* [PATCH] MdeModulePkg: Add dynamic PCD
@ 2017-02-07 19:53 Leo Duran
2017-02-07 19:53 ` [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask Leo Duran
0 siblings, 1 reply; 33+ messages in thread
From: Leo Duran @ 2017-02-07 19:53 UTC (permalink / raw)
To: edk2-devel; +Cc: Leo Duran
The new PcdPteMemoryEncryptionAddressOrMask dynamic PCD holds the address
mask for page table entries when memory encryption is enabled on AMD
processors supporting the Secure Encrypted Virtualization (SEV) feature.
This mask should be applied when creating 1:1 virtual to physical mapping tables.
For example, the OvmfPkg sets the PCD when launching SEV-enabled guests.
Brijesh Singh (1):
MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18 ++++++++++--------
MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
3 files changed, 22 insertions(+), 9 deletions(-)
--
1.9.1
^ permalink raw reply [flat|nested] 33+ messages in thread
* [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-07 19:53 [PATCH] MdeModulePkg: Add dynamic PCD Leo Duran
@ 2017-02-07 19:53 ` Leo Duran
2017-02-08 2:27 ` Zeng, Star
` (2 more replies)
0 siblings, 3 replies; 33+ messages in thread
From: Leo Duran @ 2017-02-07 19:53 UTC (permalink / raw)
To: edk2-devel; +Cc: Brijesh Singh, Feng Tian, Star Zeng, Laszlo Ersek, Leo Duran
From: Brijesh Singh <brijesh.singh@amd.com>
This dynamic PCD holds the address mask for page table entries when memory
encryption is enabled on AMD processors supporting the Secure Encrypted
Virtualization (SEV) feature.
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Leo Duran <leo.duran@amd.com>
---
MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18 ++++++++++--------
MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
3 files changed, 22 insertions(+), 9 deletions(-)
diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
index 2bc41be..d62bd9b 100644
--- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
+++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
@@ -6,6 +6,8 @@
# needed to run the DXE Foundation.
#
# Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
+#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -111,7 +113,8 @@ [FeaturePcd]
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ## CONSUMES
[Pcd.IA32,Pcd.X64]
- gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ## SOMETIMES_CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ## SOMETIMES_CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ## CONSUMES
[Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## SOMETIMES_CONSUMES
diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
index 790f6ab..2c52389 100644
--- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
+++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
@@ -16,6 +16,8 @@
3) IA-32 Intel(R) Architecture Software Developer's Manual Volume 3:System Programmer's Guide, Intel
Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
+
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -71,14 +73,14 @@ Split2MPageTo4K (
//
// Fill in 2M page entry.
//
- *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P | IA32_PG_RW;
+ *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
PhysicalAddress4K = PhysicalAddress;
for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512; IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K += SIZE_4KB) {
//
// Fill in the Page Table entries
//
- PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
+ PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
PageTableEntry->Bits.ReadWrite = 1;
PageTableEntry->Bits.Present = 1;
if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K < StackBase + StackSize)) {
@@ -116,7 +118,7 @@ Split1GPageTo2M (
//
// Fill in 1G page entry.
//
- *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P | IA32_PG_RW;
+ *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
PhysicalAddress2M = PhysicalAddress;
for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M += SIZE_2MB) {
@@ -129,7 +131,7 @@ Split1GPageTo2M (
//
// Fill in the Page Directory entries
//
- PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
+ PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
PageDirectoryEntry->Bits.ReadWrite = 1;
PageDirectoryEntry->Bits.Present = 1;
PageDirectoryEntry->Bits.MustBe1 = 1;
@@ -248,7 +250,7 @@ CreateIdentityMappingPageTables (
//
// Make a PML4 Entry
//
- PageMapLevel4Entry->Uint64 = (UINT64)(UINTN)PageDirectoryPointerEntry;
+ PageMapLevel4Entry->Uint64 = (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
PageMapLevel4Entry->Bits.ReadWrite = 1;
PageMapLevel4Entry->Bits.Present = 1;
@@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
//
// Fill in the Page Directory entries
//
- PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
+ PageDirectory1GEntry->Uint64 = (UINT64)PageAddress | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
PageDirectory1GEntry->Bits.ReadWrite = 1;
PageDirectory1GEntry->Bits.Present = 1;
PageDirectory1GEntry->Bits.MustBe1 = 1;
@@ -280,7 +282,7 @@ CreateIdentityMappingPageTables (
//
// Fill in a Page Directory Pointer Entries
//
- PageDirectoryPointerEntry->Uint64 = (UINT64)(UINTN)PageDirectoryEntry;
+ PageDirectoryPointerEntry->Uint64 = (UINT64)(UINTN)PageDirectoryEntry | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
PageDirectoryPointerEntry->Bits.ReadWrite = 1;
PageDirectoryPointerEntry->Bits.Present = 1;
@@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
//
// Fill in the Page Directory entries
//
- PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
+ PageDirectoryEntry->Uint64 = (UINT64)PageAddress | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
PageDirectoryEntry->Bits.ReadWrite = 1;
PageDirectoryEntry->Bits.Present = 1;
PageDirectoryEntry->Bits.MustBe1 = 1;
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 273cd7e..207384f 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -6,6 +6,8 @@
# Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2016, Linaro Ltd. All rights reserved.<BR>
# (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
+#
# This program and the accompanying materials are licensed and made available under
# the terms and conditions of the BSD License that accompanies this distribution.
# The full text of the license may be found at
@@ -1738,5 +1740,11 @@ [PcdsDynamic, PcdsDynamicEx]
# @Prompt If there is any test key used by the platform.
gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x00030003
+ ## This dynamic PCD holds the address mask for page table entries when memory encryption is
+ # enabled on AMD processors supporting the Secure Encrypted Virtualization (SEV) feature.
+ # This mask should be applied when creating 1:1 virtual to physical mapping tables.
+ #
+ gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0|UINT64|0x00030004
+
[UserExtensions.TianoCore."ExtraFiles"]
MdeModulePkgExtra.uni
--
1.9.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-07 19:53 ` [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask Leo Duran
@ 2017-02-08 2:27 ` Zeng, Star
2017-02-08 16:59 ` Duran, Leo
2017-02-08 8:38 ` Laszlo Ersek
2017-02-08 15:19 ` Gao, Liming
2 siblings, 1 reply; 33+ messages in thread
From: Zeng, Star @ 2017-02-08 2:27 UTC (permalink / raw)
To: Leo Duran, edk2-devel@ml01.01.org
Cc: Laszlo Ersek, Tian, Feng, Brijesh Singh, Zeng, Star, Yao, Jiewen
Does Create4GPageTablesIa32Pae() also need to be updated?
Thanks,
Star
-----Original Message-----
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Leo Duran
Sent: Wednesday, February 8, 2017 3:54 AM
To: edk2-devel@ml01.01.org
Cc: Laszlo Ersek <lersek@redhat.com>; Tian, Feng <feng.tian@intel.com>; Brijesh Singh <brijesh.singh@amd.com>; Zeng, Star <star.zeng@intel.com>; Leo Duran <leo.duran@amd.com>
Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
From: Brijesh Singh <brijesh.singh@amd.com>
This dynamic PCD holds the address mask for page table entries when memory encryption is enabled on AMD processors supporting the Secure Encrypted Virtualization (SEV) feature.
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Leo Duran <leo.duran@amd.com>
---
MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18 ++++++++++--------
MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
3 files changed, 22 insertions(+), 9 deletions(-)
diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
index 2bc41be..d62bd9b 100644
--- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
+++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
@@ -6,6 +6,8 @@
# needed to run the DXE Foundation.
#
# Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -111,7 +113,8 @@ [FeaturePcd]
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ## CONSUMES
[Pcd.IA32,Pcd.X64]
- gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ## SOMETIMES_CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ## SOMETIMES_CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ## CONSUMES
[Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## SOMETIMES_CONSUMES
diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
index 790f6ab..2c52389 100644
--- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
+++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
@@ -16,6 +16,8 @@
3) IA-32 Intel(R) Architecture Software Developer's Manual Volume 3:System Programmer's Guide, Intel
Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
+
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -71,14 +73,14 @@ Split2MPageTo4K (
//
// Fill in 2M page entry.
//
- *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P | IA32_PG_RW;
+ *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64
+ (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
PhysicalAddress4K = PhysicalAddress;
for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512; IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K += SIZE_4KB) {
//
// Fill in the Page Table entries
//
- PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
+ PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | PcdGet64
+ (PcdPteMemoryEncryptionAddressOrMask);
PageTableEntry->Bits.ReadWrite = 1;
PageTableEntry->Bits.Present = 1;
if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K < StackBase + StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M (
//
// Fill in 1G page entry.
//
- *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P | IA32_PG_RW;
+ *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64
+ (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
PhysicalAddress2M = PhysicalAddress;
for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M += SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M (
//
// Fill in the Page Directory entries
//
- PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
+ PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M |
+ PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
PageDirectoryEntry->Bits.ReadWrite = 1;
PageDirectoryEntry->Bits.Present = 1;
PageDirectoryEntry->Bits.MustBe1 = 1; @@ -248,7 +250,7 @@ CreateIdentityMappingPageTables (
//
// Make a PML4 Entry
//
- PageMapLevel4Entry->Uint64 = (UINT64)(UINTN)PageDirectoryPointerEntry;
+ PageMapLevel4Entry->Uint64 =
+ (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64
+ (PcdPteMemoryEncryptionAddressOrMask);
PageMapLevel4Entry->Bits.ReadWrite = 1;
PageMapLevel4Entry->Bits.Present = 1;
@@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
//
// Fill in the Page Directory entries
//
- PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
+ PageDirectory1GEntry->Uint64 = (UINT64)PageAddress | PcdGet64
+ (PcdPteMemoryEncryptionAddressOrMask);
PageDirectory1GEntry->Bits.ReadWrite = 1;
PageDirectory1GEntry->Bits.Present = 1;
PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -280,7 +282,7 @@ CreateIdentityMappingPageTables (
//
// Fill in a Page Directory Pointer Entries
//
- PageDirectoryPointerEntry->Uint64 = (UINT64)(UINTN)PageDirectoryEntry;
+ PageDirectoryPointerEntry->Uint64 =
+ (UINT64)(UINTN)PageDirectoryEntry | PcdGet64
+ (PcdPteMemoryEncryptionAddressOrMask);
PageDirectoryPointerEntry->Bits.ReadWrite = 1;
PageDirectoryPointerEntry->Bits.Present = 1;
@@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
//
// Fill in the Page Directory entries
//
- PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
+ PageDirectoryEntry->Uint64 = (UINT64)PageAddress | PcdGet64
+ (PcdPteMemoryEncryptionAddressOrMask);
PageDirectoryEntry->Bits.ReadWrite = 1;
PageDirectoryEntry->Bits.Present = 1;
PageDirectoryEntry->Bits.MustBe1 = 1; diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 273cd7e..207384f 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -6,6 +6,8 @@
# Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR> # Copyright (c) 2016, Linaro Ltd. All rights reserved.<BR> # (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
# This program and the accompanying materials are licensed and made available under # the terms and conditions of the BSD License that accompanies this distribution.
# The full text of the license may be found at @@ -1738,5 +1740,11 @@ [PcdsDynamic, PcdsDynamicEx]
# @Prompt If there is any test key used by the platform.
gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x00030003
+ ## This dynamic PCD holds the address mask for page table entries
+ when memory encryption is # enabled on AMD processors supporting the Secure Encrypted Virtualization (SEV) feature.
+ # This mask should be applied when creating 1:1 virtual to physical mapping tables.
+ #
+
+ gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0
+ |UINT64|0x00030004
+
[UserExtensions.TianoCore."ExtraFiles"]
MdeModulePkgExtra.uni
--
1.9.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
^ permalink raw reply related [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-07 19:53 ` [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask Leo Duran
2017-02-08 2:27 ` Zeng, Star
@ 2017-02-08 8:38 ` Laszlo Ersek
2017-02-08 15:12 ` Duran, Leo
2017-02-08 15:19 ` Gao, Liming
2 siblings, 1 reply; 33+ messages in thread
From: Laszlo Ersek @ 2017-02-08 8:38 UTC (permalink / raw)
To: Leo Duran, edk2-devel; +Cc: Feng Tian, Brijesh Singh, Star Zeng
On 02/07/17 20:53, Leo Duran wrote:
> From: Brijesh Singh <brijesh.singh@amd.com>
>
> This dynamic PCD holds the address mask for page table entries when memory
> encryption is enabled on AMD processors supporting the Secure Encrypted
> Virtualization (SEV) feature.
>
> Cc: Feng Tian <feng.tian@intel.com>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Leo Duran <leo.duran@amd.com>
> ---
> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18 ++++++++++--------
> MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
> 3 files changed, 22 insertions(+), 9 deletions(-)
[snip]
> diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
> index 273cd7e..207384f 100644
> --- a/MdeModulePkg/MdeModulePkg.dec
> +++ b/MdeModulePkg/MdeModulePkg.dec
> @@ -6,6 +6,8 @@
> # Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR>
> # Copyright (c) 2016, Linaro Ltd. All rights reserved.<BR>
> # (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
> +#
> # This program and the accompanying materials are licensed and made available under
> # the terms and conditions of the BSD License that accompanies this distribution.
> # The full text of the license may be found at
> @@ -1738,5 +1740,11 @@ [PcdsDynamic, PcdsDynamicEx]
> # @Prompt If there is any test key used by the platform.
> gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x00030003
>
> + ## This dynamic PCD holds the address mask for page table entries when memory encryption is
> + # enabled on AMD processors supporting the Secure Encrypted Virtualization (SEV) feature.
> + # This mask should be applied when creating 1:1 virtual to physical mapping tables.
> + #
> + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0|UINT64|0x00030004
> +
> [UserExtensions.TianoCore."ExtraFiles"]
> MdeModulePkgExtra.uni
>
I think this PCD should be added to the following section of the DEC file:
[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
Although OVMF will use the PCD as a dynamic one, I see no reason why the
DEC file should prohibit setting the PCD as a fixed one.
Looking at other PCDs in the
[PcdsDynamic, PcdsDynamicEx]
section, most of those seem to stand for data that are impossible to
determine at build time. Is the new PCD impossible to determine at build
time, for any platform at all?
... Of course, if it can be proved that any given platform will either
(a) set this new PCD dynamically, or
(b) not even *include* the PCD -- with a dynamic default value -- in
its platform DSC file,
then this patch can work too.
Thanks
Laszlo
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-08 8:38 ` Laszlo Ersek
@ 2017-02-08 15:12 ` Duran, Leo
0 siblings, 0 replies; 33+ messages in thread
From: Duran, Leo @ 2017-02-08 15:12 UTC (permalink / raw)
To: 'Laszlo Ersek', edk2-devel@ml01.01.org
Cc: Feng Tian, Singh, Brijesh, Star Zeng
Lazlo, et al,
Please reply below.
Leo.
> -----Original Message-----
> From: Laszlo Ersek [mailto:lersek@redhat.com]
> Sent: Wednesday, February 08, 2017 2:39 AM
> To: Duran, Leo <leo.duran@amd.com>; edk2-devel@ml01.01.org
> Cc: Feng Tian <feng.tian@intel.com>; Singh, Brijesh
> <brijesh.singh@amd.com>; Star Zeng <star.zeng@intel.com>
> Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
> On 02/07/17 20:53, Leo Duran wrote:
> > From: Brijesh Singh <brijesh.singh@amd.com>
> >
> > This dynamic PCD holds the address mask for page table entries when
> > memory encryption is enabled on AMD processors supporting the Secure
> > Encrypted Virtualization (SEV) feature.
> >
> > Cc: Feng Tian <feng.tian@intel.com>
> > Cc: Star Zeng <star.zeng@intel.com>
> > Cc: Laszlo Ersek <lersek@redhat.com>
> > Contributed-under: TianoCore Contribution Agreement 1.0
> > Signed-off-by: Leo Duran <leo.duran@amd.com>
> > ---
> > MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
> > MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18
> ++++++++++--------
> > MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
> > 3 files changed, 22 insertions(+), 9 deletions(-)
>
> [snip]
>
> > diff --git a/MdeModulePkg/MdeModulePkg.dec
> > b/MdeModulePkg/MdeModulePkg.dec index 273cd7e..207384f 100644
> > --- a/MdeModulePkg/MdeModulePkg.dec
> > +++ b/MdeModulePkg/MdeModulePkg.dec
> > @@ -6,6 +6,8 @@
> > # Copyright (c) 2007 - 2017, Intel Corporation. All rights
> > reserved.<BR> # Copyright (c) 2016, Linaro Ltd. All rights
> > reserved.<BR> # (C) Copyright 2016 Hewlett Packard Enterprise
> > Development LP<BR>
> > +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
> > # This program and the accompanying materials are licensed and made
> > available under # the terms and conditions of the BSD License that
> accompanies this distribution.
> > # The full text of the license may be found at @@ -1738,5 +1740,11 @@
> > [PcdsDynamic, PcdsDynamicEx]
> > # @Prompt If there is any test key used by the platform.
> >
> >
> gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x0
> 0030003
> >
> > + ## This dynamic PCD holds the address mask for page table entries
> > + when memory encryption is # enabled on AMD processors supporting
> the Secure Encrypted Virtualization (SEV) feature.
> > + # This mask should be applied when creating 1:1 virtual to physical
> mapping tables.
> > + #
> > +
> > +
> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
> ask|0
> > + x0|UINT64|0x00030004
> > +
> > [UserExtensions.TianoCore."ExtraFiles"]
> > MdeModulePkgExtra.uni
> >
>
> I think this PCD should be added to the following section of the DEC file:
>
> [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
>
> Although OVMF will use the PCD as a dynamic one, I see no reason why the
> DEC file should prohibit setting the PCD as a fixed one.
>
> Looking at other PCDs in the
>
> [PcdsDynamic, PcdsDynamicEx]
>
> section, most of those seem to stand for data that are impossible to
> determine at build time. Is the new PCD impossible to determine at build
> time, for any platform at all?
>
[Duran, Leo]
The PCD should be determined at runtime using CPUID.
However, I suppose you may 'know' about your platform at build time.
So to your point, I think it's reasonable to allow fixed, etc.
> ... Of course, if it can be proved that any given platform will either
> (a) set this new PCD dynamically, or
> (b) not even *include* the PCD -- with a dynamic default value -- in
> its platform DSC file,
> then this patch can work too.
>
> Thanks
> Laszlo
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-07 19:53 ` [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask Leo Duran
2017-02-08 2:27 ` Zeng, Star
2017-02-08 8:38 ` Laszlo Ersek
@ 2017-02-08 15:19 ` Gao, Liming
2017-02-08 17:11 ` Duran, Leo
2 siblings, 1 reply; 33+ messages in thread
From: Gao, Liming @ 2017-02-08 15:19 UTC (permalink / raw)
To: Leo Duran, edk2-devel@ml01.01.org
Cc: Laszlo Ersek, Tian, Feng, Brijesh Singh, Zeng, Star
Leo:
MdeModulePkg CapsulePei and UefiCpuPkg S3Resume2 also create PageTable to run X64 code. Do they require this change?
Thanks
Liming
-----Original Message-----
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Leo Duran
Sent: Wednesday, February 8, 2017 3:54 AM
To: edk2-devel@ml01.01.org
Cc: Laszlo Ersek <lersek@redhat.com>; Tian, Feng <feng.tian@intel.com>; Brijesh Singh <brijesh.singh@amd.com>; Zeng, Star <star.zeng@intel.com>; Leo Duran <leo.duran@amd.com>
Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
From: Brijesh Singh <brijesh.singh@amd.com>
This dynamic PCD holds the address mask for page table entries when memory
encryption is enabled on AMD processors supporting the Secure Encrypted
Virtualization (SEV) feature.
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Leo Duran <leo.duran@amd.com>
---
MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18 ++++++++++--------
MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
3 files changed, 22 insertions(+), 9 deletions(-)
diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
index 2bc41be..d62bd9b 100644
--- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
+++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
@@ -6,6 +6,8 @@
# needed to run the DXE Foundation.
#
# Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
+#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -111,7 +113,8 @@ [FeaturePcd]
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ## CONSUMES
[Pcd.IA32,Pcd.X64]
- gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ## SOMETIMES_CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ## SOMETIMES_CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ## CONSUMES
[Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## SOMETIMES_CONSUMES
diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
index 790f6ab..2c52389 100644
--- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
+++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
@@ -16,6 +16,8 @@
3) IA-32 Intel(R) Architecture Software Developer's Manual Volume 3:System Programmer's Guide, Intel
Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
+
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -71,14 +73,14 @@ Split2MPageTo4K (
//
// Fill in 2M page entry.
//
- *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P | IA32_PG_RW;
+ *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
PhysicalAddress4K = PhysicalAddress;
for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512; IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K += SIZE_4KB) {
//
// Fill in the Page Table entries
//
- PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
+ PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
PageTableEntry->Bits.ReadWrite = 1;
PageTableEntry->Bits.Present = 1;
if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K < StackBase + StackSize)) {
@@ -116,7 +118,7 @@ Split1GPageTo2M (
//
// Fill in 1G page entry.
