.dsc | 8 +- > > > OvmfPkg/AmdSev/AmdSevX64.fdf | 3 +- > > > OvmfPkg/Bhyve/BhyveX64.dsc | 2 + > > > OvmfPkg/CloudHv/CloudHvX64.dsc | 5 +- > > > OvmfPkg/CloudHv/CloudHvX64.fdf | 2 +- > > > OvmfPkg/Include/IndustryStandard/IntelTdx.h | 67 ++ > > > OvmfPkg/Include/Library/MemEncryptTdxLib.h | 81 ++ > > > OvmfPkg/Include/Library/PlatformInitLib.h | 286 ++++++ > > > OvmfPkg/Include/Library/TdxMailboxLib.h | 76 ++ > > > .../Include/Protocol/QemuAcpiTableNotify.h | 27 + > > > OvmfPkg/Include/TdxCommondefs.inc | 51 + > > > OvmfPkg/IoMmuDxe/AmdSevIoMmu.c | 103 +- > > > OvmfPkg/IoMmuDxe/AmdSevIoMmu.h | 6 +- > > > OvmfPkg/IoMmuDxe/IoMmuDxe.c | 6 +- > > > OvmfPkg/IoMmuDxe/IoMmuDxe.inf | 5 + > > > .../BaseMemEncryptTdxLib.inf | 44 + > > > .../BaseMemEncryptTdxLibNull.inf | 35 + > > > .../BaseMemoryEncryptionNull.c | 90 ++ > > > .../BaseMemEncryptTdxLib/MemoryEncryption.c | 948 > > > ++++++++++++++++++ > > > .../BaseMemEncryptTdxLib/VirtualMemory.h | 181 ++++ > > > .../PlatformInitLib}/Cmos.c | 32 +- > > > OvmfPkg/Library/PlatformInitLib/IntelTdx.c | 553 ++++++++++ > > > .../Library/PlatformInitLib/IntelTdxNull.c | 46 + > > > OvmfPkg/Library/PlatformInitLib/MemDetect.c | 707 > +++++++++++++ > > > OvmfPkg/Library/PlatformInitLib/Platform.c | 597 +++++++++++ > > > .../PlatformInitLib/PlatformInitLib.inf | 94 ++ > > > OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c | 9 +- > > > .../Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf | 1 + > > > .../QemuFwCfgLib/QemuFwCfgLibInternal.h | 11 + > > > OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c | 32 + > > > .../Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf | 2 + > > > OvmfPkg/Library/TdxMailboxLib/TdxMailbox.c | 140 +++ > > > .../Library/TdxMailboxLib/TdxMailboxLib.inf | 52 + > > > .../Library/TdxMailboxLib/TdxMailboxNull.c | 85 ++ > > > OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf | 3 +- > > > OvmfPkg/Library/VmgExitLib/VmTdExitHandler.h | 32 + > > > .../Library/VmgExitLib/VmTdExitVeHandler.c | 559 +++++++++++ > > > OvmfPkg/Library/VmgExitLib/VmgExitLib.inf | 2 + > > > .../Library/VmgExitLib/X64/TdVmcallCpuid.nasm | 146 +++ > > > .../LocalApicTimerDxe.c} | 4 +- > > > .../LocalApicTimerDxe.h} | 4 +- > > > .../LocalApicTimerDxe.inf} | 7 +- > > > OvmfPkg/Microvm/MicrovmX64.dsc | 5 +- > > > OvmfPkg/Microvm/MicrovmX64.fdf | 2 +- > > > OvmfPkg/OvmfPkg.dec | 17 + > > > OvmfPkg/OvmfPkgIa32.dsc | 12 +- > > > OvmfPkg/OvmfPkgIa32.fdf | 8 +- > > > OvmfPkg/OvmfPkgIa32X64.dsc | 14 +- > > > OvmfPkg/OvmfPkgIa32X64.fdf | 8 +- > > > OvmfPkg/OvmfPkgX64.dsc | 29 +- > > > OvmfPkg/OvmfPkgX64.fdf | 11 +- > > > OvmfPkg/OvmfXen.dsc | 4 +- > > > OvmfPkg/OvmfXen.fdf | 2 +- > > > OvmfPkg/PlatformPei/Cmos.h | 48 - > > > OvmfPkg/PlatformPei/FeatureControl.c | 7 +- > > > OvmfPkg/PlatformPei/IntelTdx.c | 54 + > > > OvmfPkg/PlatformPei/MemDetect.c | 669 +----------- > > > OvmfPkg/PlatformPei/Platform.c | 522 ++-------- > > > OvmfPkg/PlatformPei/Platform.h | 55 +- > > > OvmfPkg/PlatformPei/PlatformPei.inf | 7 +- > > > OvmfPkg/Sec/SecMain.c | 44 +- > > > OvmfPkg/Sec/SecMain.inf | 3 + > > > OvmfPkg/Sec/X64/SecEntry.nasm | 82 ++ > > > OvmfPkg/TdxDxe/TdxAcpiTable.c | 213 ++++ > > > OvmfPkg/TdxDxe/TdxAcpiTable.h | 60 ++ > > > OvmfPkg/TdxDxe/TdxDxe.c | 261 +++++ > > > OvmfPkg/TdxDxe/TdxDxe.inf | 64 ++ > > > OvmfPkg/TdxDxe/X64/ApRunLoop.nasm | 90 ++ > > > UefiCpuPkg/CpuDxe/CpuDxe.inf | 1 + > > > UefiCpuPkg/CpuDxe/CpuPageTable.c | 4 + > > > UefiCpuPkg/Include/Library/VmgExitLib.h | 28 + > > > .../BaseXApicX2ApicLib/BaseXApicX2ApicLib.c | 170 +++- > > > .../PeiDxeSmmCpuException.c | 17 + > > > .../SecPeiCpuException.c | 18 + > > > UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 3 + > > > UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 15 +- > > > UefiCpuPkg/Library/MpInitLib/MpIntelTdx.h | 71 ++ > > > UefiCpuPkg/Library/MpInitLib/MpLib.c | 27 + > > > UefiCpuPkg/Library/MpInitLib/MpLibTdx.c | 128 +++ > > > UefiCpuPkg/Library/MpInitLib/MpLibTdxNull.c | 73 ++ > > > UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 3 + > > > .../Library/VmgExitLibNull/VmTdExitNull.c | 38 + > > > .../Library/VmgExitLibNull/VmgExitLibNull.inf | 1 + > > > 116 files changed, 10233 insertions(+), 1327 deletions(-) create > > > mode 100644 MdePkg/Include/IndustryStandard/Tdx.h > > > create mode 100644 MdePkg/Include/Library/TdxLib.h create mode > > > 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibFifo.c > > > create mode 100644 > > > MdePkg/Library/BaseIoLibIntrinsic/IoLibInternalTdx.c > > > create mode 100644 > > > MdePkg/Library/BaseIoLibIntrinsic/IoLibInternalTdxNull.c > > > create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibSev.h > > > create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibTdx.h > > > create mode 100644 MdePkg/Library/BaseLib/IntelTdxNull.c > > > create mode 100644 MdePkg/Library/BaseLib/X64/TdCall.nasm > > > create mode 100644 MdePkg/Library/BaseLib/X64/TdProbe.c > > > create mode 100644 MdePkg/Library/BaseLib/X64/TdVmcall.nasm > > > create mode 100644 MdePkg/Library/TdxLib/AcceptPages.c > > > create mode 100644 MdePkg/Library/TdxLib/Rtmr.c create mode > 100644 > > > MdePkg/Library/TdxLib/TdInfo.c create mode 100644 > > > MdePkg/Library/TdxLib/TdxLib.inf create mode 100644 > > > MdePkg/Library/TdxLib/TdxLibNull.c > > > create mode 100644 OvmfPkg/Include/IndustryStandard/IntelTdx.h > > > create mode 100644 OvmfPkg/Include/Library/MemEncryptTdxLib.h > > > create mode 100644 OvmfPkg/Include/Library/PlatformInitLib.h > > > create mode 100644 OvmfPkg/Include/Library/TdxMailboxLib.h > > > create mode 100644 > OvmfPkg/Include/Protocol/QemuAcpiTableNotify.h > > > create mode 100644 OvmfPkg/Include/TdxCommondefs.inc create > mode > > > 100644 > > OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLib.inf > > > create mode 100644 > > > OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLibNull.inf > > > create mode 100644 > > > OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemoryEncryptionNull.c > > > create mode 100644 > > > OvmfPkg/Library/BaseMemEncryptTdxLib/MemoryEncryption.c > > > create mode 100644 > > > OvmfPkg/Library/BaseMemEncryptTdxLib/VirtualMemory.h > > > rename OvmfPkg/{PlatformPei =3D> Library/PlatformInitLib}/Cmos.c (61= %) > > > create mode 100644 OvmfPkg/Library/PlatformInitLib/IntelTdx.c > > > create mode 100644 OvmfPkg/Library/PlatformInitLib/IntelTdxNull.c > > > create mode 100644 OvmfPkg/Library/PlatformInitLib/MemDetect.c > > > create mode 100644 OvmfPkg/Library/PlatformInitLib/Platform.c > > > create mode 100644 > > > OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf > > > create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailbox.c > > > create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf > > > create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailboxNull.c > > > create mode 100644 OvmfPkg/Library/VmgExitLib/VmTdExitHandler.h > > > create mode 100644 > OvmfPkg/Library/VmgExitLib/VmTdExitVeHandler.c > > > create mode 100644 > OvmfPkg/Library/VmgExitLib/X64/TdVmcallCpuid.nasm > > > rename OvmfPkg/{XenTimerDxe/XenTimerDxe.c =3D> > > > LocalApicTimerDxe/LocalApicTimerDxe.c} (95%) rename > > > OvmfPkg/{XenTimerDxe/XenTimerDxe.h =3D> > > > LocalApicTimerDxe/LocalApicTimerDxe.h} (96%) rename > > > OvmfPkg/{XenTimerDxe/XenTimerDxe.inf =3D> > > > LocalApicTimerDxe/LocalApicTimerDxe.inf} (80%) delete mode 100644 > > > OvmfPkg/PlatformPei/Cmos.h create mode 100644 > > > OvmfPkg/PlatformPei/IntelTdx.c create mode 100644 > > > OvmfPkg/TdxDxe/TdxAcpiTable.c create mode 100644 > > > OvmfPkg/TdxDxe/TdxAcpiTable.h create mode 100644 > > > OvmfPkg/TdxDxe/TdxDxe.c create mode 100644 > > OvmfPkg/TdxDxe/TdxDxe.inf > > > create mode 100644 OvmfPkg/TdxDxe/X64/ApRunLoop.nasm create > mode > > > 100644 UefiCpuPkg/Library/MpInitLib/MpIntelTdx.h > > > create mode 100644 UefiCpuPkg/Library/MpInitLib/MpLibTdx.c > > > create mode 100644 UefiCpuPkg/Library/MpInitLib/MpLibTdxNull.c > > > create mode 100644 > UefiCpuPkg/Library/VmgExitLibNull/VmTdExitNull.c > > > > > > -- > > > 2.29.2.windows.2 > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >=20 >=20 >=20 >=20 >=20