//
- *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P | IA32_PG_RW;
+ *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
PhysicalAddress2M = PhysicalAddress;
for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M += SIZE_2MB) {
@@ -129,7 +131,7 @@ Split1GPageTo2M (
//
// Fill in the Page Directory entries
//
- PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
+ PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
PageDirectoryEntry->Bits.ReadWrite = 1;
PageDirectoryEntry->Bits.Present = 1;
PageDirectoryEntry->Bits.MustBe1 = 1;
@@ -248,7 +250,7 @@ CreateIdentityMappingPageTables (
//
// Make a PML4 Entry
//
- PageMapLevel4Entry->Uint64 = (UINT64)(UINTN)PageDirectoryPointerEntry;
+ PageMapLevel4Entry->Uint64 = (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
PageMapLevel4Entry->Bits.ReadWrite = 1;
PageMapLevel4Entry->Bits.Present = 1;
@@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
//
// Fill in the Page Directory entries
//
- PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
+ PageDirectory1GEntry->Uint64 = (UINT64)PageAddress | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
PageDirectory1GEntry->Bits.ReadWrite = 1;
PageDirectory1GEntry->Bits.Present = 1;
PageDirectory1GEntry->Bits.MustBe1 = 1;
@@ -280,7 +282,7 @@ CreateIdentityMappingPageTables (
//
// Fill in a Page Directory Pointer Entries
//
- PageDirectoryPointerEntry->Uint64 = (UINT64)(UINTN)PageDirectoryEntry;
+ PageDirectoryPointerEntry->Uint64 = (UINT64)(UINTN)PageDirectoryEntry | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
PageDirectoryPointerEntry->Bits.ReadWrite = 1;
PageDirectoryPointerEntry->Bits.Present = 1;
@@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
//
// Fill in the Page Directory entries
//
- PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
+ PageDirectoryEntry->Uint64 = (UINT64)PageAddress | PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
PageDirectoryEntry->Bits.ReadWrite = 1;
PageDirectoryEntry->Bits.Present = 1;
PageDirectoryEntry->Bits.MustBe1 = 1;
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 273cd7e..207384f 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -6,6 +6,8 @@
# Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2016, Linaro Ltd. All rights reserved.<BR>
# (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
+#
# This program and the accompanying materials are licensed and made available under
# the terms and conditions of the BSD License that accompanies this distribution.
# The full text of the license may be found at
@@ -1738,5 +1740,11 @@ [PcdsDynamic, PcdsDynamicEx]
# @Prompt If there is any test key used by the platform.
gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x00030003
+ ## This dynamic PCD holds the address mask for page table entries when memory encryption is
+ # enabled on AMD processors supporting the Secure Encrypted Virtualization (SEV) feature.
+ # This mask should be applied when creating 1:1 virtual to physical mapping tables.
+ #
+ gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0|UINT64|0x00030004
+
[UserExtensions.TianoCore."ExtraFiles"]
MdeModulePkgExtra.uni
--
1.9.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
^ permalink raw reply related [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-08 2:27 ` Zeng, Star
@ 2017-02-08 16:59 ` Duran, Leo
2017-02-08 17:05 ` Yao, Jiewen
0 siblings, 1 reply; 33+ messages in thread
From: Duran, Leo @ 2017-02-08 16:59 UTC (permalink / raw)
To: 'Zeng, Star', edk2-devel@ml01.01.org
Cc: Laszlo Ersek, Tian, Feng, Singh, Brijesh, Yao, Jiewen
Pease see reply below.
Leo
> -----Original Message-----
> From: Zeng, Star [mailto:star.zeng@intel.com]
> Sent: Tuesday, February 07, 2017 8:27 PM
> To: Duran, Leo <leo.duran@amd.com>; edk2-devel@ml01.01.org
> Cc: Laszlo Ersek <lersek@redhat.com>; Tian, Feng <feng.tian@intel.com>;
> Singh, Brijesh <brijesh.singh@amd.com>; Zeng, Star <star.zeng@intel.com>;
> Yao, Jiewen <jiewen.yao@intel.com>
> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
> Does Create4GPageTablesIa32Pae() also need to be updated?
>
> Thanks,
> Star
[Duran, Leo]
Hi Star,
No, I do not think Create4GPageTablesIa32Pae() is in the execution path.
The SEV feature requires 64-bit LongMode, so the PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time,
in which case Create4GPageTablesIa32Pae() would *not* be called by HandOffToDxeCore().
> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> Leo Duran
> Sent: Wednesday, February 8, 2017 3:54 AM
> To: edk2-devel@ml01.01.org
> Cc: Laszlo Ersek <lersek@redhat.com>; Tian, Feng <feng.tian@intel.com>;
> Brijesh Singh <brijesh.singh@amd.com>; Zeng, Star <star.zeng@intel.com>;
> Leo Duran <leo.duran@amd.com>
> Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
> From: Brijesh Singh <brijesh.singh@amd.com>
>
> This dynamic PCD holds the address mask for page table entries when
> memory encryption is enabled on AMD processors supporting the Secure
> Encrypted Virtualization (SEV) feature.
>
> Cc: Feng Tian <feng.tian@intel.com>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Leo Duran <leo.duran@amd.com>
> ---
> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18 ++++++++++--
> ------
> MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
> 3 files changed, 22 insertions(+), 9 deletions(-)
>
> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> index 2bc41be..d62bd9b 100644
> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> @@ -6,6 +6,8 @@
> # needed to run the DXE Foundation.
> #
> # Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
> # This program and the accompanying materials # are licensed and made
> available under the terms and conditions of the BSD License # which
> accompanies this distribution. The full text of the license may be found at
> @@ -111,7 +113,8 @@ [FeaturePcd]
> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ##
> CONSUMES
>
> [Pcd.IA32,Pcd.X64]
> - gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
> SOMETIMES_CONSUMES
> + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
> SOMETIMES_CONSUMES
> +
> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
> ask ## CONSUMES
>
> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ##
> SOMETIMES_CONSUMES
> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> index 790f6ab..2c52389 100644
> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> @@ -16,6 +16,8 @@
> 3) IA-32 Intel(R) Architecture Software Developer's Manual Volume
> 3:System Programmer's Guide, Intel
>
> Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
> +
> This program and the accompanying materials are licensed and made
> available under the terms and conditions of the BSD License which
> accompanies this distribution. The full text of the license may be found at
> @@ -71,14 +73,14 @@ Split2MPageTo4K (
> //
> // Fill in 2M page entry.
> //
> - *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P |
> IA32_PG_RW;
> + *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>
> PhysicalAddress4K = PhysicalAddress;
> for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512;
> IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=
> SIZE_4KB) {
> //
> // Fill in the Page Table entries
> //
> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageTableEntry->Bits.ReadWrite = 1;
> PageTableEntry->Bits.Present = 1;
> if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K < StackBase +
> StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M (
> //
> // Fill in 1G page entry.
> //
> - *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P |
> IA32_PG_RW;
> + *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>
> PhysicalAddress2M = PhysicalAddress;
> for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512;
> IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M
> += SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M (
> //
> // Fill in the Page Directory entries
> //
> - PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
> + PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M |
> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
> PageDirectoryEntry->Bits.ReadWrite = 1;
> PageDirectoryEntry->Bits.Present = 1;
> PageDirectoryEntry->Bits.MustBe1 = 1; @@ -248,7 +250,7 @@
> CreateIdentityMappingPageTables (
> //
> // Make a PML4 Entry
> //
> - PageMapLevel4Entry->Uint64 =
> (UINT64)(UINTN)PageDirectoryPointerEntry;
> + PageMapLevel4Entry->Uint64 =
> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageMapLevel4Entry->Bits.ReadWrite = 1;
> PageMapLevel4Entry->Bits.Present = 1;
>
> @@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
> //
> // Fill in the Page Directory entries
> //
> - PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
> + PageDirectory1GEntry->Uint64 = (UINT64)PageAddress | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageDirectory1GEntry->Bits.ReadWrite = 1;
> PageDirectory1GEntry->Bits.Present = 1;
> PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -280,7 +282,7 @@
> CreateIdentityMappingPageTables (
> //
> // Fill in a Page Directory Pointer Entries
> //
> - PageDirectoryPointerEntry->Uint64 =
> (UINT64)(UINTN)PageDirectoryEntry;
> + PageDirectoryPointerEntry->Uint64 =
> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageDirectoryPointerEntry->Bits.ReadWrite = 1;
> PageDirectoryPointerEntry->Bits.Present = 1;
>
> @@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
> //
> // Fill in the Page Directory entries
> //
> - PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
> + PageDirectoryEntry->Uint64 = (UINT64)PageAddress | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageDirectoryEntry->Bits.ReadWrite = 1;
> PageDirectoryEntry->Bits.Present = 1;
> PageDirectoryEntry->Bits.MustBe1 = 1; diff --git
> a/MdeModulePkg/MdeModulePkg.dec
> b/MdeModulePkg/MdeModulePkg.dec index 273cd7e..207384f 100644
> --- a/MdeModulePkg/MdeModulePkg.dec
> +++ b/MdeModulePkg/MdeModulePkg.dec
> @@ -6,6 +6,8 @@
> # Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR> #
> Copyright (c) 2016, Linaro Ltd. All rights reserved.<BR> # (C) Copyright 2016
> Hewlett Packard Enterprise Development LP<BR>
> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
> # This program and the accompanying materials are licensed and made
> available under # the terms and conditions of the BSD License that
> accompanies this distribution.
> # The full text of the license may be found at @@ -1738,5 +1740,11 @@
> [PcdsDynamic, PcdsDynamicEx]
> # @Prompt If there is any test key used by the platform.
>
> gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x0
> 0030003
>
> + ## This dynamic PCD holds the address mask for page table entries
> + when memory encryption is # enabled on AMD processors supporting the
> Secure Encrypted Virtualization (SEV) feature.
> + # This mask should be applied when creating 1:1 virtual to physical
> mapping tables.
> + #
> +
> +
> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
> ask|0x0
> + |UINT64|0x00030004
> +
> [UserExtensions.TianoCore."ExtraFiles"]
> MdeModulePkgExtra.uni
> --
> 1.9.1
>
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-08 16:59 ` Duran, Leo
@ 2017-02-08 17:05 ` Yao, Jiewen
2017-02-08 17:10 ` Laszlo Ersek
2017-02-08 17:52 ` Duran, Leo
0 siblings, 2 replies; 33+ messages in thread
From: Yao, Jiewen @ 2017-02-08 17:05 UTC (permalink / raw)
To: Duran, Leo, Zeng, Star, edk2-devel@ml01.01.org
Cc: Laszlo Ersek, Tian, Feng, Singh, Brijesh
HI Leo
Thanks to clarify that.
If that is the case, do you think it will be better to limit this PCD to X64 only in DEC file. Such as [PcdsDynamic.X64, PcdsDynamicEx.X64]
Thank you
Yao Jiewen
From: Duran, Leo [mailto:leo.duran@amd.com]
Sent: Wednesday, February 8, 2017 9:00 AM
To: Zeng, Star <star.zeng@intel.com>; edk2-devel@ml01.01.org
Cc: Laszlo Ersek <lersek@redhat.com>; Tian, Feng <feng.tian@intel.com>; Singh, Brijesh <brijesh.singh@amd.com>; Yao, Jiewen <jiewen.yao@intel.com>
Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
Pease see reply below.
Leo
> -----Original Message-----
> From: Zeng, Star [mailto:star.zeng@intel.com]
> Sent: Tuesday, February 07, 2017 8:27 PM
> To: Duran, Leo <leo.duran@amd.com<mailto:leo.duran@amd.com>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org>
> Cc: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com<mailto:feng.tian@intel.com>>;
> Singh, Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com>>;
> Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
> Does Create4GPageTablesIa32Pae() also need to be updated?
>
> Thanks,
> Star
[Duran, Leo]
Hi Star,
No, I do not think Create4GPageTablesIa32Pae() is in the execution path.
The SEV feature requires 64-bit LongMode, so the PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time,
in which case Create4GPageTablesIa32Pae() would *not* be called by HandOffToDxeCore().
> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> Leo Duran
> Sent: Wednesday, February 8, 2017 3:54 AM
> To: edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org>
> Cc: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com<mailto:feng.tian@intel.com>>;
> Brijesh Singh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com>>;
> Leo Duran <leo.duran@amd.com<mailto:leo.duran@amd.com>>
> Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
> From: Brijesh Singh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>
>
> This dynamic PCD holds the address mask for page table entries when
> memory encryption is enabled on AMD processors supporting the Secure
> Encrypted Virtualization (SEV) feature.
>
> Cc: Feng Tian <feng.tian@intel.com<mailto:feng.tian@intel.com>>
> Cc: Star Zeng <star.zeng@intel.com<mailto:star.zeng@intel.com>>
> Cc: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Leo Duran <leo.duran@amd.com<mailto:leo.duran@amd.com>>
> ---
> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18 ++++++++++--
> ------
> MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
> 3 files changed, 22 insertions(+), 9 deletions(-)
>
> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> index 2bc41be..d62bd9b 100644
> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> @@ -6,6 +6,8 @@
> # needed to run the DXE Foundation.
> #
> # Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
> # This program and the accompanying materials # are licensed and made
> available under the terms and conditions of the BSD License # which
> accompanies this distribution. The full text of the license may be found at
> @@ -111,7 +113,8 @@ [FeaturePcd]
> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ##
> CONSUMES
>
> [Pcd.IA32,Pcd.X64]
> - gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
> SOMETIMES_CONSUMES
> + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
> SOMETIMES_CONSUMES
> +
> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
> ask ## CONSUMES
>
> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ##
> SOMETIMES_CONSUMES
> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> index 790f6ab..2c52389 100644
> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> @@ -16,6 +16,8 @@
> 3) IA-32 Intel(R) Architecture Software Developer's Manual Volume
> 3:System Programmer's Guide, Intel
>
> Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
> +
> This program and the accompanying materials are licensed and made
> available under the terms and conditions of the BSD License which
> accompanies this distribution. The full text of the license may be found at
> @@ -71,14 +73,14 @@ Split2MPageTo4K (
> //
> // Fill in 2M page entry.
> //
> - *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P |
> IA32_PG_RW;
> + *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>
> PhysicalAddress4K = PhysicalAddress;
> for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512;
> IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=
> SIZE_4KB) {
> //
> // Fill in the Page Table entries
> //
> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageTableEntry->Bits.ReadWrite = 1;
> PageTableEntry->Bits.Present = 1;
> if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K < StackBase +
> StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M (
> //
> // Fill in 1G page entry.
> //
> - *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P |
> IA32_PG_RW;
> + *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>
> PhysicalAddress2M = PhysicalAddress;
> for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512;
> IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M
> += SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M (
> //
> // Fill in the Page Directory entries
> //
> - PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
> + PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M |
> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
> PageDirectoryEntry->Bits.ReadWrite = 1;
> PageDirectoryEntry->Bits.Present = 1;
> PageDirectoryEntry->Bits.MustBe1 = 1; @@ -248,7 +250,7 @@
> CreateIdentityMappingPageTables (
> //
> // Make a PML4 Entry
> //
> - PageMapLevel4Entry->Uint64 =
> (UINT64)(UINTN)PageDirectoryPointerEntry;
> + PageMapLevel4Entry->Uint64 =
> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageMapLevel4Entry->Bits.ReadWrite = 1;
> PageMapLevel4Entry->Bits.Present = 1;
>
> @@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
> //
> // Fill in the Page Directory entries
> //
> - PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
> + PageDirectory1GEntry->Uint64 = (UINT64)PageAddress | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageDirectory1GEntry->Bits.ReadWrite = 1;
> PageDirectory1GEntry->Bits.Present = 1;
> PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -280,7 +282,7 @@
> CreateIdentityMappingPageTables (
> //
> // Fill in a Page Directory Pointer Entries
> //
> - PageDirectoryPointerEntry->Uint64 =
> (UINT64)(UINTN)PageDirectoryEntry;
> + PageDirectoryPointerEntry->Uint64 =
> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageDirectoryPointerEntry->Bits.ReadWrite = 1;
> PageDirectoryPointerEntry->Bits.Present = 1;
>
> @@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
> //
> // Fill in the Page Directory entries
> //
> - PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
> + PageDirectoryEntry->Uint64 = (UINT64)PageAddress | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageDirectoryEntry->Bits.ReadWrite = 1;
> PageDirectoryEntry->Bits.Present = 1;
> PageDirectoryEntry->Bits.MustBe1 = 1; diff --git
> a/MdeModulePkg/MdeModulePkg.dec
> b/MdeModulePkg/MdeModulePkg.dec index 273cd7e..207384f 100644
> --- a/MdeModulePkg/MdeModulePkg.dec
> +++ b/MdeModulePkg/MdeModulePkg.dec
> @@ -6,6 +6,8 @@
> # Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR> #
> Copyright (c) 2016, Linaro Ltd. All rights reserved.<BR> # (C) Copyright 2016
> Hewlett Packard Enterprise Development LP<BR>
> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
> # This program and the accompanying materials are licensed and made
> available under # the terms and conditions of the BSD License that
> accompanies this distribution.
> # The full text of the license may be found at @@ -1738,5 +1740,11 @@
> [PcdsDynamic, PcdsDynamicEx]
> # @Prompt If there is any test key used by the platform.
>
> gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x0
> 0030003
>
> + ## This dynamic PCD holds the address mask for page table entries
> + when memory encryption is # enabled on AMD processors supporting the
> Secure Encrypted Virtualization (SEV) feature.
> + # This mask should be applied when creating 1:1 virtual to physical
> mapping tables.
> + #
> +
> +
> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
> ask|0x0
> + |UINT64|0x00030004
> +
> [UserExtensions.TianoCore."ExtraFiles"]
> MdeModulePkgExtra.uni
> --
> 1.9.1
>
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
> https://lists.01.org/mailman/listinfo/edk2-devel
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-08 17:05 ` Yao, Jiewen
@ 2017-02-08 17:10 ` Laszlo Ersek
2017-02-08 17:17 ` Yao, Jiewen
2017-02-08 17:28 ` Duran, Leo
2017-02-08 17:52 ` Duran, Leo
1 sibling, 2 replies; 33+ messages in thread
From: Laszlo Ersek @ 2017-02-08 17:10 UTC (permalink / raw)
To: Yao, Jiewen, Duran, Leo, Zeng, Star, edk2-devel@ml01.01.org
Cc: Tian, Feng, Singh, Brijesh
On 02/08/17 18:05, Yao, Jiewen wrote:
> HI Leo
>
> Thanks to clarify that.
>
>
>
> If that is the case, do you think it will be better to limit this PCD to
> X64 only in DEC file. Such as [PcdsDynamic.X64, PcdsDynamicEx.X64]
Not sure if this is the best place to raise the following observation,
but it should do:
please everyone remember that PcdDxeIplSwitchToLongMode is only TRUE if
PEI is 32-bit and DXE is 64-bit. It is FALSE in *two* cases:
- both PEI and DXE are 32-bit, and
- both PEI and DXE are 64-bit.
This doesn't necessarily invalidate anything said thus fair in the
thread, but the following statement from Leo:
The SEV feature requires 64-bit LongMode, so the
PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time
does not follow. The PCD is FALSE in OvmfPkgX64.dsc.
Thanks,
Laszlo
>
>
>
> Thank you
>
> Yao Jiewen
>
>
>
> *From:*Duran, Leo [mailto:leo.duran@amd.com]
> *Sent:* Wednesday, February 8, 2017 9:00 AM
> *To:* Zeng, Star <star.zeng@intel.com>; edk2-devel@ml01.01.org
> *Cc:* Laszlo Ersek <lersek@redhat.com>; Tian, Feng
> <feng.tian@intel.com>; Singh, Brijesh <brijesh.singh@amd.com>; Yao,
> Jiewen <jiewen.yao@intel.com>
> *Subject:* RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
>
>
> Pease see reply below.
> Leo
>
>> -----Original Message-----
>> From: Zeng, Star [mailto:star.zeng@intel.com]
>> Sent: Tuesday, February 07, 2017 8:27 PM
>> To: Duran, Leo <leo.duran@amd.com <mailto:leo.duran@amd.com>>; edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org>
>> Cc: Laszlo Ersek <lersek@redhat.com
> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
> <mailto:feng.tian@intel.com>>;
>> Singh, Brijesh <brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com>>;
>> Yao, Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com>>
>> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>> PcdPteMemoryEncryptionAddressOrMask
>>
>> Does Create4GPageTablesIa32Pae() also need to be updated?
>>
>> Thanks,
>> Star
> [Duran, Leo]
> Hi Star,
> No, I do not think Create4GPageTablesIa32Pae() is in the execution path.
>
> The SEV feature requires 64-bit LongMode, so the PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time,
> in which case Create4GPageTablesIa32Pae() would *not* be called by HandOffToDxeCore().
>
>> -----Original Message-----
>> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
>> Leo Duran
>> Sent: Wednesday, February 8, 2017 3:54 AM
>> To: edk2-devel@ml01.01.org <mailto:edk2-devel@ml01.01.org>
>> Cc: Laszlo Ersek <lersek@redhat.com
> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
> <mailto:feng.tian@intel.com>>;
>> Brijesh Singh <brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com>>;
>> Leo Duran <leo.duran@amd.com <mailto:leo.duran@amd.com>>
>> Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>> PcdPteMemoryEncryptionAddressOrMask
>>
>> From: Brijesh Singh <brijesh.singh@amd.com <mailto:brijesh.singh@amd.com>>
>>
>> This dynamic PCD holds the address mask for page table entries when
>> memory encryption is enabled on AMD processors supporting the Secure
>> Encrypted Virtualization (SEV) feature.
>>
>> Cc: Feng Tian <feng.tian@intel.com <mailto:feng.tian@intel.com>>
>> Cc: Star Zeng <star.zeng@intel.com <mailto:star.zeng@intel.com>>
>> Cc: Laszlo Ersek <lersek@redhat.com <mailto:lersek@redhat.com>>
>> Contributed-under: TianoCore Contribution Agreement 1.0
>> Signed-off-by: Leo Duran <leo.duran@amd.com <mailto:leo.duran@amd.com>>
>> ---
>> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
>> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18 ++++++++++--
>> ------
>> MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
>> 3 files changed, 22 insertions(+), 9 deletions(-)
>>
>> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>> index 2bc41be..d62bd9b 100644
>> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>> @@ -6,6 +6,8 @@
>> # needed to run the DXE Foundation.
>> #
>> # Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
>> # This program and the accompanying materials # are licensed and made
>> available under the terms and conditions of the BSD License # which
>> accompanies this distribution. The full text of the license may be found at
>> @@ -111,7 +113,8 @@ [FeaturePcd]
>> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ##
>> CONSUMES
>>
>> [Pcd.IA32,Pcd.X64]
>> - gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>> SOMETIMES_CONSUMES
>> + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>> SOMETIMES_CONSUMES
>> +
>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>> ask ## CONSUMES
>>
>> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
>> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ##
>> SOMETIMES_CONSUMES
>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>> index 790f6ab..2c52389 100644
>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>> @@ -16,6 +16,8 @@
>> 3) IA-32 Intel(R) Architecture Software Developer's Manual Volume
>> 3:System Programmer's Guide, Intel
>>
>> Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
>> +Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>> +
>> This program and the accompanying materials are licensed and made
>> available under the terms and conditions of the BSD License which
>> accompanies this distribution. The full text of the license may be found at
>> @@ -71,14 +73,14 @@ Split2MPageTo4K (
>> //
>> // Fill in 2M page entry.
>> //
>> - *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P |
>> IA32_PG_RW;
>> + *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64
>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>
>> PhysicalAddress4K = PhysicalAddress;
>> for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512;
>> IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=
>> SIZE_4KB) {
>> //
>> // Fill in the Page Table entries
>> //
>> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
>> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | PcdGet64
>> + (PcdPteMemoryEncryptionAddressOrMask);
>> PageTableEntry->Bits.ReadWrite = 1;
>> PageTableEntry->Bits.Present = 1;
>> if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K < StackBase +
>> StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M (
>> //
>> // Fill in 1G page entry.
>> //
>> - *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P |
>> IA32_PG_RW;
>> + *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64
>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>
>> PhysicalAddress2M = PhysicalAddress;
>> for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512;
>> IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M
>> += SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M (
>> //
>> // Fill in the Page Directory entries
>> //
>> - PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
>> + PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M |
>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>> PageDirectoryEntry->Bits.ReadWrite = 1;
>> PageDirectoryEntry->Bits.Present = 1;
>> PageDirectoryEntry->Bits.MustBe1 = 1; @@ -248,7 +250,7 @@
>> CreateIdentityMappingPageTables (
>> //
>> // Make a PML4 Entry
>> //
>> - PageMapLevel4Entry->Uint64 =
>> (UINT64)(UINTN)PageDirectoryPointerEntry;
>> + PageMapLevel4Entry->Uint64 =
>> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64
>> + (PcdPteMemoryEncryptionAddressOrMask);
>> PageMapLevel4Entry->Bits.ReadWrite = 1;
>> PageMapLevel4Entry->Bits.Present = 1;
>>
>> @@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
>> //
>> // Fill in the Page Directory entries
>> //
>> - PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
>> + PageDirectory1GEntry->Uint64 = (UINT64)PageAddress | PcdGet64
>> + (PcdPteMemoryEncryptionAddressOrMask);
>> PageDirectory1GEntry->Bits.ReadWrite = 1;
>> PageDirectory1GEntry->Bits.Present = 1;
>> PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -280,7 +282,7 @@
>> CreateIdentityMappingPageTables (
>> //
>> // Fill in a Page Directory Pointer Entries
>> //
>> - PageDirectoryPointerEntry->Uint64 =
>> (UINT64)(UINTN)PageDirectoryEntry;
>> + PageDirectoryPointerEntry->Uint64 =
>> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64
>> + (PcdPteMemoryEncryptionAddressOrMask);
>> PageDirectoryPointerEntry->Bits.ReadWrite = 1;
>> PageDirectoryPointerEntry->Bits.Present = 1;
>>
>> @@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
>> //
>> // Fill in the Page Directory entries
>> //
>> - PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
>> + PageDirectoryEntry->Uint64 = (UINT64)PageAddress | PcdGet64
>> + (PcdPteMemoryEncryptionAddressOrMask);
>> PageDirectoryEntry->Bits.ReadWrite = 1;
>> PageDirectoryEntry->Bits.Present = 1;
>> PageDirectoryEntry->Bits.MustBe1 = 1; diff --git
>> a/MdeModulePkg/MdeModulePkg.dec
>> b/MdeModulePkg/MdeModulePkg.dec index 273cd7e..207384f 100644
>> --- a/MdeModulePkg/MdeModulePkg.dec
>> +++ b/MdeModulePkg/MdeModulePkg.dec
>> @@ -6,6 +6,8 @@
>> # Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR> #
>> Copyright (c) 2016, Linaro Ltd. All rights reserved.<BR> # (C) Copyright 2016
>> Hewlett Packard Enterprise Development LP<BR>
>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
>> # This program and the accompanying materials are licensed and made
>> available under # the terms and conditions of the BSD License that
>> accompanies this distribution.
>> # The full text of the license may be found at @@ -1738,5 +1740,11 @@
>> [PcdsDynamic, PcdsDynamicEx]
>> # @Prompt If there is any test key used by the platform.
>>
>> gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x0
>> 0030003
>>
>> + ## This dynamic PCD holds the address mask for page table entries
>> + when memory encryption is # enabled on AMD processors supporting the
>> Secure Encrypted Virtualization (SEV) feature.
>> + # This mask should be applied when creating 1:1 virtual to physical
>> mapping tables.
>> + #
>> +
>> +
>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>> ask|0x0
>> + |UINT64|0x00030004
>> +
>> [UserExtensions.TianoCore."ExtraFiles"]
>> MdeModulePkgExtra.uni
>> --
>> 1.9.1
>>
>> _______________________________________________
>> edk2-devel mailing list
>> edk2-devel@lists.01.org <mailto:edk2-devel@lists.01.org>
>> https://lists.01.org/mailman/listinfo/edk2-devel
>
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-08 15:19 ` Gao, Liming
@ 2017-02-08 17:11 ` Duran, Leo
2017-02-08 17:29 ` Yao, Jiewen
0 siblings, 1 reply; 33+ messages in thread
From: Duran, Leo @ 2017-02-08 17:11 UTC (permalink / raw)
To: 'Gao, Liming', edk2-devel@ml01.01.org
Cc: Laszlo Ersek, Tian, Feng, Singh, Brijesh, Zeng, Star
Please see replies below.
Thanks,
Leo
> -----Original Message-----
> From: Gao, Liming [mailto:liming.gao@intel.com]
> Sent: Wednesday, February 08, 2017 9:19 AM
> To: Duran, Leo <leo.duran@amd.com>; edk2-devel@ml01.01.org
> Cc: Laszlo Ersek <lersek@redhat.com>; Tian, Feng <feng.tian@intel.com>;
> Singh, Brijesh <brijesh.singh@amd.com>; Zeng, Star <star.zeng@intel.com>
> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
> Leo:
> MdeModulePkg CapsulePei and UefiCpuPkg S3Resume2 also create
> PageTable to run X64 code. Do they require this change?
>
> Thanks
> Liming
[Duran, Leo]
1) MedModelePkg/Universal/CapsulePei:
Does not seem applicable for MDE_XPU_X64 compile-time option, which is required for SEV.
- ModeSwitch() calls Thunk32To64(), which in turn may call Create4GPageTables()
- However, ModeSwitch() is called only under #ifdef MDE_CPU_IA32
2) UefiCpuPkg/Universal/Acpi/S3Resume2Pei:
Agreed. Will incorporate changes in 'v2' of the patch.
> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> Leo Duran
> Sent: Wednesday, February 8, 2017 3:54 AM
> To: edk2-devel@ml01.01.org
> Cc: Laszlo Ersek <lersek@redhat.com>; Tian, Feng <feng.tian@intel.com>;
> Brijesh Singh <brijesh.singh@amd.com>; Zeng, Star <star.zeng@intel.com>;
> Leo Duran <leo.duran@amd.com>
> Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
> From: Brijesh Singh <brijesh.singh@amd.com>
>
> This dynamic PCD holds the address mask for page table entries when
> memory encryption is enabled on AMD processors supporting the Secure
> Encrypted Virtualization (SEV) feature.
>
> Cc: Feng Tian <feng.tian@intel.com>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Leo Duran <leo.duran@amd.com>
> ---
> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18 ++++++++++--
> ------
> MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
> 3 files changed, 22 insertions(+), 9 deletions(-)
>
> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> index 2bc41be..d62bd9b 100644
> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> @@ -6,6 +6,8 @@
> # needed to run the DXE Foundation.
> #
> # Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
> # This program and the accompanying materials # are licensed and made
> available under the terms and conditions of the BSD License # which
> accompanies this distribution. The full text of the license may be found at
> @@ -111,7 +113,8 @@ [FeaturePcd]
> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ##
> CONSUMES
>
> [Pcd.IA32,Pcd.X64]
> - gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
> SOMETIMES_CONSUMES
> + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
> SOMETIMES_CONSUMES
> +
> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
> ask ## CONSUMES
>
> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ##
> SOMETIMES_CONSUMES
> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> index 790f6ab..2c52389 100644
> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> @@ -16,6 +16,8 @@
> 3) IA-32 Intel(R) Architecture Software Developer's Manual Volume
> 3:System Programmer's Guide, Intel
>
> Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
> +
> This program and the accompanying materials are licensed and made
> available under the terms and conditions of the BSD License which
> accompanies this distribution. The full text of the license may be found at
> @@ -71,14 +73,14 @@ Split2MPageTo4K (
> //
> // Fill in 2M page entry.
> //
> - *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P |
> IA32_PG_RW;
> + *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>
> PhysicalAddress4K = PhysicalAddress;
> for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512;
> IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=
> SIZE_4KB) {
> //
> // Fill in the Page Table entries
> //
> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageTableEntry->Bits.ReadWrite = 1;
> PageTableEntry->Bits.Present = 1;
> if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K < StackBase +
> StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M (
> //
> // Fill in 1G page entry.
> //
> - *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P |
> IA32_PG_RW;
> + *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>
> PhysicalAddress2M = PhysicalAddress;
> for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512;
> IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M
> += SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M (
> //
> // Fill in the Page Directory entries
> //
> - PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
> + PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M |
> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
> PageDirectoryEntry->Bits.ReadWrite = 1;
> PageDirectoryEntry->Bits.Present = 1;
> PageDirectoryEntry->Bits.MustBe1 = 1; @@ -248,7 +250,7 @@
> CreateIdentityMappingPageTables (
> //
> // Make a PML4 Entry
> //
> - PageMapLevel4Entry->Uint64 =
> (UINT64)(UINTN)PageDirectoryPointerEntry;
> + PageMapLevel4Entry->Uint64 =
> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageMapLevel4Entry->Bits.ReadWrite = 1;
> PageMapLevel4Entry->Bits.Present = 1;
>
> @@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
> //
> // Fill in the Page Directory entries
> //
> - PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
> + PageDirectory1GEntry->Uint64 = (UINT64)PageAddress | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageDirectory1GEntry->Bits.ReadWrite = 1;
> PageDirectory1GEntry->Bits.Present = 1;
> PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -280,7 +282,7 @@
> CreateIdentityMappingPageTables (
> //
> // Fill in a Page Directory Pointer Entries
> //
> - PageDirectoryPointerEntry->Uint64 =
> (UINT64)(UINTN)PageDirectoryEntry;
> + PageDirectoryPointerEntry->Uint64 =
> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageDirectoryPointerEntry->Bits.ReadWrite = 1;
> PageDirectoryPointerEntry->Bits.Present = 1;
>
> @@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
> //
> // Fill in the Page Directory entries
> //
> - PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
> + PageDirectoryEntry->Uint64 = (UINT64)PageAddress | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageDirectoryEntry->Bits.ReadWrite = 1;
> PageDirectoryEntry->Bits.Present = 1;
> PageDirectoryEntry->Bits.MustBe1 = 1; diff --git
> a/MdeModulePkg/MdeModulePkg.dec
> b/MdeModulePkg/MdeModulePkg.dec index 273cd7e..207384f 100644
> --- a/MdeModulePkg/MdeModulePkg.dec
> +++ b/MdeModulePkg/MdeModulePkg.dec
> @@ -6,6 +6,8 @@
> # Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR> #
> Copyright (c) 2016, Linaro Ltd. All rights reserved.<BR> # (C) Copyright 2016
> Hewlett Packard Enterprise Development LP<BR>
> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
> # This program and the accompanying materials are licensed and made
> available under # the terms and conditions of the BSD License that
> accompanies this distribution.
> # The full text of the license may be found at @@ -1738,5 +1740,11 @@
> [PcdsDynamic, PcdsDynamicEx]
> # @Prompt If there is any test key used by the platform.
>
> gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x0
> 0030003
>
> + ## This dynamic PCD holds the address mask for page table entries
> + when memory encryption is # enabled on AMD processors supporting the
> Secure Encrypted Virtualization (SEV) feature.
> + # This mask should be applied when creating 1:1 virtual to physical
> mapping tables.
> + #
> +
> +
> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
> ask|0x0
> + |UINT64|0x00030004
> +
> [UserExtensions.TianoCore."ExtraFiles"]
> MdeModulePkgExtra.uni
> --
> 1.9.1
>
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-08 17:10 ` Laszlo Ersek
@ 2017-02-08 17:17 ` Yao, Jiewen
2017-02-08 17:27 ` Yao, Jiewen
2017-02-08 17:55 ` Duran, Leo
2017-02-08 17:28 ` Duran, Leo
1 sibling, 2 replies; 33+ messages in thread
From: Yao, Jiewen @ 2017-02-08 17:17 UTC (permalink / raw)
To: Laszlo Ersek, Duran, Leo, Zeng, Star, edk2-devel@ml01.01.org
Cc: Tian, Feng, Singh, Brijesh
Good reminder. I take back my word.
In this case, we need consume PcdPteMemoryEncryptionAddressOrMask in IA32 mode to build X64 paging.
We need
From: Laszlo Ersek [mailto:lersek@redhat.com]
Sent: Wednesday, February 8, 2017 9:11 AM
To: Yao, Jiewen <jiewen.yao@intel.com>; Duran, Leo <leo.duran@amd.com>; Zeng, Star <star.zeng@intel.com>; edk2-devel@ml01.01.org
Cc: Tian, Feng <feng.tian@intel.com>; Singh, Brijesh <brijesh.singh@amd.com>
Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
On 02/08/17 18:05, Yao, Jiewen wrote:
> HI Leo
>
> Thanks to clarify that.
>
>
>
> If that is the case, do you think it will be better to limit this PCD to
> X64 only in DEC file. Such as [PcdsDynamic.X64, PcdsDynamicEx.X64]
Not sure if this is the best place to raise the following observation,
but it should do:
please everyone remember that PcdDxeIplSwitchToLongMode is only TRUE if
PEI is 32-bit and DXE is 64-bit. It is FALSE in *two* cases:
- both PEI and DXE are 32-bit, and
- both PEI and DXE are 64-bit.
This doesn't necessarily invalidate anything said thus fair in the
thread, but the following statement from Leo:
The SEV feature requires 64-bit LongMode, so the
PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time
does not follow. The PCD is FALSE in OvmfPkgX64.dsc.
Thanks,
Laszlo
>
>
>
> Thank you
>
> Yao Jiewen
>
>
>
> *From:*Duran, Leo [mailto:leo.duran@amd.com]
> *Sent:* Wednesday, February 8, 2017 9:00 AM
> *To:* Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org>
> *Cc:* Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Tian, Feng
> <feng.tian@intel.com<mailto:feng.tian@intel.com>>; Singh, Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>; Yao,
> Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
> *Subject:* RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
>
>
> Pease see reply below.
> Leo
>
>> -----Original Message-----
>> From: Zeng, Star [mailto:star.zeng@intel.com]
>> Sent: Tuesday, February 07, 2017 8:27 PM
>> To: Duran, Leo <leo.duran@amd.com <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com>>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org>
> <mailto:edk2-devel@ml01.01.org>
>> Cc: Laszlo Ersek <lersek@redhat.com
<mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
<mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com>>;
>> Singh, Brijesh <brijesh.singh@amd.com
<mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
<mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com>>;
>> Yao, Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com<mailto:jiewen.yao@intel.com %3cmailto:jiewen.yao@intel.com>>>
>> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>> PcdPteMemoryEncryptionAddressOrMask
>>
>> Does Create4GPageTablesIa32Pae() also need to be updated?
>>
>> Thanks,
>> Star
> [Duran, Leo]
> Hi Star,
> No, I do not think Create4GPageTablesIa32Pae() is in the execution path.
>
> The SEV feature requires 64-bit LongMode, so the PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time,
> in which case Create4GPageTablesIa32Pae() would *not* be called by HandOffToDxeCore().
>
>> -----Original Message-----
>> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
>> Leo Duran
>> Sent: Wednesday, February 8, 2017 3:54 AM
>> To: edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org> <mailto:edk2-devel@ml01.01.org>
>> Cc: Laszlo Ersek <lersek@redhat.com
<mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
<mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com>>;
>> Brijesh Singh <brijesh.singh@amd.com
<mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
<mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com>>;
>> Leo Duran <leo.duran@amd.com <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com>>>
>> Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>> PcdPteMemoryEncryptionAddressOrMask
>>
>> From: Brijesh Singh <brijesh.singh@amd.com <mailto:brijesh.singh@amd.com<mailto:brijesh.singh@amd.com %3cmailto:brijesh.singh@amd.com>>>
>>
>> This dynamic PCD holds the address mask for page table entries when
>> memory encryption is enabled on AMD processors supporting the Secure
>> Encrypted Virtualization (SEV) feature.
>>
>> Cc: Feng Tian <feng.tian@intel.com <mailto:feng.tian@intel.com<mailto:feng.tian@intel.com %3cmailto:feng.tian@intel.com>>>
>> Cc: Star Zeng <star.zeng@intel.com <mailto:star.zeng@intel.com<mailto:star.zeng@intel.com %3cmailto:star.zeng@intel.com>>>
>> Cc: Laszlo Ersek <lersek@redhat.com <mailto:lersek@redhat.com<mailto:lersek@redhat.com %3cmailto:lersek@redhat.com>>>
>> Contributed-under: TianoCore Contribution Agreement 1.0
>> Signed-off-by: Leo Duran <leo.duran@amd.com <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com>>>
>> ---
>> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
>> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18 ++++++++++--
>> ------
>> MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
>> 3 files changed, 22 insertions(+), 9 deletions(-)
>>
>> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>> index 2bc41be..d62bd9b 100644
>> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>> @@ -6,6 +6,8 @@
>> # needed to run the DXE Foundation.
>> #
>> # Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
>> # This program and the accompanying materials # are licensed and made
>> available under the terms and conditions of the BSD License # which
>> accompanies this distribution. The full text of the license may be found at
>> @@ -111,7 +113,8 @@ [FeaturePcd]
>> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ##
>> CONSUMES
>>
>> [Pcd.IA32,Pcd.X64]
>> - gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>> SOMETIMES_CONSUMES
>> + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>> SOMETIMES_CONSUMES
>> +
>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>> ask ## CONSUMES
>>
>> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
>> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ##
>> SOMETIMES_CONSUMES
>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>> index 790f6ab..2c52389 100644
>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>> @@ -16,6 +16,8 @@
>> 3) IA-32 Intel(R) Architecture Software Developer's Manual Volume
>> 3:System Programmer's Guide, Intel
>>
>> Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
>> +Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>> +
>> This program and the accompanying materials are licensed and made
>> available under the terms and conditions of the BSD License which
>> accompanies this distribution. The full text of the license may be found at
>> @@ -71,14 +73,14 @@ Split2MPageTo4K (
>> //
>> // Fill in 2M page entry.
>> //
>> - *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P |
>> IA32_PG_RW;
>> + *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64
>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>
>> PhysicalAddress4K = PhysicalAddress;
>> for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512;
>> IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=
>> SIZE_4KB) {
>> //
>> // Fill in the Page Table entries
>> //
>> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
>> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | PcdGet64
>> + (PcdPteMemoryEncryptionAddressOrMask);
>> PageTableEntry->Bits.ReadWrite = 1;
>> PageTableEntry->Bits.Present = 1;
>> if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K < StackBase +
>> StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M (
>> //
>> // Fill in 1G page entry.
>> //
>> - *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P |
>> IA32_PG_RW;
>> + *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64
>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>
>> PhysicalAddress2M = PhysicalAddress;
>> for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512;
>> IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M
>> += SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M (
>> //
>> // Fill in the Page Directory entries
>> //
>> - PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
>> + PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M |
>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>> PageDirectoryEntry->Bits.ReadWrite = 1;
>> PageDirectoryEntry->Bits.Present = 1;
>> PageDirectoryEntry->Bits.MustBe1 = 1; @@ -248,7 +250,7 @@
>> CreateIdentityMappingPageTables (
>> //
>> // Make a PML4 Entry
>> //
>> - PageMapLevel4Entry->Uint64 =
>> (UINT64)(UINTN)PageDirectoryPointerEntry;
>> + PageMapLevel4Entry->Uint64 =
>> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64
>> + (PcdPteMemoryEncryptionAddressOrMask);
>> PageMapLevel4Entry->Bits.ReadWrite = 1;
>> PageMapLevel4Entry->Bits.Present = 1;
>>
>> @@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
>> //
>> // Fill in the Page Directory entries
>> //
>> - PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
>> + PageDirectory1GEntry->Uint64 = (UINT64)PageAddress | PcdGet64
>> + (PcdPteMemoryEncryptionAddressOrMask);
>> PageDirectory1GEntry->Bits.ReadWrite = 1;
>> PageDirectory1GEntry->Bits.Present = 1;
>> PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -280,7 +282,7 @@
>> CreateIdentityMappingPageTables (
>> //
>> // Fill in a Page Directory Pointer Entries
>> //
>> - PageDirectoryPointerEntry->Uint64 =
>> (UINT64)(UINTN)PageDirectoryEntry;
>> + PageDirectoryPointerEntry->Uint64 =
>> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64
>> + (PcdPteMemoryEncryptionAddressOrMask);
>> PageDirectoryPointerEntry->Bits.ReadWrite = 1;
>> PageDirectoryPointerEntry->Bits.Present = 1;
>>
>> @@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
>> //
>> // Fill in the Page Directory entries
>> //
>> - PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
>> + PageDirectoryEntry->Uint64 = (UINT64)PageAddress | PcdGet64
>> + (PcdPteMemoryEncryptionAddressOrMask);
>> PageDirectoryEntry->Bits.ReadWrite = 1;
>> PageDirectoryEntry->Bits.Present = 1;
>> PageDirectoryEntry->Bits.MustBe1 = 1; diff --git
>> a/MdeModulePkg/MdeModulePkg.dec
>> b/MdeModulePkg/MdeModulePkg.dec index 273cd7e..207384f 100644
>> --- a/MdeModulePkg/MdeModulePkg.dec
>> +++ b/MdeModulePkg/MdeModulePkg.dec
>> @@ -6,6 +6,8 @@
>> # Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR> #
>> Copyright (c) 2016, Linaro Ltd. All rights reserved.<BR> # (C) Copyright 2016
>> Hewlett Packard Enterprise Development LP<BR>
>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
>> # This program and the accompanying materials are licensed and made
>> available under # the terms and conditions of the BSD License that
>> accompanies this distribution.
>> # The full text of the license may be found at @@ -1738,5 +1740,11 @@
>> [PcdsDynamic, PcdsDynamicEx]
>> # @Prompt If there is any test key used by the platform.
>>
>> gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x0
>> 0030003
>>
>> + ## This dynamic PCD holds the address mask for page table entries
>> + when memory encryption is # enabled on AMD processors supporting the
>> Secure Encrypted Virtualization (SEV) feature.
>> + # This mask should be applied when creating 1:1 virtual to physical
>> mapping tables.
>> + #
>> +
>> +
>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>> ask|0x0
>> + |UINT64|0x00030004
>> +
>> [UserExtensions.TianoCore."ExtraFiles"]
>> MdeModulePkgExtra.uni
>> --
>> 1.9.1
>>
>> _______________________________________________
>> edk2-devel mailing list
>> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> <mailto:edk2-devel@lists.01.org>
>> https://lists.01.org/mailman/listinfo/edk2-devel
>
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-08 17:17 ` Yao, Jiewen
@ 2017-02-08 17:27 ` Yao, Jiewen
2017-02-08 17:51 ` Laszlo Ersek
2017-02-08 17:55 ` Duran, Leo
1 sibling, 1 reply; 33+ messages in thread
From: Yao, Jiewen @ 2017-02-08 17:27 UTC (permalink / raw)
To: Yao, Jiewen, Laszlo Ersek, Duran, Leo, Zeng, Star,
edk2-devel@ml01.01.org
Cc: Tian, Feng, Singh, Brijesh, Yao, Jiewen
I believe PcdDxeIplSwitchtoLongMode == DXE is Long mode.
See DEC description:
# It is assumed that 64-bit DxeCore is built in firmware if it is true; otherwise 32-bit DxeCore
# is built in firmware.<BR><BR>
And the code MdeModulePkg\Universal\Acpi\S3SaveStateDxe\AcpiS3ContextSave.c:
BOOLEAN
IsLongModeWakingVectorSupport (
IN EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE *Facs
)
{
if ((Facs == NULL) ||
(Facs->Signature != EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_SIGNATURE) ) {
//
// Something wrong with FACS.
//
return FALSE;
}
if ((Facs->Version == EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_VERSION) &&
((Facs->Flags & EFI_ACPI_4_0_64BIT_WAKE_SUPPORTED_F) != 0)) {
//
// BIOS supports 64bit waking vector.
//
if (FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
return TRUE;
}
}
return FALSE;
}
Thank you
Yao Jiewen
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Yao, Jiewen
Sent: Wednesday, February 8, 2017 9:18 AM
To: Laszlo Ersek <lersek@redhat.com>; Duran, Leo <leo.duran@amd.com>; Zeng, Star <star.zeng@intel.com>; edk2-devel@ml01.01.org
Cc: Tian, Feng <feng.tian@intel.com>; Singh, Brijesh <brijesh.singh@amd.com>
Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
Good reminder. I take back my word.
In this case, we need consume PcdPteMemoryEncryptionAddressOrMask in IA32 mode to build X64 paging.
We need
From: Laszlo Ersek [mailto:lersek@redhat.com]
Sent: Wednesday, February 8, 2017 9:11 AM
To: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Duran, Leo <leo.duran@amd.com<mailto:leo.duran@amd.com>>; Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org>
Cc: Tian, Feng <feng.tian@intel.com<mailto:feng.tian@intel.com>>; Singh, Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>
Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
On 02/08/17 18:05, Yao, Jiewen wrote:
> HI Leo
>
> Thanks to clarify that.
>
>
>
> If that is the case, do you think it will be better to limit this PCD to
> X64 only in DEC file. Such as [PcdsDynamic.X64, PcdsDynamicEx.X64]
Not sure if this is the best place to raise the following observation,
but it should do:
please everyone remember that PcdDxeIplSwitchToLongMode is only TRUE if
PEI is 32-bit and DXE is 64-bit. It is FALSE in *two* cases:
- both PEI and DXE are 32-bit, and
- both PEI and DXE are 64-bit.
This doesn't necessarily invalidate anything said thus fair in the
thread, but the following statement from Leo:
The SEV feature requires 64-bit LongMode, so the
PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time
does not follow. The PCD is FALSE in OvmfPkgX64.dsc.
Thanks,
Laszlo
>
>
>
> Thank you
>
> Yao Jiewen
>
>
>
> *From:*Duran, Leo [mailto:leo.duran@amd.com]
> *Sent:* Wednesday, February 8, 2017 9:00 AM
> *To:* Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com<mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com>>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
> *Cc:* Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com<mailto:lersek@redhat.com%3cmailto:lersek@redhat.com>>>; Tian, Feng
> <feng.tian@intel.com<mailto:feng.tian@intel.com<mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com>>>; Singh, Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com<mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com>>>; Yao,
> Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com<mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com>>>
> *Subject:* RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
>
>
> Pease see reply below.
> Leo
>
>> -----Original Message-----
>> From: Zeng, Star [mailto:star.zeng@intel.com]
>> Sent: Tuesday, February 07, 2017 8:27 PM
>> To: Duran, Leo <leo.duran@amd.com <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com<mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com>>>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
> <mailto:edk2-devel@ml01.01.org>
>> Cc: Laszlo Ersek <lersek@redhat.com
<mailto:lersek@redhat.com%0b<mailto:lersek@redhat.com%0b%3cmailto:lersek@redhat.com%0b>>> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
<mailto:feng.tian@intel.com%0b<mailto:feng.tian@intel.com%0b%3cmailto:feng.tian@intel.com%0b>>> <mailto:feng.tian@intel.com>>;
>> Singh, Brijesh <brijesh.singh@amd.com
<mailto:brijesh.singh@amd.com%0b<mailto:brijesh.singh@amd.com%0b%3cmailto:brijesh.singh@amd.com%0b>>> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
<mailto:star.zeng@intel.com%0b<mailto:star.zeng@intel.com%0b%3cmailto:star.zeng@intel.com%0b>>> <mailto:star.zeng@intel.com>>;
>> Yao, Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com<mailto:jiewen.yao@intel.com %3cmailto:jiewen.yao@intel.com<mailto:jiewen.yao@intel.com %3cmailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com %3cmailto:jiewen.yao@intel.com>>>>
>> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>> PcdPteMemoryEncryptionAddressOrMask
>>
>> Does Create4GPageTablesIa32Pae() also need to be updated?
>>
>> Thanks,
>> Star
> [Duran, Leo]
> Hi Star,
> No, I do not think Create4GPageTablesIa32Pae() is in the execution path.
>
> The SEV feature requires 64-bit LongMode, so the PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time,
> in which case Create4GPageTablesIa32Pae() would *not* be called by HandOffToDxeCore().
>
>> -----Original Message-----
>> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
>> Leo Duran
>> Sent: Wednesday, February 8, 2017 3:54 AM
>> To: edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>> <mailto:edk2-devel@ml01.01.org>
>> Cc: Laszlo Ersek <lersek@redhat.com
<mailto:lersek@redhat.com%0b<mailto:lersek@redhat.com%0b%3cmailto:lersek@redhat.com%0b>>> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
<mailto:feng.tian@intel.com%0b<mailto:feng.tian@intel.com%0b%3cmailto:feng.tian@intel.com%0b>>> <mailto:feng.tian@intel.com>>;
>> Brijesh Singh <brijesh.singh@amd.com
<mailto:brijesh.singh@amd.com%0b<mailto:brijesh.singh@amd.com%0b%3cmailto:brijesh.singh@amd.com%0b>>> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
<mailto:star.zeng@intel.com%0b<mailto:star.zeng@intel.com%0b%3cmailto:star.zeng@intel.com%0b>>> <mailto:star.zeng@intel.com>>;
>> Leo Duran <leo.duran@amd.com <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com<mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com>>>>
>> Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>> PcdPteMemoryEncryptionAddressOrMask
>>
>> From: Brijesh Singh <brijesh.singh@amd.com <mailto:brijesh.singh@amd.com<mailto:brijesh.singh@amd.com %3cmailto:brijesh.singh@amd.com<mailto:brijesh.singh@amd.com %3cmailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com %3cmailto:brijesh.singh@amd.com>>>>
>>
>> This dynamic PCD holds the address mask for page table entries when
>> memory encryption is enabled on AMD processors supporting the Secure
>> Encrypted Virtualization (SEV) feature.
>>
>> Cc: Feng Tian <feng.tian@intel.com <mailto:feng.tian@intel.com<mailto:feng.tian@intel.com %3cmailto:feng.tian@intel.com<mailto:feng.tian@intel.com %3cmailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com %3cmailto:feng.tian@intel.com>>>>
>> Cc: Star Zeng <star.zeng@intel.com <mailto:star.zeng@intel.com<mailto:star.zeng@intel.com %3cmailto:star.zeng@intel.com<mailto:star.zeng@intel.com %3cmailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com %3cmailto:star.zeng@intel.com>>>>
>> Cc: Laszlo Ersek <lersek@redhat.com <mailto:lersek@redhat.com<mailto:lersek@redhat.com %3cmailto:lersek@redhat.com<mailto:lersek@redhat.com %3cmailto:lersek@redhat.com%3cmailto:lersek@redhat.com %3cmailto:lersek@redhat.com>>>>
>> Contributed-under: TianoCore Contribution Agreement 1.0
>> Signed-off-by: Leo Duran <leo.duran@amd.com <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com<mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com>>>>
>> ---
>> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
>> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18 ++++++++++--
>> ------
>> MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
>> 3 files changed, 22 insertions(+), 9 deletions(-)
>>
>> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>> index 2bc41be..d62bd9b 100644
>> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>> @@ -6,6 +6,8 @@
>> # needed to run the DXE Foundation.
>> #
>> # Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
>> # This program and the accompanying materials # are licensed and made
>> available under the terms and conditions of the BSD License # which
>> accompanies this distribution. The full text of the license may be found at
>> @@ -111,7 +113,8 @@ [FeaturePcd]
>> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ##
>> CONSUMES
>>
>> [Pcd.IA32,Pcd.X64]
>> - gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>> SOMETIMES_CONSUMES
>> + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>> SOMETIMES_CONSUMES
>> +
>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>> ask ## CONSUMES
>>
>> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
>> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ##
>> SOMETIMES_CONSUMES
>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>> index 790f6ab..2c52389 100644
>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>> @@ -16,6 +16,8 @@
>> 3) IA-32 Intel(R) Architecture Software Developer's Manual Volume
>> 3:System Programmer's Guide, Intel
>>
>> Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
>> +Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>> +
>> This program and the accompanying materials are licensed and made
>> available under the terms and conditions of the BSD License which
>> accompanies this distribution. The full text of the license may be found at
>> @@ -71,14 +73,14 @@ Split2MPageTo4K (
>> //
>> // Fill in 2M page entry.
>> //
>> - *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P |
>> IA32_PG_RW;
>> + *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64
>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>
>> PhysicalAddress4K = PhysicalAddress;
>> for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512;
>> IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=
>> SIZE_4KB) {
>> //
>> // Fill in the Page Table entries
>> //
>> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
>> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | PcdGet64
>> + (PcdPteMemoryEncryptionAddressOrMask);
>> PageTableEntry->Bits.ReadWrite = 1;
>> PageTableEntry->Bits.Present = 1;
>> if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K < StackBase +
>> StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M (
>> //
>> // Fill in 1G page entry.
>> //
>> - *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P |
>> IA32_PG_RW;
>> + *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64
>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>
>> PhysicalAddress2M = PhysicalAddress;
>> for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512;
>> IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M
>> += SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M (
>> //
>> // Fill in the Page Directory entries
>> //
>> - PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
>> + PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M |
>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>> PageDirectoryEntry->Bits.ReadWrite = 1;
>> PageDirectoryEntry->Bits.Present = 1;
>> PageDirectoryEntry->Bits.MustBe1 = 1; @@ -248,7 +250,7 @@
>> CreateIdentityMappingPageTables (
>> //
>> // Make a PML4 Entry
>> //
>> - PageMapLevel4Entry->Uint64 =
>> (UINT64)(UINTN)PageDirectoryPointerEntry;
>> + PageMapLevel4Entry->Uint64 =
>> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64
>> + (PcdPteMemoryEncryptionAddressOrMask);
>> PageMapLevel4Entry->Bits.ReadWrite = 1;
>> PageMapLevel4Entry->Bits.Present = 1;
>>
>> @@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
>> //
>> // Fill in the Page Directory entries
>> //
>> - PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
>> + PageDirectory1GEntry->Uint64 = (UINT64)PageAddress | PcdGet64
>> + (PcdPteMemoryEncryptionAddressOrMask);
>> PageDirectory1GEntry->Bits.ReadWrite = 1;
>> PageDirectory1GEntry->Bits.Present = 1;
>> PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -280,7 +282,7 @@
>> CreateIdentityMappingPageTables (
>> //
>> // Fill in a Page Directory Pointer Entries
>> //
>> - PageDirectoryPointerEntry->Uint64 =
>> (UINT64)(UINTN)PageDirectoryEntry;
>> + PageDirectoryPointerEntry->Uint64 =
>> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64
>> + (PcdPteMemoryEncryptionAddressOrMask);
>> PageDirectoryPointerEntry->Bits.ReadWrite = 1;
>> PageDirectoryPointerEntry->Bits.Present = 1;
>>
>> @@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
>> //
>> // Fill in the Page Directory entries
>> //
>> - PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
>> + PageDirectoryEntry->Uint64 = (UINT64)PageAddress | PcdGet64
>> + (PcdPteMemoryEncryptionAddressOrMask);
>> PageDirectoryEntry->Bits.ReadWrite = 1;
>> PageDirectoryEntry->Bits.Present = 1;
>> PageDirectoryEntry->Bits.MustBe1 = 1; diff --git
>> a/MdeModulePkg/MdeModulePkg.dec
>> b/MdeModulePkg/MdeModulePkg.dec index 273cd7e..207384f 100644
>> --- a/MdeModulePkg/MdeModulePkg.dec
>> +++ b/MdeModulePkg/MdeModulePkg.dec
>> @@ -6,6 +6,8 @@
>> # Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR> #
>> Copyright (c) 2016, Linaro Ltd. All rights reserved.<BR> # (C) Copyright 2016
>> Hewlett Packard Enterprise Development LP<BR>
>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
>> # This program and the accompanying materials are licensed and made
>> available under # the terms and conditions of the BSD License that
>> accompanies this distribution.
>> # The full text of the license may be found at @@ -1738,5 +1740,11 @@
>> [PcdsDynamic, PcdsDynamicEx]
>> # @Prompt If there is any test key used by the platform.
>>
>> gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x0
>> 0030003
>>
>> + ## This dynamic PCD holds the address mask for page table entries
>> + when memory encryption is # enabled on AMD processors supporting the
>> Secure Encrypted Virtualization (SEV) feature.
>> + # This mask should be applied when creating 1:1 virtual to physical
>> mapping tables.
>> + #
>> +
>> +
>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>> ask|0x0
>> + |UINT64|0x00030004
>> +
>> [UserExtensions.TianoCore."ExtraFiles"]
>> MdeModulePkgExtra.uni
>> --
>> 1.9.1
>>
>> _______________________________________________
>> edk2-devel mailing list
>> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>> <mailto:edk2-devel@lists.01.org>
>> https://lists.01.org/mailman/listinfo/edk2-devel
>
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
https://lists.01.org/mailman/listinfo/edk2-devel
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-08 17:10 ` Laszlo Ersek
2017-02-08 17:17 ` Yao, Jiewen
@ 2017-02-08 17:28 ` Duran, Leo
2017-02-08 17:56 ` Laszlo Ersek
1 sibling, 1 reply; 33+ messages in thread
From: Duran, Leo @ 2017-02-08 17:28 UTC (permalink / raw)
To: 'Laszlo Ersek', Yao, Jiewen, Zeng, Star,
edk2-devel@ml01.01.org
Cc: Tian, Feng, Singh, Brijesh
Lazlo, et al,
Please see reply below.
Lleo
> -----Original Message-----
> From: Laszlo Ersek [mailto:lersek@redhat.com]
> Sent: Wednesday, February 08, 2017 11:11 AM
> To: Yao, Jiewen <jiewen.yao@intel.com>; Duran, Leo
> <leo.duran@amd.com>; Zeng, Star <star.zeng@intel.com>; edk2-
> devel@ml01.01.org
> Cc: Tian, Feng <feng.tian@intel.com>; Singh, Brijesh
> <brijesh.singh@amd.com>
> Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
> On 02/08/17 18:05, Yao, Jiewen wrote:
> > HI Leo
> >
> > Thanks to clarify that.
> >
> >
> >
> > If that is the case, do you think it will be better to limit this PCD
> > to
> > X64 only in DEC file. Such as [PcdsDynamic.X64, PcdsDynamicEx.X64]
>
> Not sure if this is the best place to raise the following observation, but it
> should do:
>
> please everyone remember that PcdDxeIplSwitchToLongMode is only TRUE
> if PEI is 32-bit and DXE is 64-bit. It is FALSE in *two* cases:
> - both PEI and DXE are 32-bit, and
> - both PEI and DXE are 64-bit.
>
> This doesn't necessarily invalidate anything said thus fair in the thread, but
> the following statement from Leo:
>
> The SEV feature requires 64-bit LongMode, so the
> PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time
>
> does not follow. The PCD is FALSE in OvmfPkgX64.dsc.
[Duran, Leo]
Good points... I should have provided more context.
1) I had referred the "PEI is 32-bit and DXE is 64-bit."
2) If both PEI and DXE are 64-bit, then you would be executing the X64 of HandOffToDxe(), which does *not* call Create4GPageTables().
That is, Create4GPageTables() only gets called in the "PEI is 32-bit" case.
>
> Thanks,
> Laszlo
>
> >
> >
> >
> > Thank you
> >
> > Yao Jiewen
> >
> >
> >
> > *From:*Duran, Leo [mailto:leo.duran@amd.com]
> > *Sent:* Wednesday, February 8, 2017 9:00 AM
> > *To:* Zeng, Star <star.zeng@intel.com>; edk2-devel@ml01.01.org
> > *Cc:* Laszlo Ersek <lersek@redhat.com>; Tian, Feng
> > <feng.tian@intel.com>; Singh, Brijesh <brijesh.singh@amd.com>; Yao,
> > Jiewen <jiewen.yao@intel.com>
> > *Subject:* RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> > PcdPteMemoryEncryptionAddressOrMask
> >
> >
> >
> > Pease see reply below.
> > Leo
> >
> >> -----Original Message-----
> >> From: Zeng, Star [mailto:star.zeng@intel.com]
> >> Sent: Tuesday, February 07, 2017 8:27 PM
> >> To: Duran, Leo <leo.duran@amd.com <mailto:leo.duran@amd.com>>;
> >> edk2-devel@ml01.01.org
> > <mailto:edk2-devel@ml01.01.org>
> >> Cc: Laszlo Ersek <lersek@redhat.com
> > <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
> > <mailto:feng.tian@intel.com>>;
> >> Singh, Brijesh <brijesh.singh@amd.com
> > <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
> > <mailto:star.zeng@intel.com>>;
> >> Yao, Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com>>
> >> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> >> PcdPteMemoryEncryptionAddressOrMask
> >>
> >> Does Create4GPageTablesIa32Pae() also need to be updated?
> >>
> >> Thanks,
> >> Star
> > [Duran, Leo]
> > Hi Star,
> > No, I do not think Create4GPageTablesIa32Pae() is in the execution path.
> >
> > The SEV feature requires 64-bit LongMode, so the
> > PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time, in which
> case Create4GPageTablesIa32Pae() would *not* be called by
> HandOffToDxeCore().
> >
> >> -----Original Message-----
> >> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf
> >> Of Leo Duran
> >> Sent: Wednesday, February 8, 2017 3:54 AM
> >> To: edk2-devel@ml01.01.org <mailto:edk2-devel@ml01.01.org>
> >> Cc: Laszlo Ersek <lersek@redhat.com
> > <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
> > <mailto:feng.tian@intel.com>>;
> >> Brijesh Singh <brijesh.singh@amd.com
> > <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
> > <mailto:star.zeng@intel.com>>;
> >> Leo Duran <leo.duran@amd.com <mailto:leo.duran@amd.com>>
> >> Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> >> PcdPteMemoryEncryptionAddressOrMask
> >>
> >> From: Brijesh Singh <brijesh.singh@amd.com
> >> <mailto:brijesh.singh@amd.com>>
> >>
> >> This dynamic PCD holds the address mask for page table entries when
> >> memory encryption is enabled on AMD processors supporting the Secure
> >> Encrypted Virtualization (SEV) feature.
> >>
> >> Cc: Feng Tian <feng.tian@intel.com <mailto:feng.tian@intel.com>>
> >> Cc: Star Zeng <star.zeng@intel.com <mailto:star.zeng@intel.com>>
> >> Cc: Laszlo Ersek <lersek@redhat.com <mailto:lersek@redhat.com>>
> >> Contributed-under: TianoCore Contribution Agreement 1.0
> >> Signed-off-by: Leo Duran <leo.duran@amd.com
> >> <mailto:leo.duran@amd.com>>
> >> ---
> >> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
> >> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18
> ++++++++++--
> >> ------
> >> MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
> >> 3 files changed, 22 insertions(+), 9 deletions(-)
> >>
> >> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> >> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> >> index 2bc41be..d62bd9b 100644
> >> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> >> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> >> @@ -6,6 +6,8 @@
> >> # needed to run the DXE Foundation.
> >> #
> >> # Copyright (c) 2006 - 2016, Intel Corporation. All rights
> >> reserved.<BR>
> >> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
> >> # This program and the accompanying materials # are licensed and
> >> made available under the terms and conditions of the BSD License #
> >> which accompanies this distribution. The full text of the license
> >> may be found at @@ -111,7 +113,8 @@ [FeaturePcd]
> >> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress
> ##
> >> CONSUMES
> >>
> >> [Pcd.IA32,Pcd.X64]
> >> - gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
> >> SOMETIMES_CONSUMES
> >> + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
> >> SOMETIMES_CONSUMES
> >> +
> >>
> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
> >> ask ## CONSUMES
> >>
> >> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
> >> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ##
> >> SOMETIMES_CONSUMES
> >> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> >> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> >> index 790f6ab..2c52389 100644
> >> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> >> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> >> @@ -16,6 +16,8 @@
> >> 3) IA-32 Intel(R) Architecture Software Developer's Manual
> >> Volume 3:System Programmer's Guide, Intel
> >>
> >> Copyright (c) 2006 - 2016, Intel Corporation. All rights
> >> reserved.<BR>
> >> +Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
> >> +
> >> This program and the accompanying materials are licensed and made
> >> available under the terms and conditions of the BSD License which
> >> accompanies this distribution. The full text of the license may be
> >> found at @@ -71,14 +73,14 @@ Split2MPageTo4K (
> >> //
> >> // Fill in 2M page entry.
> >> //
> >> - *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P |
> >> IA32_PG_RW;
> >> + *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64
> >> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P |
> IA32_PG_RW;
> >>
> >> PhysicalAddress4K = PhysicalAddress;
> >> for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512;
> >> IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=
> >> SIZE_4KB) {
> >> //
> >> // Fill in the Page Table entries
> >> //
> >> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
> >> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | PcdGet64
> >> + (PcdPteMemoryEncryptionAddressOrMask);
> >> PageTableEntry->Bits.ReadWrite = 1;
> >> PageTableEntry->Bits.Present = 1;
> >> if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K <
> >> StackBase +
> >> StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M (
> >> //
> >> // Fill in 1G page entry.
> >> //
> >> - *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P |
> >> IA32_PG_RW;
> >> + *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64
> >> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P |
> IA32_PG_RW;
> >>
> >> PhysicalAddress2M = PhysicalAddress;
> >> for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries
> >> < 512;
> >> IndexOfPageDirectoryEntries++, PageDirectoryEntry++,
> >> IndexOfPageDirectoryEntries++PhysicalAddress2M
> >> += SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M (
> >> //
> >> // Fill in the Page Directory entries
> >> //
> >> - PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
> >> + PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M |
> >> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
> >> PageDirectoryEntry->Bits.ReadWrite = 1;
> >> PageDirectoryEntry->Bits.Present = 1;
> >> PageDirectoryEntry->Bits.MustBe1 = 1; @@ -248,7 +250,7 @@
> >> CreateIdentityMappingPageTables (
> >> //
> >> // Make a PML4 Entry
> >> //
> >> - PageMapLevel4Entry->Uint64 =
> >> (UINT64)(UINTN)PageDirectoryPointerEntry;
> >> + PageMapLevel4Entry->Uint64 =
> >> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64
> >> + (PcdPteMemoryEncryptionAddressOrMask);
> >> PageMapLevel4Entry->Bits.ReadWrite = 1;
> >> PageMapLevel4Entry->Bits.Present = 1;
> >>
> >> @@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
> >> //
> >> // Fill in the Page Directory entries
> >> //
> >> - PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
> >> + PageDirectory1GEntry->Uint64 = (UINT64)PageAddress |
> >> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
> >> PageDirectory1GEntry->Bits.ReadWrite = 1;
> >> PageDirectory1GEntry->Bits.Present = 1;
> >> PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -280,7 +282,7
> >> @@ CreateIdentityMappingPageTables (
> >> //
> >> // Fill in a Page Directory Pointer Entries
> >> //
> >> - PageDirectoryPointerEntry->Uint64 =
> >> (UINT64)(UINTN)PageDirectoryEntry;
> >> + PageDirectoryPointerEntry->Uint64 =
> >> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64
> >> + (PcdPteMemoryEncryptionAddressOrMask);
> >> PageDirectoryPointerEntry->Bits.ReadWrite = 1;
> >> PageDirectoryPointerEntry->Bits.Present = 1;
> >>
> >> @@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
> >> //
> >> // Fill in the Page Directory entries
> >> //
> >> - PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
> >> + PageDirectoryEntry->Uint64 = (UINT64)PageAddress |
> >> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
> >> PageDirectoryEntry->Bits.ReadWrite = 1;
> >> PageDirectoryEntry->Bits.Present = 1;
> >> PageDirectoryEntry->Bits.MustBe1 = 1; diff --git
> >> a/MdeModulePkg/MdeModulePkg.dec
> b/MdeModulePkg/MdeModulePkg.dec index
> >> 273cd7e..207384f 100644
> >> --- a/MdeModulePkg/MdeModulePkg.dec
> >> +++ b/MdeModulePkg/MdeModulePkg.dec
> >> @@ -6,6 +6,8 @@
> >> # Copyright (c) 2007 - 2017, Intel Corporation. All rights
> >> reserved.<BR> # Copyright (c) 2016, Linaro Ltd. All rights
> >> reserved.<BR> # (C) Copyright 2016 Hewlett Packard Enterprise
> >> Development LP<BR>
> >> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
> >> # This program and the accompanying materials are licensed and made
> >> available under # the terms and conditions of the BSD License that
> >> accompanies this distribution.
> >> # The full text of the license may be found at @@ -1738,5 +1740,11
> >> @@ [PcdsDynamic, PcdsDynamicEx]
> >> # @Prompt If there is any test key used by the platform.
> >>
> >>
> gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x0
> >> 0030003
> >>
> >> + ## This dynamic PCD holds the address mask for page table entries
> >> + when memory encryption is # enabled on AMD processors supporting
> >> + the
> >> Secure Encrypted Virtualization (SEV) feature.
> >> + # This mask should be applied when creating 1:1 virtual to
> >> + physical
> >> mapping tables.
> >> + #
> >> +
> >> +
> >>
> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
> >> ask|0x0
> >> + |UINT64|0x00030004
> >> +
> >> [UserExtensions.TianoCore."ExtraFiles"]
> >> MdeModulePkgExtra.uni
> >> --
> >> 1.9.1
> >>
> >> _______________________________________________
> >> edk2-devel mailing list
> >> edk2-devel@lists.01.org <mailto:edk2-devel@lists.01.org>
> >> https://lists.01.org/mailman/listinfo/edk2-devel
> >
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-08 17:11 ` Duran, Leo
@ 2017-02-08 17:29 ` Yao, Jiewen
2017-02-08 18:30 ` Duran, Leo
0 siblings, 1 reply; 33+ messages in thread
From: Yao, Jiewen @ 2017-02-08 17:29 UTC (permalink / raw)
To: Duran, Leo, Gao, Liming, edk2-devel@ml01.01.org
Cc: Singh, Brijesh, Tian, Feng, Laszlo Ersek, Zeng, Star, Yao, Jiewen
Comments below:
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Duran, Leo
Sent: Wednesday, February 8, 2017 9:12 AM
To: Gao, Liming <liming.gao@intel.com>; edk2-devel@ml01.01.org
Cc: Singh, Brijesh <brijesh.singh@amd.com>; Tian, Feng <feng.tian@intel.com>; Laszlo Ersek <lersek@redhat.com>; Zeng, Star <star.zeng@intel.com>
Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
Please see replies below.
Thanks,
Leo
> -----Original Message-----
> From: Gao, Liming [mailto:liming.gao@intel.com]
> Sent: Wednesday, February 08, 2017 9:19 AM
> To: Duran, Leo <leo.duran@amd.com<mailto:leo.duran@amd.com>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org>
> Cc: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com<mailto:feng.tian@intel.com>>;
> Singh, Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com>>
> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
> Leo:
> MdeModulePkg CapsulePei and UefiCpuPkg S3Resume2 also create
> PageTable to run X64 code. Do they require this change?
>
> Thanks
> Liming
[Duran, Leo]
1) MedModelePkg/Universal/CapsulePei:
Does not seem applicable for MDE_XPU_X64 compile-time option, which is required for SEV.
- ModeSwitch() calls Thunk32To64(), which in turn may call Create4GPageTables()
- However, ModeSwitch() is called only under #ifdef MDE_CPU_IA32
[Jiewen] The IA32 capsule code creates X64 page tables, then switch to X64.
So the page table is for X64. Would you please double check if this PCD is needed?
2) UefiCpuPkg/Universal/Acpi/S3Resume2Pei:
Agreed. Will incorporate changes in 'v2' of the patch.
> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> Leo Duran
> Sent: Wednesday, February 8, 2017 3:54 AM
> To: edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org>
> Cc: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com<mailto:feng.tian@intel.com>>;
> Brijesh Singh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com>>;
> Leo Duran <leo.duran@amd.com<mailto:leo.duran@amd.com>>
> Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
> From: Brijesh Singh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>
>
> This dynamic PCD holds the address mask for page table entries when
> memory encryption is enabled on AMD processors supporting the Secure
> Encrypted Virtualization (SEV) feature.
>
> Cc: Feng Tian <feng.tian@intel.com<mailto:feng.tian@intel.com>>
> Cc: Star Zeng <star.zeng@intel.com<mailto:star.zeng@intel.com>>
> Cc: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Leo Duran <leo.duran@amd.com<mailto:leo.duran@amd.com>>
> ---
> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18 ++++++++++--
> ------
> MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
> 3 files changed, 22 insertions(+), 9 deletions(-)
>
> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> index 2bc41be..d62bd9b 100644
> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> @@ -6,6 +6,8 @@
> # needed to run the DXE Foundation.
> #
> # Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
> # This program and the accompanying materials # are licensed and made
> available under the terms and conditions of the BSD License # which
> accompanies this distribution. The full text of the license may be found at
> @@ -111,7 +113,8 @@ [FeaturePcd]
> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ##
> CONSUMES
>
> [Pcd.IA32,Pcd.X64]
> - gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
> SOMETIMES_CONSUMES
> + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
> SOMETIMES_CONSUMES
> +
> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
> ask ## CONSUMES
>
> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ##
> SOMETIMES_CONSUMES
> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> index 790f6ab..2c52389 100644
> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> @@ -16,6 +16,8 @@
> 3) IA-32 Intel(R) Architecture Software Developer's Manual Volume
> 3:System Programmer's Guide, Intel
>
> Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
> +
> This program and the accompanying materials are licensed and made
> available under the terms and conditions of the BSD License which
> accompanies this distribution. The full text of the license may be found at
> @@ -71,14 +73,14 @@ Split2MPageTo4K (
> //
> // Fill in 2M page entry.
> //
> - *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P |
> IA32_PG_RW;
> + *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>
> PhysicalAddress4K = PhysicalAddress;
> for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512;
> IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=
> SIZE_4KB) {
> //
> // Fill in the Page Table entries
> //
> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageTableEntry->Bits.ReadWrite = 1;
> PageTableEntry->Bits.Present = 1;
> if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K < StackBase +
> StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M (
> //
> // Fill in 1G page entry.
> //
> - *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P |
> IA32_PG_RW;
> + *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>
> PhysicalAddress2M = PhysicalAddress;
> for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512;
> IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M
> += SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M (
> //
> // Fill in the Page Directory entries
> //
> - PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
> + PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M |
> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
> PageDirectoryEntry->Bits.ReadWrite = 1;
> PageDirectoryEntry->Bits.Present = 1;
> PageDirectoryEntry->Bits.MustBe1 = 1; @@ -248,7 +250,7 @@
> CreateIdentityMappingPageTables (
> //
> // Make a PML4 Entry
> //
> - PageMapLevel4Entry->Uint64 =
> (UINT64)(UINTN)PageDirectoryPointerEntry;
> + PageMapLevel4Entry->Uint64 =
> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageMapLevel4Entry->Bits.ReadWrite = 1;
> PageMapLevel4Entry->Bits.Present = 1;
>
> @@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
> //
> // Fill in the Page Directory entries
> //
> - PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
> + PageDirectory1GEntry->Uint64 = (UINT64)PageAddress | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageDirectory1GEntry->Bits.ReadWrite = 1;
> PageDirectory1GEntry->Bits.Present = 1;
> PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -280,7 +282,7 @@
> CreateIdentityMappingPageTables (
> //
> // Fill in a Page Directory Pointer Entries
> //
> - PageDirectoryPointerEntry->Uint64 =
> (UINT64)(UINTN)PageDirectoryEntry;
> + PageDirectoryPointerEntry->Uint64 =
> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageDirectoryPointerEntry->Bits.ReadWrite = 1;
> PageDirectoryPointerEntry->Bits.Present = 1;
>
> @@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
> //
> // Fill in the Page Directory entries
> //
> - PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
> + PageDirectoryEntry->Uint64 = (UINT64)PageAddress | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageDirectoryEntry->Bits.ReadWrite = 1;
> PageDirectoryEntry->Bits.Present = 1;
> PageDirectoryEntry->Bits.MustBe1 = 1; diff --git
> a/MdeModulePkg/MdeModulePkg.dec
> b/MdeModulePkg/MdeModulePkg.dec index 273cd7e..207384f 100644
> --- a/MdeModulePkg/MdeModulePkg.dec
> +++ b/MdeModulePkg/MdeModulePkg.dec
> @@ -6,6 +6,8 @@
> # Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR> #
> Copyright (c) 2016, Linaro Ltd. All rights reserved.<BR> # (C) Copyright 2016
> Hewlett Packard Enterprise Development LP<BR>
> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
> # This program and the accompanying materials are licensed and made
> available under # the terms and conditions of the BSD License that
> accompanies this distribution.
> # The full text of the license may be found at @@ -1738,5 +1740,11 @@
> [PcdsDynamic, PcdsDynamicEx]
> # @Prompt If there is any test key used by the platform.
>
> gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x0
> 0030003
>
> + ## This dynamic PCD holds the address mask for page table entries
> + when memory encryption is # enabled on AMD processors supporting the
> Secure Encrypted Virtualization (SEV) feature.
> + # This mask should be applied when creating 1:1 virtual to physical
> mapping tables.
> + #
> +
> +
> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
> ask|0x0
> + |UINT64|0x00030004
> +
> [UserExtensions.TianoCore."ExtraFiles"]
> MdeModulePkgExtra.uni
> --
> 1.9.1
>
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
> https://lists.01.org/mailman/listinfo/edk2-devel
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
https://lists.01.org/mailman/listinfo/edk2-devel
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-08 17:27 ` Yao, Jiewen
@ 2017-02-08 17:51 ` Laszlo Ersek
2017-02-08 18:20 ` Yao, Jiewen
0 siblings, 1 reply; 33+ messages in thread
From: Laszlo Ersek @ 2017-02-08 17:51 UTC (permalink / raw)
To: Yao, Jiewen, Duran, Leo, Zeng, Star, edk2-devel@ml01.01.org
Cc: Tian, Feng, Singh, Brijesh, Jordan Justen (Intel address)
On 02/08/17 18:27, Yao, Jiewen wrote:
> I believe PcdDxeIplSwitchtoLongMode == DXE is Long mode.
>
>
>
> See DEC description:
>
> # It is assumed that 64-bit DxeCore is built in firmware if it is
> true; otherwise 32-bit DxeCore
>
> # is built in firmware.<BR><BR>
Unfortunately, I have no historical context or background for this PCD;
all I can say is that the X64 OVMF platform does not set the PCD.
It enters long mode, and sets up page tables for the first 4GB of RAM,
in SEC. Then SEC decompresses the flash contents to RAM, which covers
both PEIFV and DXEFV. PEI runs from RAM.
This is possible because on QEMU/KVM, there's no need to initialize RAM,
thus only SEC runs from flash, in-place.
Perhaps Jordan can provide more insight.
If Brijesh and Leo would like to run the X64 OVMF platform as a SEV
guest too, then this should be considered, in my opinion.
One more comment below:
>
>
>
> And the code MdeModulePkg\Universal\Acpi\S3SaveStateDxe\AcpiS3ContextSave.c:
>
>
>
> BOOLEAN
>
> IsLongModeWakingVectorSupport (
>
> IN EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE*Facs
>
> )
>
> {
>
> if((Facs == NULL) ||
>
> (Facs->Signature !=
> EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_SIGNATURE) ) {
>
> //
>
> // Something wrong with FACS.
>
> //
>
> returnFALSE;
>
> }
>
> if((Facs->Version ==
> EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_VERSION) &&
>
> ((Facs->Flags & EFI_ACPI_4_0_64BIT_WAKE_SUPPORTED_F) != 0)) {
>
> //
>
> // BIOS supports 64bit waking vector.
>
> //
>
> if(FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
>
> returnTRUE;
>
> }
>
> }
>
> returnFALSE;
>
> }
In practice, it's okay if the OVMF X64 platform is recognized as "not
supporting a 64-bit waking vector for S3 resume". All the 64-bit guest
OSes that I've tested with OVMF X64 (Linux, and the Windows 7 / 8 / 10
families, both client and server) use a real mode (16-bit) waking
vector, in practice.
... Actually, upon reviewing the above code more carefully, we don't
even reach the FeaturePcdGet() call: the FACS that QEMU generates (and
OVMF downloads and installs) corresponds to ACPI 1.0, that is,
EFI_ACPI_1_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_VERSION.
Thanks
Laszlo
>
>
>
>
>
> Thank you
>
> Yao Jiewen
>
>
>
> *From:*edk2-devel [mailto:edk2-devel-bounces@lists.01.org] *On Behalf Of
> *Yao, Jiewen
> *Sent:* Wednesday, February 8, 2017 9:18 AM
> *To:* Laszlo Ersek <lersek@redhat.com>; Duran, Leo <leo.duran@amd.com>;
> Zeng, Star <star.zeng@intel.com>; edk2-devel@ml01.01.org
> *Cc:* Tian, Feng <feng.tian@intel.com>; Singh, Brijesh
> <brijesh.singh@amd.com>
> *Subject:* Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
>
>
> Good reminder. I take back my word.
>
> In this case, we need consume PcdPteMemoryEncryptionAddressOrMask in IA32 mode to build X64 paging.
>
> We need
>
> From: Laszlo Ersek [mailto:lersek@redhat.com]
> Sent: Wednesday, February 8, 2017 9:11 AM
> To: Yao, Jiewen <jiewen.yao@intel.com
> <mailto:jiewen.yao@intel.com>>; Duran, Leo <leo.duran@amd.com
> <mailto:leo.duran@amd.com>>; Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com>>; edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org>
> Cc: Tian, Feng <feng.tian@intel.com
> <mailto:feng.tian@intel.com>>; Singh, Brijesh <brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com>>
> Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
>
> On 02/08/17 18:05, Yao, Jiewen wrote:
>> HI Leo
>>
>> Thanks to clarify that.
>>
>>
>>
>> If that is the case, do you think it will be better to limit this PCD to
>> X64 only in DEC file. Such as [PcdsDynamic.X64, PcdsDynamicEx.X64]
>
> Not sure if this is the best place to raise the following observation,
> but it should do:
>
> please everyone remember that PcdDxeIplSwitchToLongMode is only TRUE if
> PEI is 32-bit and DXE is 64-bit. It is FALSE in *two* cases:
> - both PEI and DXE are 32-bit, and
> - both PEI and DXE are 64-bit.
>
> This doesn't necessarily invalidate anything said thus fair in the
> thread, but the following statement from Leo:
>
> The SEV feature requires 64-bit LongMode, so the
> PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time
>
> does not follow. The PCD is FALSE in OvmfPkgX64.dsc.
>
> Thanks,
> Laszlo
>
>>
>>
>>
>> Thank you
>>
>> Yao Jiewen
>>
>>
>>
>> *From:*Duran, Leo [mailto:leo.duran@amd.com]
>> *Sent:* Wednesday, February 8, 2017 9:00 AM
>> *To:* Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com
> <mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com>>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>> *Cc:* Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com
> <mailto:lersek@redhat.com%3cmailto:lersek@redhat.com>>>; Tian, Feng
>> <feng.tian@intel.com<mailto:feng.tian@intel.com
> <mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com>>>; Singh, Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com>>>; Yao,
>> Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com
> <mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com>>>
>> *Subject:* RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>> PcdPteMemoryEncryptionAddressOrMask
>>
>>
>>
>> Pease see reply below.
>> Leo
>>
>>> -----Original Message-----
>>> From: Zeng, Star [mailto:star.zeng@intel.com]
>>> Sent: Tuesday, February 07, 2017 8:27 PM
>>> To: Duran, Leo <leo.duran@amd.com <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com>>>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>> <mailto:edk2-devel@ml01.01.org>
>>> Cc: Laszlo Ersek <lersek@redhat.com
> <mailto:lersek@redhat.com%0b
> <mailto:lersek@redhat.com%0b%3cmailto:lersek@redhat.com%0b>>> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
> <mailto:feng.tian@intel.com%0b
> <mailto:feng.tian@intel.com%0b%3cmailto:feng.tian@intel.com%0b>>> <mailto:feng.tian@intel.com>>;
>>> Singh, Brijesh <brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com%0b
> <mailto:brijesh.singh@amd.com%0b%3cmailto:brijesh.singh@amd.com%0b>>> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com%0b
> <mailto:star.zeng@intel.com%0b%3cmailto:star.zeng@intel.com%0b>>> <mailto:star.zeng@intel.com>>;
>>> Yao, Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com<mailto:jiewen.yao@intel.com %3cmailto:jiewen.yao@intel.com
> <mailto:jiewen.yao@intel.com %3cmailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com %3cmailto:jiewen.yao@intel.com>>>>
>>> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>> PcdPteMemoryEncryptionAddressOrMask
>>>
>>> Does Create4GPageTablesIa32Pae() also need to be updated?
>>>
>>> Thanks,
>>> Star
>> [Duran, Leo]
>> Hi Star,
>> No, I do not think Create4GPageTablesIa32Pae() is in the execution path.
>>
>> The SEV feature requires 64-bit LongMode, so the PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time,
>> in which case Create4GPageTablesIa32Pae() would *not* be called by HandOffToDxeCore().
>>
>>> -----Original Message-----
>>> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
>>> Leo Duran
>>> Sent: Wednesday, February 8, 2017 3:54 AM
>>> To: edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>> <mailto:edk2-devel@ml01.01.org>
>>> Cc: Laszlo Ersek <lersek@redhat.com
> <mailto:lersek@redhat.com%0b
> <mailto:lersek@redhat.com%0b%3cmailto:lersek@redhat.com%0b>>> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
> <mailto:feng.tian@intel.com%0b
> <mailto:feng.tian@intel.com%0b%3cmailto:feng.tian@intel.com%0b>>> <mailto:feng.tian@intel.com>>;
>>> Brijesh Singh <brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com%0b
> <mailto:brijesh.singh@amd.com%0b%3cmailto:brijesh.singh@amd.com%0b>>> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com%0b
> <mailto:star.zeng@intel.com%0b%3cmailto:star.zeng@intel.com%0b>>> <mailto:star.zeng@intel.com>>;
>>> Leo Duran <leo.duran@amd.com <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com>>>>
>>> Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>> PcdPteMemoryEncryptionAddressOrMask
>>>
>>> From: Brijesh Singh <brijesh.singh@amd.com <mailto:brijesh.singh@amd.com<mailto:brijesh.singh@amd.com %3cmailto:brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com %3cmailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com %3cmailto:brijesh.singh@amd.com>>>>
>>>
>>> This dynamic PCD holds the address mask for page table entries when
>>> memory encryption is enabled on AMD processors supporting the Secure
>>> Encrypted Virtualization (SEV) feature.
>>>
>>> Cc: Feng Tian <feng.tian@intel.com <mailto:feng.tian@intel.com<mailto:feng.tian@intel.com %3cmailto:feng.tian@intel.com
> <mailto:feng.tian@intel.com %3cmailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com %3cmailto:feng.tian@intel.com>>>>
>>> Cc: Star Zeng <star.zeng@intel.com <mailto:star.zeng@intel.com<mailto:star.zeng@intel.com %3cmailto:star.zeng@intel.com
> <mailto:star.zeng@intel.com %3cmailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com %3cmailto:star.zeng@intel.com>>>>
>>> Cc: Laszlo Ersek <lersek@redhat.com <mailto:lersek@redhat.com<mailto:lersek@redhat.com %3cmailto:lersek@redhat.com
> <mailto:lersek@redhat.com %3cmailto:lersek@redhat.com%3cmailto:lersek@redhat.com %3cmailto:lersek@redhat.com>>>>
>>> Contributed-under: TianoCore Contribution Agreement 1.0
>>> Signed-off-by: Leo Duran <leo.duran@amd.com <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com>>>>
>>> ---
>>> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
>>> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18 ++++++++++--
>>> ------
>>> MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
>>> 3 files changed, 22 insertions(+), 9 deletions(-)
>>>
>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>> index 2bc41be..d62bd9b 100644
>>> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>> @@ -6,6 +6,8 @@
>>> # needed to run the DXE Foundation.
>>> #
>>> # Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
>>> # This program and the accompanying materials # are licensed and made
>>> available under the terms and conditions of the BSD License # which
>>> accompanies this distribution. The full text of the license may be found at
>>> @@ -111,7 +113,8 @@ [FeaturePcd]
>>> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ##
>>> CONSUMES
>>>
>>> [Pcd.IA32,Pcd.X64]
>>> - gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>> SOMETIMES_CONSUMES
>>> + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>> SOMETIMES_CONSUMES
>>> +
>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>> ask ## CONSUMES
>>>
>>> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
>>> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ##
>>> SOMETIMES_CONSUMES
>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>> index 790f6ab..2c52389 100644
>>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>> @@ -16,6 +16,8 @@
>>> 3) IA-32 Intel(R) Architecture Software Developer's Manual Volume
>>> 3:System Programmer's Guide, Intel
>>>
>>> Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
>>> +Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>>> +
>>> This program and the accompanying materials are licensed and made
>>> available under the terms and conditions of the BSD License which
>>> accompanies this distribution. The full text of the license may be found at
>>> @@ -71,14 +73,14 @@ Split2MPageTo4K (
>>> //
>>> // Fill in 2M page entry.
>>> //
>>> - *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P |
>>> IA32_PG_RW;
>>> + *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64
>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>>
>>> PhysicalAddress4K = PhysicalAddress;
>>> for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512;
>>> IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=
>>> SIZE_4KB) {
>>> //
>>> // Fill in the Page Table entries
>>> //
>>> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
>>> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | PcdGet64
>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>> PageTableEntry->Bits.ReadWrite = 1;
>>> PageTableEntry->Bits.Present = 1;
>>> if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K < StackBase +
>>> StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M (
>>> //
>>> // Fill in 1G page entry.
>>> //
>>> - *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P |
>>> IA32_PG_RW;
>>> + *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64
>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>>
>>> PhysicalAddress2M = PhysicalAddress;
>>> for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512;
>>> IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M
>>> += SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M (
>>> //
>>> // Fill in the Page Directory entries
>>> //
>>> - PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
>>> + PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M |
>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>> PageDirectoryEntry->Bits.Present = 1;
>>> PageDirectoryEntry->Bits.MustBe1 = 1; @@ -248,7 +250,7 @@
>>> CreateIdentityMappingPageTables (
>>> //
>>> // Make a PML4 Entry
>>> //
>>> - PageMapLevel4Entry->Uint64 =
>>> (UINT64)(UINTN)PageDirectoryPointerEntry;
>>> + PageMapLevel4Entry->Uint64 =
>>> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64
>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>> PageMapLevel4Entry->Bits.ReadWrite = 1;
>>> PageMapLevel4Entry->Bits.Present = 1;
>>>
>>> @@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
>>> //
>>> // Fill in the Page Directory entries
>>> //
>>> - PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
>>> + PageDirectory1GEntry->Uint64 = (UINT64)PageAddress | PcdGet64
>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>> PageDirectory1GEntry->Bits.ReadWrite = 1;
>>> PageDirectory1GEntry->Bits.Present = 1;
>>> PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -280,7 +282,7 @@
>>> CreateIdentityMappingPageTables (
>>> //
>>> // Fill in a Page Directory Pointer Entries
>>> //
>>> - PageDirectoryPointerEntry->Uint64 =
>>> (UINT64)(UINTN)PageDirectoryEntry;
>>> + PageDirectoryPointerEntry->Uint64 =
>>> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64
>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>> PageDirectoryPointerEntry->Bits.ReadWrite = 1;
>>> PageDirectoryPointerEntry->Bits.Present = 1;
>>>
>>> @@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
>>> //
>>> // Fill in the Page Directory entries
>>> //
>>> - PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
>>> + PageDirectoryEntry->Uint64 = (UINT64)PageAddress | PcdGet64
>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>> PageDirectoryEntry->Bits.Present = 1;
>>> PageDirectoryEntry->Bits.MustBe1 = 1; diff --git
>>> a/MdeModulePkg/MdeModulePkg.dec
>>> b/MdeModulePkg/MdeModulePkg.dec index 273cd7e..207384f 100644
>>> --- a/MdeModulePkg/MdeModulePkg.dec
>>> +++ b/MdeModulePkg/MdeModulePkg.dec
>>> @@ -6,6 +6,8 @@
>>> # Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR> #
>>> Copyright (c) 2016, Linaro Ltd. All rights reserved.<BR> # (C) Copyright 2016
>>> Hewlett Packard Enterprise Development LP<BR>
>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
>>> # This program and the accompanying materials are licensed and made
>>> available under # the terms and conditions of the BSD License that
>>> accompanies this distribution.
>>> # The full text of the license may be found at @@ -1738,5 +1740,11 @@
>>> [PcdsDynamic, PcdsDynamicEx]
>>> # @Prompt If there is any test key used by the platform.
>>>
>>> gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x0
>>> 0030003
>>>
>>> + ## This dynamic PCD holds the address mask for page table entries
>>> + when memory encryption is # enabled on AMD processors supporting the
>>> Secure Encrypted Virtualization (SEV) feature.
>>> + # This mask should be applied when creating 1:1 virtual to physical
>>> mapping tables.
>>> + #
>>> +
>>> +
>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>> ask|0x0
>>> + |UINT64|0x00030004
>>> +
>>> [UserExtensions.TianoCore."ExtraFiles"]
>>> MdeModulePkgExtra.uni
>>> --
>>> 1.9.1
>>>
>>> _______________________________________________
>>> edk2-devel mailing list
>>> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org
> <mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>> <mailto:edk2-devel@lists.01.org>
>>> https://lists.01.org/mailman/listinfo/edk2-devel
>>
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org <mailto:edk2-devel@lists.01.org>
> https://lists.01.org/mailman/listinfo/edk2-devel
>
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-08 17:05 ` Yao, Jiewen
2017-02-08 17:10 ` Laszlo Ersek
@ 2017-02-08 17:52 ` Duran, Leo
1 sibling, 0 replies; 33+ messages in thread
From: Duran, Leo @ 2017-02-08 17:52 UTC (permalink / raw)
To: 'Yao, Jiewen', Zeng, Star, edk2-devel@ml01.01.org
Cc: Laszlo Ersek, Tian, Feng, Singh, Brijesh
Please see below.
Leo.
From: Yao, Jiewen [mailto:jiewen.yao@intel.com]
Sent: Wednesday, February 08, 2017 11:05 AM
To: Duran, Leo <leo.duran@amd.com>; Zeng, Star <star.zeng@intel.com>; edk2-devel@ml01.01.org
Cc: Laszlo Ersek <lersek@redhat.com>; Tian, Feng <feng.tian@intel.com>; Singh, Brijesh <brijesh.singh@amd.com>
Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
HI Leo
Thanks to clarify that.
If that is the case, do you think it will be better to limit this PCD to X64 only in DEC file. Such as [PcdsDynamic.X64, PcdsDynamicEx.X64]
[Duran, Leo] I think we need to check the PCD from 32-bit PEI.
Thank you
Yao Jiewen
From: Duran, Leo [mailto:leo.duran@amd.com]
Sent: Wednesday, February 8, 2017 9:00 AM
To: Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org>
Cc: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com<mailto:feng.tian@intel.com>>; Singh, Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>; Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
Pease see reply below.
Leo
> -----Original Message-----
> From: Zeng, Star [mailto:star.zeng@intel.com]
> Sent: Tuesday, February 07, 2017 8:27 PM
> To: Duran, Leo <leo.duran@amd.com<mailto:leo.duran@amd.com>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org>
> Cc: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com<mailto:feng.tian@intel.com>>;
> Singh, Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com>>;
> Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
> Does Create4GPageTablesIa32Pae() also need to be updated?
>
> Thanks,
> Star
[Duran, Leo]
Hi Star,
No, I do not think Create4GPageTablesIa32Pae() is in the execution path.
The SEV feature requires 64-bit LongMode, so the PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time,
in which case Create4GPageTablesIa32Pae() would *not* be called by HandOffToDxeCore().
> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> Leo Duran
> Sent: Wednesday, February 8, 2017 3:54 AM
> To: edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org>
> Cc: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com<mailto:feng.tian@intel.com>>;
> Brijesh Singh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com>>;
> Leo Duran <leo.duran@amd.com<mailto:leo.duran@amd.com>>
> Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
> From: Brijesh Singh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>
>
> This dynamic PCD holds the address mask for page table entries when
> memory encryption is enabled on AMD processors supporting the Secure
> Encrypted Virtualization (SEV) feature.
>
> Cc: Feng Tian <feng.tian@intel.com<mailto:feng.tian@intel.com>>
> Cc: Star Zeng <star.zeng@intel.com<mailto:star.zeng@intel.com>>
> Cc: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Leo Duran <leo.duran@amd.com<mailto:leo.duran@amd.com>>
> ---
> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18 ++++++++++--
> ------
> MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
> 3 files changed, 22 insertions(+), 9 deletions(-)
>
> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> index 2bc41be..d62bd9b 100644
> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> @@ -6,6 +6,8 @@
> # needed to run the DXE Foundation.
> #
> # Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
> # This program and the accompanying materials # are licensed and made
> available under the terms and conditions of the BSD License # which
> accompanies this distribution. The full text of the license may be found at
> @@ -111,7 +113,8 @@ [FeaturePcd]
> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ##
> CONSUMES
>
> [Pcd.IA32,Pcd.X64]
> - gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
> SOMETIMES_CONSUMES
> + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
> SOMETIMES_CONSUMES
> +
> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
> ask ## CONSUMES
>
> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ##
> SOMETIMES_CONSUMES
> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> index 790f6ab..2c52389 100644
> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> @@ -16,6 +16,8 @@
> 3) IA-32 Intel(R) Architecture Software Developer's Manual Volume
> 3:System Programmer's Guide, Intel
>
> Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
> +
> This program and the accompanying materials are licensed and made
> available under the terms and conditions of the BSD License which
> accompanies this distribution. The full text of the license may be found at
> @@ -71,14 +73,14 @@ Split2MPageTo4K (
> //
> // Fill in 2M page entry.
> //
> - *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P |
> IA32_PG_RW;
> + *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>
> PhysicalAddress4K = PhysicalAddress;
> for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512;
> IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=
> SIZE_4KB) {
> //
> // Fill in the Page Table entries
> //
> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageTableEntry->Bits.ReadWrite = 1;
> PageTableEntry->Bits.Present = 1;
> if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K < StackBase +
> StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M (
> //
> // Fill in 1G page entry.
> //
> - *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P |
> IA32_PG_RW;
> + *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>
> PhysicalAddress2M = PhysicalAddress;
> for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512;
> IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M
> += SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M (
> //
> // Fill in the Page Directory entries
> //
> - PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
> + PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M |
> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
> PageDirectoryEntry->Bits.ReadWrite = 1;
> PageDirectoryEntry->Bits.Present = 1;
> PageDirectoryEntry->Bits.MustBe1 = 1; @@ -248,7 +250,7 @@
> CreateIdentityMappingPageTables (
> //
> // Make a PML4 Entry
> //
> - PageMapLevel4Entry->Uint64 =
> (UINT64)(UINTN)PageDirectoryPointerEntry;
> + PageMapLevel4Entry->Uint64 =
> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageMapLevel4Entry->Bits.ReadWrite = 1;
> PageMapLevel4Entry->Bits.Present = 1;
>
> @@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
> //
> // Fill in the Page Directory entries
> //
> - PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
> + PageDirectory1GEntry->Uint64 = (UINT64)PageAddress | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageDirectory1GEntry->Bits.ReadWrite = 1;
> PageDirectory1GEntry->Bits.Present = 1;
> PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -280,7 +282,7 @@
> CreateIdentityMappingPageTables (
> //
> // Fill in a Page Directory Pointer Entries
> //
> - PageDirectoryPointerEntry->Uint64 =
> (UINT64)(UINTN)PageDirectoryEntry;
> + PageDirectoryPointerEntry->Uint64 =
> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageDirectoryPointerEntry->Bits.ReadWrite = 1;
> PageDirectoryPointerEntry->Bits.Present = 1;
>
> @@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
> //
> // Fill in the Page Directory entries
> //
> - PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
> + PageDirectoryEntry->Uint64 = (UINT64)PageAddress | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageDirectoryEntry->Bits.ReadWrite = 1;
> PageDirectoryEntry->Bits.Present = 1;
> PageDirectoryEntry->Bits.MustBe1 = 1; diff --git
> a/MdeModulePkg/MdeModulePkg.dec
> b/MdeModulePkg/MdeModulePkg.dec index 273cd7e..207384f 100644
> --- a/MdeModulePkg/MdeModulePkg.dec
> +++ b/MdeModulePkg/MdeModulePkg.dec
> @@ -6,6 +6,8 @@
> # Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR> #
> Copyright (c) 2016, Linaro Ltd. All rights reserved.<BR> # (C) Copyright 2016
> Hewlett Packard Enterprise Development LP<BR>
> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
> # This program and the accompanying materials are licensed and made
> available under # the terms and conditions of the BSD License that
> accompanies this distribution.
> # The full text of the license may be found at @@ -1738,5 +1740,11 @@
> [PcdsDynamic, PcdsDynamicEx]
> # @Prompt If there is any test key used by the platform.
>
> gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x0
> 0030003
>
> + ## This dynamic PCD holds the address mask for page table entries
> + when memory encryption is # enabled on AMD processors supporting the
> Secure Encrypted Virtualization (SEV) feature.
> + # This mask should be applied when creating 1:1 virtual to physical
> mapping tables.
> + #
> +
> +
> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
> ask|0x0
> + |UINT64|0x00030004
> +
> [UserExtensions.TianoCore."ExtraFiles"]
> MdeModulePkgExtra.uni
> --
> 1.9.1
>
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
> https://lists.01.org/mailman/listinfo/edk2-devel
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-08 17:17 ` Yao, Jiewen
2017-02-08 17:27 ` Yao, Jiewen
@ 2017-02-08 17:55 ` Duran, Leo
1 sibling, 0 replies; 33+ messages in thread
From: Duran, Leo @ 2017-02-08 17:55 UTC (permalink / raw)
To: 'Yao, Jiewen', Laszlo Ersek, Zeng, Star,
edk2-devel@ml01.01.org
Cc: Tian, Feng, Singh, Brijesh
Agreed.
Leo
From: Yao, Jiewen [mailto:jiewen.yao@intel.com]
Sent: Wednesday, February 08, 2017 11:18 AM
To: Laszlo Ersek <lersek@redhat.com>; Duran, Leo <leo.duran@amd.com>; Zeng, Star <star.zeng@intel.com>; edk2-devel@ml01.01.org
Cc: Tian, Feng <feng.tian@intel.com>; Singh, Brijesh <brijesh.singh@amd.com>
Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
Good reminder. I take back my word.
In this case, we need consume PcdPteMemoryEncryptionAddressOrMask in IA32 mode to build X64 paging.
We need
[Duran, Leo] Agreed :).
From: Laszlo Ersek [mailto:lersek@redhat.com]
Sent: Wednesday, February 8, 2017 9:11 AM
To: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Duran, Leo <leo.duran@amd.com<mailto:leo.duran@amd.com>>; Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org>
Cc: Tian, Feng <feng.tian@intel.com<mailto:feng.tian@intel.com>>; Singh, Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>
Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
On 02/08/17 18:05, Yao, Jiewen wrote:
> HI Leo
>
> Thanks to clarify that.
>
>
>
> If that is the case, do you think it will be better to limit this PCD to
> X64 only in DEC file. Such as [PcdsDynamic.X64, PcdsDynamicEx.X64]
Not sure if this is the best place to raise the following observation,
but it should do:
please everyone remember that PcdDxeIplSwitchToLongMode is only TRUE if
PEI is 32-bit and DXE is 64-bit. It is FALSE in *two* cases:
- both PEI and DXE are 32-bit, and
- both PEI and DXE are 64-bit.
This doesn't necessarily invalidate anything said thus fair in the
thread, but the following statement from Leo:
The SEV feature requires 64-bit LongMode, so the
PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time
does not follow. The PCD is FALSE in OvmfPkgX64.dsc.
Thanks,
Laszlo
>
>
>
> Thank you
>
> Yao Jiewen
>
>
>
> *From:*Duran, Leo [mailto:leo.duran@amd.com]
> *Sent:* Wednesday, February 8, 2017 9:00 AM
> *To:* Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org>
> *Cc:* Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Tian, Feng
> <feng.tian@intel.com<mailto:feng.tian@intel.com>>; Singh, Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>; Yao,
> Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
> *Subject:* RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
>
>
> Pease see reply below.
> Leo
>
>> -----Original Message-----
>> From: Zeng, Star [mailto:star.zeng@intel.com]
>> Sent: Tuesday, February 07, 2017 8:27 PM
>> To: Duran, Leo <leo.duran@amd.com <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com>>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org>
> <mailto:edk2-devel@ml01.01.org>
>> Cc: Laszlo Ersek <lersek@redhat.com
<mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
<mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com>>;
>> Singh, Brijesh <brijesh.singh@amd.com
<mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
<mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com>>;
>> Yao, Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com<mailto:jiewen.yao@intel.com %3cmailto:jiewen.yao@intel.com>>>
>> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>> PcdPteMemoryEncryptionAddressOrMask
>>
>> Does Create4GPageTablesIa32Pae() also need to be updated?
>>
>> Thanks,
>> Star
> [Duran, Leo]
> Hi Star,
> No, I do not think Create4GPageTablesIa32Pae() is in the execution path.
>
> The SEV feature requires 64-bit LongMode, so the PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time,
> in which case Create4GPageTablesIa32Pae() would *not* be called by HandOffToDxeCore().
>
>> -----Original Message-----
>> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
>> Leo Duran
>> Sent: Wednesday, February 8, 2017 3:54 AM
>> To: edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org> <mailto:edk2-devel@ml01.01.org>
>> Cc: Laszlo Ersek <lersek@redhat.com
<mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
<mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com>>;
>> Brijesh Singh <brijesh.singh@amd.com
<mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
<mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com>>;
>> Leo Duran <leo.duran@amd.com <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com>>>
>> Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>> PcdPteMemoryEncryptionAddressOrMask
>>
>> From: Brijesh Singh <brijesh.singh@amd.com <mailto:brijesh.singh@amd.com<mailto:brijesh.singh@amd.com %3cmailto:brijesh.singh@amd.com>>>
>>
>> This dynamic PCD holds the address mask for page table entries when
>> memory encryption is enabled on AMD processors supporting the Secure
>> Encrypted Virtualization (SEV) feature.
>>
>> Cc: Feng Tian <feng.tian@intel.com <mailto:feng.tian@intel.com<mailto:feng.tian@intel.com %3cmailto:feng.tian@intel.com>>>
>> Cc: Star Zeng <star.zeng@intel.com <mailto:star.zeng@intel.com<mailto:star.zeng@intel.com %3cmailto:star.zeng@intel.com>>>
>> Cc: Laszlo Ersek <lersek@redhat.com <mailto:lersek@redhat.com<mailto:lersek@redhat.com %3cmailto:lersek@redhat.com>>>
>> Contributed-under: TianoCore Contribution Agreement 1.0
>> Signed-off-by: Leo Duran <leo.duran@amd.com <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com>>>
>> ---
>> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
>> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18 ++++++++++--
>> ------
>> MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
>> 3 files changed, 22 insertions(+), 9 deletions(-)
>>
>> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>> index 2bc41be..d62bd9b 100644
>> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>> @@ -6,6 +6,8 @@
>> # needed to run the DXE Foundation.
>> #
>> # Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
>> # This program and the accompanying materials # are licensed and made
>> available under the terms and conditions of the BSD License # which
>> accompanies this distribution. The full text of the license may be found at
>> @@ -111,7 +113,8 @@ [FeaturePcd]
>> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ##
>> CONSUMES
>>
>> [Pcd.IA32,Pcd.X64]
>> - gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>> SOMETIMES_CONSUMES
>> + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>> SOMETIMES_CONSUMES
>> +
>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>> ask ## CONSUMES
>>
>> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
>> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ##
>> SOMETIMES_CONSUMES
>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>> index 790f6ab..2c52389 100644
>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>> @@ -16,6 +16,8 @@
>> 3) IA-32 Intel(R) Architecture Software Developer's Manual Volume
>> 3:System Programmer's Guide, Intel
>>
>> Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
>> +Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>> +
>> This program and the accompanying materials are licensed and made
>> available under the terms and conditions of the BSD License which
>> accompanies this distribution. The full text of the license may be found at
>> @@ -71,14 +73,14 @@ Split2MPageTo4K (
>> //
>> // Fill in 2M page entry.
>> //
>> - *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P |
>> IA32_PG_RW;
>> + *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64
>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>
>> PhysicalAddress4K = PhysicalAddress;
>> for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512;
>> IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=
>> SIZE_4KB) {
>> //
>> // Fill in the Page Table entries
>> //
>> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
>> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | PcdGet64
>> + (PcdPteMemoryEncryptionAddressOrMask);
>> PageTableEntry->Bits.ReadWrite = 1;
>> PageTableEntry->Bits.Present = 1;
>> if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K < StackBase +
>> StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M (
>> //
>> // Fill in 1G page entry.
>> //
>> - *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P |
>> IA32_PG_RW;
>> + *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64
>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>
>> PhysicalAddress2M = PhysicalAddress;
>> for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512;
>> IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M
>> += SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M (
>> //
>> // Fill in the Page Directory entries
>> //
>> - PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
>> + PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M |
>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>> PageDirectoryEntry->Bits.ReadWrite = 1;
>> PageDirectoryEntry->Bits.Present = 1;
>> PageDirectoryEntry->Bits.MustBe1 = 1; @@ -248,7 +250,7 @@
>> CreateIdentityMappingPageTables (
>> //
>> // Make a PML4 Entry
>> //
>> - PageMapLevel4Entry->Uint64 =
>> (UINT64)(UINTN)PageDirectoryPointerEntry;
>> + PageMapLevel4Entry->Uint64 =
>> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64
>> + (PcdPteMemoryEncryptionAddressOrMask);
>> PageMapLevel4Entry->Bits.ReadWrite = 1;
>> PageMapLevel4Entry->Bits.Present = 1;
>>
>> @@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
>> //
>> // Fill in the Page Directory entries
>> //
>> - PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
>> + PageDirectory1GEntry->Uint64 = (UINT64)PageAddress | PcdGet64
>> + (PcdPteMemoryEncryptionAddressOrMask);
>> PageDirectory1GEntry->Bits.ReadWrite = 1;
>> PageDirectory1GEntry->Bits.Present = 1;
>> PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -280,7 +282,7 @@
>> CreateIdentityMappingPageTables (
>> //
>> // Fill in a Page Directory Pointer Entries
>> //
>> - PageDirectoryPointerEntry->Uint64 =
>> (UINT64)(UINTN)PageDirectoryEntry;
>> + PageDirectoryPointerEntry->Uint64 =
>> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64
>> + (PcdPteMemoryEncryptionAddressOrMask);
>> PageDirectoryPointerEntry->Bits.ReadWrite = 1;
>> PageDirectoryPointerEntry->Bits.Present = 1;
>>
>> @@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
>> //
>> // Fill in the Page Directory entries
>> //
>> - PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
>> + PageDirectoryEntry->Uint64 = (UINT64)PageAddress | PcdGet64
>> + (PcdPteMemoryEncryptionAddressOrMask);
>> PageDirectoryEntry->Bits.ReadWrite = 1;
>> PageDirectoryEntry->Bits.Present = 1;
>> PageDirectoryEntry->Bits.MustBe1 = 1; diff --git
>> a/MdeModulePkg/MdeModulePkg.dec
>> b/MdeModulePkg/MdeModulePkg.dec index 273cd7e..207384f 100644
>> --- a/MdeModulePkg/MdeModulePkg.dec
>> +++ b/MdeModulePkg/MdeModulePkg.dec
>> @@ -6,6 +6,8 @@
>> # Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR> #
>> Copyright (c) 2016, Linaro Ltd. All rights reserved.<BR> # (C) Copyright 2016
>> Hewlett Packard Enterprise Development LP<BR>
>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
>> # This program and the accompanying materials are licensed and made
>> available under # the terms and conditions of the BSD License that
>> accompanies this distribution.
>> # The full text of the license may be found at @@ -1738,5 +1740,11 @@
>> [PcdsDynamic, PcdsDynamicEx]
>> # @Prompt If there is any test key used by the platform.
>>
>> gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x0
>> 0030003
>>
>> + ## This dynamic PCD holds the address mask for page table entries
>> + when memory encryption is # enabled on AMD processors supporting the
>> Secure Encrypted Virtualization (SEV) feature.
>> + # This mask should be applied when creating 1:1 virtual to physical
>> mapping tables.
>> + #
>> +
>> +
>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>> ask|0x0
>> + |UINT64|0x00030004
>> +
>> [UserExtensions.TianoCore."ExtraFiles"]
>> MdeModulePkgExtra.uni
>> --
>> 1.9.1
>>
>> _______________________________________________
>> edk2-devel mailing list
>> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> <mailto:edk2-devel@lists.01.org>
>> https://lists.01.org/mailman/listinfo/edk2-devel
>
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-08 17:28 ` Duran, Leo
@ 2017-02-08 17:56 ` Laszlo Ersek
2017-02-08 18:13 ` Yao, Jiewen
0 siblings, 1 reply; 33+ messages in thread
From: Laszlo Ersek @ 2017-02-08 17:56 UTC (permalink / raw)
To: Duran, Leo, Yao, Jiewen, Zeng, Star, edk2-devel@ml01.01.org
Cc: Tian, Feng, Singh, Brijesh
On 02/08/17 18:28, Duran, Leo wrote:
> Lazlo, et al,
> Please see reply below.
> Lleo
>
>> -----Original Message-----
>> From: Laszlo Ersek [mailto:lersek@redhat.com]
>> Sent: Wednesday, February 08, 2017 11:11 AM
>> To: Yao, Jiewen <jiewen.yao@intel.com>; Duran, Leo
>> <leo.duran@amd.com>; Zeng, Star <star.zeng@intel.com>; edk2-
>> devel@ml01.01.org
>> Cc: Tian, Feng <feng.tian@intel.com>; Singh, Brijesh
>> <brijesh.singh@amd.com>
>> Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>> PcdPteMemoryEncryptionAddressOrMask
>>
>> On 02/08/17 18:05, Yao, Jiewen wrote:
>>> HI Leo
>>>
>>> Thanks to clarify that.
>>>
>>>
>>>
>>> If that is the case, do you think it will be better to limit this PCD
>>> to
>>> X64 only in DEC file. Such as [PcdsDynamic.X64, PcdsDynamicEx.X64]
>>
>> Not sure if this is the best place to raise the following observation, but it
>> should do:
>>
>> please everyone remember that PcdDxeIplSwitchToLongMode is only TRUE
>> if PEI is 32-bit and DXE is 64-bit. It is FALSE in *two* cases:
>> - both PEI and DXE are 32-bit, and
>> - both PEI and DXE are 64-bit.
>>
>> This doesn't necessarily invalidate anything said thus fair in the thread, but
>> the following statement from Leo:
>>
>> The SEV feature requires 64-bit LongMode, so the
>> PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time
>>
>> does not follow. The PCD is FALSE in OvmfPkgX64.dsc.
> [Duran, Leo]
> Good points... I should have provided more context.
> 1) I had referred the "PEI is 32-bit and DXE is 64-bit."
> 2) If both PEI and DXE are 64-bit, then you would be executing the X64 of HandOffToDxe(), which does *not* call Create4GPageTables().
>
> That is, Create4GPageTables() only gets called in the "PEI is 32-bit" case.
Right. Now that you mention the function name HandOffToDxe(), I'm pretty
sure that I've looked at this several times in the past, I just couldn't
/ can't recall it now, without looking.
My goal was to ensure that all cases would be considered. Looks like
they have been. :) It would be nice if both the Ia32X64 and the X64 OVMF
platforms could work under SEV.
Thanks!
Laszlo
>
>>
>> Thanks,
>> Laszlo
>>
>>>
>>>
>>>
>>> Thank you
>>>
>>> Yao Jiewen
>>>
>>>
>>>
>>> *From:*Duran, Leo [mailto:leo.duran@amd.com]
>>> *Sent:* Wednesday, February 8, 2017 9:00 AM
>>> *To:* Zeng, Star <star.zeng@intel.com>; edk2-devel@ml01.01.org
>>> *Cc:* Laszlo Ersek <lersek@redhat.com>; Tian, Feng
>>> <feng.tian@intel.com>; Singh, Brijesh <brijesh.singh@amd.com>; Yao,
>>> Jiewen <jiewen.yao@intel.com>
>>> *Subject:* RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>> PcdPteMemoryEncryptionAddressOrMask
>>>
>>>
>>>
>>> Pease see reply below.
>>> Leo
>>>
>>>> -----Original Message-----
>>>> From: Zeng, Star [mailto:star.zeng@intel.com]
>>>> Sent: Tuesday, February 07, 2017 8:27 PM
>>>> To: Duran, Leo <leo.duran@amd.com <mailto:leo.duran@amd.com>>;
>>>> edk2-devel@ml01.01.org
>>> <mailto:edk2-devel@ml01.01.org>
>>>> Cc: Laszlo Ersek <lersek@redhat.com
>>> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
>>> <mailto:feng.tian@intel.com>>;
>>>> Singh, Brijesh <brijesh.singh@amd.com
>>> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
>>> <mailto:star.zeng@intel.com>>;
>>>> Yao, Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com>>
>>>> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>
>>>> Does Create4GPageTablesIa32Pae() also need to be updated?
>>>>
>>>> Thanks,
>>>> Star
>>> [Duran, Leo]
>>> Hi Star,
>>> No, I do not think Create4GPageTablesIa32Pae() is in the execution path.
>>>
>>> The SEV feature requires 64-bit LongMode, so the
>>> PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time, in which
>> case Create4GPageTablesIa32Pae() would *not* be called by
>> HandOffToDxeCore().
>>>
>>>> -----Original Message-----
>>>> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf
>>>> Of Leo Duran
>>>> Sent: Wednesday, February 8, 2017 3:54 AM
>>>> To: edk2-devel@ml01.01.org <mailto:edk2-devel@ml01.01.org>
>>>> Cc: Laszlo Ersek <lersek@redhat.com
>>> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
>>> <mailto:feng.tian@intel.com>>;
>>>> Brijesh Singh <brijesh.singh@amd.com
>>> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
>>> <mailto:star.zeng@intel.com>>;
>>>> Leo Duran <leo.duran@amd.com <mailto:leo.duran@amd.com>>
>>>> Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>
>>>> From: Brijesh Singh <brijesh.singh@amd.com
>>>> <mailto:brijesh.singh@amd.com>>
>>>>
>>>> This dynamic PCD holds the address mask for page table entries when
>>>> memory encryption is enabled on AMD processors supporting the Secure
>>>> Encrypted Virtualization (SEV) feature.
>>>>
>>>> Cc: Feng Tian <feng.tian@intel.com <mailto:feng.tian@intel.com>>
>>>> Cc: Star Zeng <star.zeng@intel.com <mailto:star.zeng@intel.com>>
>>>> Cc: Laszlo Ersek <lersek@redhat.com <mailto:lersek@redhat.com>>
>>>> Contributed-under: TianoCore Contribution Agreement 1.0
>>>> Signed-off-by: Leo Duran <leo.duran@amd.com
>>>> <mailto:leo.duran@amd.com>>
>>>> ---
>>>> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
>>>> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18
>> ++++++++++--
>>>> ------
>>>> MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
>>>> 3 files changed, 22 insertions(+), 9 deletions(-)
>>>>
>>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>> index 2bc41be..d62bd9b 100644
>>>> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>> @@ -6,6 +6,8 @@
>>>> # needed to run the DXE Foundation.
>>>> #
>>>> # Copyright (c) 2006 - 2016, Intel Corporation. All rights
>>>> reserved.<BR>
>>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
>>>> # This program and the accompanying materials # are licensed and
>>>> made available under the terms and conditions of the BSD License #
>>>> which accompanies this distribution. The full text of the license
>>>> may be found at @@ -111,7 +113,8 @@ [FeaturePcd]
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress
>> ##
>>>> CONSUMES
>>>>
>>>> [Pcd.IA32,Pcd.X64]
>>>> - gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>>> SOMETIMES_CONSUMES
>>>> + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>>> SOMETIMES_CONSUMES
>>>> +
>>>>
>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>>> ask ## CONSUMES
>>>>
>>>> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ##
>>>> SOMETIMES_CONSUMES
>>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>> index 790f6ab..2c52389 100644
>>>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>> @@ -16,6 +16,8 @@
>>>> 3) IA-32 Intel(R) Architecture Software Developer's Manual
>>>> Volume 3:System Programmer's Guide, Intel
>>>>
>>>> Copyright (c) 2006 - 2016, Intel Corporation. All rights
>>>> reserved.<BR>
>>>> +Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>>>> +
>>>> This program and the accompanying materials are licensed and made
>>>> available under the terms and conditions of the BSD License which
>>>> accompanies this distribution. The full text of the license may be
>>>> found at @@ -71,14 +73,14 @@ Split2MPageTo4K (
>>>> //
>>>> // Fill in 2M page entry.
>>>> //
>>>> - *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P |
>>>> IA32_PG_RW;
>>>> + *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P |
>> IA32_PG_RW;
>>>>
>>>> PhysicalAddress4K = PhysicalAddress;
>>>> for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512;
>>>> IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=
>>>> SIZE_4KB) {
>>>> //
>>>> // Fill in the Page Table entries
>>>> //
>>>> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
>>>> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageTableEntry->Bits.ReadWrite = 1;
>>>> PageTableEntry->Bits.Present = 1;
>>>> if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K <
>>>> StackBase +
>>>> StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M (
>>>> //
>>>> // Fill in 1G page entry.
>>>> //
>>>> - *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P |
>>>> IA32_PG_RW;
>>>> + *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P |
>> IA32_PG_RW;
>>>>
>>>> PhysicalAddress2M = PhysicalAddress;
>>>> for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries
>>>> < 512;
>>>> IndexOfPageDirectoryEntries++, PageDirectoryEntry++,
>>>> IndexOfPageDirectoryEntries++PhysicalAddress2M
>>>> += SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M (
>>>> //
>>>> // Fill in the Page Directory entries
>>>> //
>>>> - PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
>>>> + PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M |
>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>>> PageDirectoryEntry->Bits.Present = 1;
>>>> PageDirectoryEntry->Bits.MustBe1 = 1; @@ -248,7 +250,7 @@
>>>> CreateIdentityMappingPageTables (
>>>> //
>>>> // Make a PML4 Entry
>>>> //
>>>> - PageMapLevel4Entry->Uint64 =
>>>> (UINT64)(UINTN)PageDirectoryPointerEntry;
>>>> + PageMapLevel4Entry->Uint64 =
>>>> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageMapLevel4Entry->Bits.ReadWrite = 1;
>>>> PageMapLevel4Entry->Bits.Present = 1;
>>>>
>>>> @@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
>>>> //
>>>> // Fill in the Page Directory entries
>>>> //
>>>> - PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
>>>> + PageDirectory1GEntry->Uint64 = (UINT64)PageAddress |
>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageDirectory1GEntry->Bits.ReadWrite = 1;
>>>> PageDirectory1GEntry->Bits.Present = 1;
>>>> PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -280,7 +282,7
>>>> @@ CreateIdentityMappingPageTables (
>>>> //
>>>> // Fill in a Page Directory Pointer Entries
>>>> //
>>>> - PageDirectoryPointerEntry->Uint64 =
>>>> (UINT64)(UINTN)PageDirectoryEntry;
>>>> + PageDirectoryPointerEntry->Uint64 =
>>>> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageDirectoryPointerEntry->Bits.ReadWrite = 1;
>>>> PageDirectoryPointerEntry->Bits.Present = 1;
>>>>
>>>> @@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
>>>> //
>>>> // Fill in the Page Directory entries
>>>> //
>>>> - PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
>>>> + PageDirectoryEntry->Uint64 = (UINT64)PageAddress |
>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>>> PageDirectoryEntry->Bits.Present = 1;
>>>> PageDirectoryEntry->Bits.MustBe1 = 1; diff --git
>>>> a/MdeModulePkg/MdeModulePkg.dec
>> b/MdeModulePkg/MdeModulePkg.dec index
>>>> 273cd7e..207384f 100644
>>>> --- a/MdeModulePkg/MdeModulePkg.dec
>>>> +++ b/MdeModulePkg/MdeModulePkg.dec
>>>> @@ -6,6 +6,8 @@
>>>> # Copyright (c) 2007 - 2017, Intel Corporation. All rights
>>>> reserved.<BR> # Copyright (c) 2016, Linaro Ltd. All rights
>>>> reserved.<BR> # (C) Copyright 2016 Hewlett Packard Enterprise
>>>> Development LP<BR>
>>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
>>>> # This program and the accompanying materials are licensed and made
>>>> available under # the terms and conditions of the BSD License that
>>>> accompanies this distribution.
>>>> # The full text of the license may be found at @@ -1738,5 +1740,11
>>>> @@ [PcdsDynamic, PcdsDynamicEx]
>>>> # @Prompt If there is any test key used by the platform.
>>>>
>>>>
>> gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x0
>>>> 0030003
>>>>
>>>> + ## This dynamic PCD holds the address mask for page table entries
>>>> + when memory encryption is # enabled on AMD processors supporting
>>>> + the
>>>> Secure Encrypted Virtualization (SEV) feature.
>>>> + # This mask should be applied when creating 1:1 virtual to
>>>> + physical
>>>> mapping tables.
>>>> + #
>>>> +
>>>> +
>>>>
>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>>> ask|0x0
>>>> + |UINT64|0x00030004
>>>> +
>>>> [UserExtensions.TianoCore."ExtraFiles"]
>>>> MdeModulePkgExtra.uni
>>>> --
>>>> 1.9.1
>>>>
>>>> _______________________________________________
>>>> edk2-devel mailing list
>>>> edk2-devel@lists.01.org <mailto:edk2-devel@lists.01.org>
>>>> https://lists.01.org/mailman/listinfo/edk2-devel
>>>
>
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-08 17:56 ` Laszlo Ersek
@ 2017-02-08 18:13 ` Yao, Jiewen
2017-02-08 18:36 ` Laszlo Ersek
0 siblings, 1 reply; 33+ messages in thread
From: Yao, Jiewen @ 2017-02-08 18:13 UTC (permalink / raw)
To: Laszlo Ersek, Duran, Leo, Zeng, Star, edk2-devel@ml01.01.org
Cc: Tian, Feng, Singh, Brijesh, Yao, Jiewen
I think X64 DXEIPL *may* create page table for X64 DXE. It is controlled by PcdDxeIplBuildPageTables.
if (FeaturePcdGet (PcdDxeIplBuildPageTables)) {
//
// Create page table and save PageMapLevel4 to CR3
//
PageTables = CreateIdentityMappingPageTables ((EFI_PHYSICAL_ADDRESS) (UINTN) BaseOfStack, STACK_SIZE);
Thank you
Yao Jiewen
From: Laszlo Ersek [mailto:lersek@redhat.com]
Sent: Wednesday, February 8, 2017 9:56 AM
To: Duran, Leo <leo.duran@amd.com>; Yao, Jiewen <jiewen.yao@intel.com>; Zeng, Star <star.zeng@intel.com>; edk2-devel@ml01.01.org
Cc: Tian, Feng <feng.tian@intel.com>; Singh, Brijesh <brijesh.singh@amd.com>
Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
On 02/08/17 18:28, Duran, Leo wrote:
> Lazlo, et al,
> Please see reply below.
> Lleo
>
>> -----Original Message-----
>> From: Laszlo Ersek [mailto:lersek@redhat.com]
>> Sent: Wednesday, February 08, 2017 11:11 AM
>> To: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Duran, Leo
>> <leo.duran@amd.com<mailto:leo.duran@amd.com>>; Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com>>; edk2-
>> devel@ml01.01.org<mailto:devel@ml01.01.org>
>> Cc: Tian, Feng <feng.tian@intel.com<mailto:feng.tian@intel.com>>; Singh, Brijesh
>> <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>
>> Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>> PcdPteMemoryEncryptionAddressOrMask
>>
>> On 02/08/17 18:05, Yao, Jiewen wrote:
>>> HI Leo
>>>
>>> Thanks to clarify that.
>>>
>>>
>>>
>>> If that is the case, do you think it will be better to limit this PCD
>>> to
>>> X64 only in DEC file. Such as [PcdsDynamic.X64, PcdsDynamicEx.X64]
>>
>> Not sure if this is the best place to raise the following observation, but it
>> should do:
>>
>> please everyone remember that PcdDxeIplSwitchToLongMode is only TRUE
>> if PEI is 32-bit and DXE is 64-bit. It is FALSE in *two* cases:
>> - both PEI and DXE are 32-bit, and
>> - both PEI and DXE are 64-bit.
>>
>> This doesn't necessarily invalidate anything said thus fair in the thread, but
>> the following statement from Leo:
>>
>> The SEV feature requires 64-bit LongMode, so the
>> PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time
>>
>> does not follow. The PCD is FALSE in OvmfPkgX64.dsc.
> [Duran, Leo]
> Good points... I should have provided more context.
> 1) I had referred the "PEI is 32-bit and DXE is 64-bit."
> 2) If both PEI and DXE are 64-bit, then you would be executing the X64 of HandOffToDxe(), which does *not* call Create4GPageTables().
>
> That is, Create4GPageTables() only gets called in the "PEI is 32-bit" case.
Right. Now that you mention the function name HandOffToDxe(), I'm pretty
sure that I've looked at this several times in the past, I just couldn't
/ can't recall it now, without looking.
My goal was to ensure that all cases would be considered. Looks like
they have been. :) It would be nice if both the Ia32X64 and the X64 OVMF
platforms could work under SEV.
Thanks!
Laszlo
>
>>
>> Thanks,
>> Laszlo
>>
>>>
>>>
>>>
>>> Thank you
>>>
>>> Yao Jiewen
>>>
>>>
>>>
>>> *From:*Duran, Leo [mailto:leo.duran@amd.com]
>>> *Sent:* Wednesday, February 8, 2017 9:00 AM
>>> *To:* Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org>
>>> *Cc:* Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Tian, Feng
>>> <feng.tian@intel.com<mailto:feng.tian@intel.com>>; Singh, Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>; Yao,
>>> Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
>>> *Subject:* RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>> PcdPteMemoryEncryptionAddressOrMask
>>>
>>>
>>>
>>> Pease see reply below.
>>> Leo
>>>
>>>> -----Original Message-----
>>>> From: Zeng, Star [mailto:star.zeng@intel.com]
>>>> Sent: Tuesday, February 07, 2017 8:27 PM
>>>> To: Duran, Leo <leo.duran@amd.com <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com>>>;
>>>> edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org>
>>> <mailto:edk2-devel@ml01.01.org>
>>>> Cc: Laszlo Ersek <lersek@redhat.com
<mailto:lersek@redhat.com%0b>>>> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
<mailto:feng.tian@intel.com%0b>>>> <mailto:feng.tian@intel.com>>;
>>>> Singh, Brijesh <brijesh.singh@amd.com
<mailto:brijesh.singh@amd.com%0b>>>> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
<mailto:star.zeng@intel.com%0b>>>> <mailto:star.zeng@intel.com>>;
>>>> Yao, Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com<mailto:jiewen.yao@intel.com %3cmailto:jiewen.yao@intel.com>>>
>>>> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>
>>>> Does Create4GPageTablesIa32Pae() also need to be updated?
>>>>
>>>> Thanks,
>>>> Star
>>> [Duran, Leo]
>>> Hi Star,
>>> No, I do not think Create4GPageTablesIa32Pae() is in the execution path.
>>>
>>> The SEV feature requires 64-bit LongMode, so the
>>> PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time, in which
>> case Create4GPageTablesIa32Pae() would *not* be called by
>> HandOffToDxeCore().
>>>
>>>> -----Original Message-----
>>>> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf
>>>> Of Leo Duran
>>>> Sent: Wednesday, February 8, 2017 3:54 AM
>>>> To: edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org> <mailto:edk2-devel@ml01.01.org>
>>>> Cc: Laszlo Ersek <lersek@redhat.com
<mailto:lersek@redhat.com%0b>>>> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
<mailto:feng.tian@intel.com%0b>>>> <mailto:feng.tian@intel.com>>;
>>>> Brijesh Singh <brijesh.singh@amd.com
<mailto:brijesh.singh@amd.com%0b>>>> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
<mailto:star.zeng@intel.com%0b>>>> <mailto:star.zeng@intel.com>>;
>>>> Leo Duran <leo.duran@amd.com <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com>>>
>>>> Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>
>>>> From: Brijesh Singh <brijesh.singh@amd.com
<mailto:brijesh.singh@amd.com%0b>>>>> <mailto:brijesh.singh@amd.com>>
>>>>
>>>> This dynamic PCD holds the address mask for page table entries when
>>>> memory encryption is enabled on AMD processors supporting the Secure
>>>> Encrypted Virtualization (SEV) feature.
>>>>
>>>> Cc: Feng Tian <feng.tian@intel.com <mailto:feng.tian@intel.com<mailto:feng.tian@intel.com %3cmailto:feng.tian@intel.com>>>
>>>> Cc: Star Zeng <star.zeng@intel.com <mailto:star.zeng@intel.com<mailto:star.zeng@intel.com %3cmailto:star.zeng@intel.com>>>
>>>> Cc: Laszlo Ersek <lersek@redhat.com <mailto:lersek@redhat.com<mailto:lersek@redhat.com %3cmailto:lersek@redhat.com>>>
>>>> Contributed-under: TianoCore Contribution Agreement 1.0
>>>> Signed-off-by: Leo Duran <leo.duran@amd.com
<mailto:leo.duran@amd.com%0b>>>>> <mailto:leo.duran@amd.com>>
>>>> ---
>>>> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
>>>> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18
>> ++++++++++--
>>>> ------
>>>> MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
>>>> 3 files changed, 22 insertions(+), 9 deletions(-)
>>>>
>>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>> index 2bc41be..d62bd9b 100644
>>>> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>> @@ -6,6 +6,8 @@
>>>> # needed to run the DXE Foundation.
>>>> #
>>>> # Copyright (c) 2006 - 2016, Intel Corporation. All rights
>>>> reserved.<BR>
>>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
>>>> # This program and the accompanying materials # are licensed and
>>>> made available under the terms and conditions of the BSD License #
>>>> which accompanies this distribution. The full text of the license
>>>> may be found at @@ -111,7 +113,8 @@ [FeaturePcd]
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress
>> ##
>>>> CONSUMES
>>>>
>>>> [Pcd.IA32,Pcd.X64]
>>>> - gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>>> SOMETIMES_CONSUMES
>>>> + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>>> SOMETIMES_CONSUMES
>>>> +
>>>>
>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>>> ask ## CONSUMES
>>>>
>>>> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ##
>>>> SOMETIMES_CONSUMES
>>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>> index 790f6ab..2c52389 100644
>>>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>> @@ -16,6 +16,8 @@
>>>> 3) IA-32 Intel(R) Architecture Software Developer's Manual
>>>> Volume 3:System Programmer's Guide, Intel
>>>>
>>>> Copyright (c) 2006 - 2016, Intel Corporation. All rights
>>>> reserved.<BR>
>>>> +Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>>>> +
>>>> This program and the accompanying materials are licensed and made
>>>> available under the terms and conditions of the BSD License which
>>>> accompanies this distribution. The full text of the license may be
>>>> found at @@ -71,14 +73,14 @@ Split2MPageTo4K (
>>>> //
>>>> // Fill in 2M page entry.
>>>> //
>>>> - *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P |
>>>> IA32_PG_RW;
>>>> + *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P |
>> IA32_PG_RW;
>>>>
>>>> PhysicalAddress4K = PhysicalAddress;
>>>> for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512;
>>>> IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=
>>>> SIZE_4KB) {
>>>> //
>>>> // Fill in the Page Table entries
>>>> //
>>>> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
>>>> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageTableEntry->Bits.ReadWrite = 1;
>>>> PageTableEntry->Bits.Present = 1;
>>>> if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K <
>>>> StackBase +
>>>> StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M (
>>>> //
>>>> // Fill in 1G page entry.
>>>> //
>>>> - *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P |
>>>> IA32_PG_RW;
>>>> + *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P |
>> IA32_PG_RW;
>>>>
>>>> PhysicalAddress2M = PhysicalAddress;
>>>> for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries
>>>> < 512;
>>>> IndexOfPageDirectoryEntries++, PageDirectoryEntry++,
>>>> IndexOfPageDirectoryEntries++PhysicalAddress2M
>>>> += SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M (
>>>> //
>>>> // Fill in the Page Directory entries
>>>> //
>>>> - PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
>>>> + PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M |
>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>>> PageDirectoryEntry->Bits.Present = 1;
>>>> PageDirectoryEntry->Bits.MustBe1 = 1; @@ -248,7 +250,7 @@
>>>> CreateIdentityMappingPageTables (
>>>> //
>>>> // Make a PML4 Entry
>>>> //
>>>> - PageMapLevel4Entry->Uint64 =
>>>> (UINT64)(UINTN)PageDirectoryPointerEntry;
>>>> + PageMapLevel4Entry->Uint64 =
>>>> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageMapLevel4Entry->Bits.ReadWrite = 1;
>>>> PageMapLevel4Entry->Bits.Present = 1;
>>>>
>>>> @@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
>>>> //
>>>> // Fill in the Page Directory entries
>>>> //
>>>> - PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
>>>> + PageDirectory1GEntry->Uint64 = (UINT64)PageAddress |
>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageDirectory1GEntry->Bits.ReadWrite = 1;
>>>> PageDirectory1GEntry->Bits.Present = 1;
>>>> PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -280,7 +282,7
>>>> @@ CreateIdentityMappingPageTables (
>>>> //
>>>> // Fill in a Page Directory Pointer Entries
>>>> //
>>>> - PageDirectoryPointerEntry->Uint64 =
>>>> (UINT64)(UINTN)PageDirectoryEntry;
>>>> + PageDirectoryPointerEntry->Uint64 =
>>>> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageDirectoryPointerEntry->Bits.ReadWrite = 1;
>>>> PageDirectoryPointerEntry->Bits.Present = 1;
>>>>
>>>> @@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
>>>> //
>>>> // Fill in the Page Directory entries
>>>> //
>>>> - PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
>>>> + PageDirectoryEntry->Uint64 = (UINT64)PageAddress |
>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>>> PageDirectoryEntry->Bits.Present = 1;
>>>> PageDirectoryEntry->Bits.MustBe1 = 1; diff --git
>>>> a/MdeModulePkg/MdeModulePkg.dec
>> b/MdeModulePkg/MdeModulePkg.dec index
>>>> 273cd7e..207384f 100644
>>>> --- a/MdeModulePkg/MdeModulePkg.dec
>>>> +++ b/MdeModulePkg/MdeModulePkg.dec
>>>> @@ -6,6 +6,8 @@
>>>> # Copyright (c) 2007 - 2017, Intel Corporation. All rights
>>>> reserved.<BR> # Copyright (c) 2016, Linaro Ltd. All rights
>>>> reserved.<BR> # (C) Copyright 2016 Hewlett Packard Enterprise
>>>> Development LP<BR>
>>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
>>>> # This program and the accompanying materials are licensed and made
>>>> available under # the terms and conditions of the BSD License that
>>>> accompanies this distribution.
>>>> # The full text of the license may be found at @@ -1738,5 +1740,11
>>>> @@ [PcdsDynamic, PcdsDynamicEx]
>>>> # @Prompt If there is any test key used by the platform.
>>>>
>>>>
>> gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x0
>>>> 0030003
>>>>
>>>> + ## This dynamic PCD holds the address mask for page table entries
>>>> + when memory encryption is # enabled on AMD processors supporting
>>>> + the
>>>> Secure Encrypted Virtualization (SEV) feature.
>>>> + # This mask should be applied when creating 1:1 virtual to
>>>> + physical
>>>> mapping tables.
>>>> + #
>>>> +
>>>> +
>>>>
>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>>> ask|0x0
>>>> + |UINT64|0x00030004
>>>> +
>>>> [UserExtensions.TianoCore."ExtraFiles"]
>>>> MdeModulePkgExtra.uni
>>>> --
>>>> 1.9.1
>>>>
>>>> _______________________________________________
>>>> edk2-devel mailing list
>>>> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> <mailto:edk2-devel@lists.01.org>
>>>> https://lists.01.org/mailman/listinfo/edk2-devel
>>>
>
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-08 17:51 ` Laszlo Ersek
@ 2017-02-08 18:20 ` Yao, Jiewen
2017-02-08 19:47 ` Laszlo Ersek
0 siblings, 1 reply; 33+ messages in thread
From: Yao, Jiewen @ 2017-02-08 18:20 UTC (permalink / raw)
To: Laszlo Ersek, Duran, Leo, Zeng, Star, edk2-devel@ml01.01.org
Cc: Tian, Feng, Singh, Brijesh, Justen, Jordan L, Yao, Jiewen
Got it.
If the means of PcdDxeIplSwitchtoLongMode is unclear, we may add more description to make it clear.
If we believe "PcdDxeIplSwitchtoLongMode == DXE is Long mode" as final conclusion, can we treat that as a bug and fix OVMF X64?
Thank you
Yao Jiewen
From: Laszlo Ersek [mailto:lersek@redhat.com]
Sent: Wednesday, February 8, 2017 9:52 AM
To: Yao, Jiewen <jiewen.yao@intel.com>; Duran, Leo <leo.duran@amd.com>; Zeng, Star <star.zeng@intel.com>; edk2-devel@ml01.01.org
Cc: Tian, Feng <feng.tian@intel.com>; Singh, Brijesh <brijesh.singh@amd.com>; Justen, Jordan L <jordan.l.justen@intel.com>
Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
On 02/08/17 18:27, Yao, Jiewen wrote:
> I believe PcdDxeIplSwitchtoLongMode == DXE is Long mode.
>
>
>
> See DEC description:
>
> # It is assumed that 64-bit DxeCore is built in firmware if it is
> true; otherwise 32-bit DxeCore
>
> # is built in firmware.<BR><BR>
Unfortunately, I have no historical context or background for this PCD;
all I can say is that the X64 OVMF platform does not set the PCD.
It enters long mode, and sets up page tables for the first 4GB of RAM,
in SEC. Then SEC decompresses the flash contents to RAM, which covers
both PEIFV and DXEFV. PEI runs from RAM.
This is possible because on QEMU/KVM, there's no need to initialize RAM,
thus only SEC runs from flash, in-place.
Perhaps Jordan can provide more insight.
If Brijesh and Leo would like to run the X64 OVMF platform as a SEV
guest too, then this should be considered, in my opinion.
One more comment below:
>
>
>
> And the code MdeModulePkg\Universal\Acpi\S3SaveStateDxe\AcpiS3ContextSave.c:
>
>
>
> BOOLEAN
>
> IsLongModeWakingVectorSupport (
>
> IN EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE*Facs
>
> )
>
> {
>
> if((Facs == NULL) ||
>
> (Facs->Signature !=
> EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_SIGNATURE) ) {
>
> //
>
> // Something wrong with FACS.
>
> //
>
> returnFALSE;
>
> }
>
> if((Facs->Version ==
> EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_VERSION) &&
>
> ((Facs->Flags & EFI_ACPI_4_0_64BIT_WAKE_SUPPORTED_F) != 0)) {
>
> //
>
> // BIOS supports 64bit waking vector.
>
> //
>
> if(FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
>
> returnTRUE;
>
> }
>
> }
>
> returnFALSE;
>
> }
In practice, it's okay if the OVMF X64 platform is recognized as "not
supporting a 64-bit waking vector for S3 resume". All the 64-bit guest
OSes that I've tested with OVMF X64 (Linux, and the Windows 7 / 8 / 10
families, both client and server) use a real mode (16-bit) waking
vector, in practice.
... Actually, upon reviewing the above code more carefully, we don't
even reach the FeaturePcdGet() call: the FACS that QEMU generates (and
OVMF downloads and installs) corresponds to ACPI 1.0, that is,
EFI_ACPI_1_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_VERSION.
Thanks
Laszlo
>
>
>
>
>
> Thank you
>
> Yao Jiewen
>
>
>
> *From:*edk2-devel [mailto:edk2-devel-bounces@lists.01.org] *On Behalf Of
> *Yao, Jiewen
> *Sent:* Wednesday, February 8, 2017 9:18 AM
> *To:* Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Duran, Leo <leo.duran@amd.com<mailto:leo.duran@amd.com>>;
> Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org>
> *Cc:* Tian, Feng <feng.tian@intel.com<mailto:feng.tian@intel.com>>; Singh, Brijesh
> <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>
> *Subject:* Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
>
>
> Good reminder. I take back my word.
>
> In this case, we need consume PcdPteMemoryEncryptionAddressOrMask in IA32 mode to build X64 paging.
>
> We need
>
> From: Laszlo Ersek [mailto:lersek@redhat.com]
> Sent: Wednesday, February 8, 2017 9:11 AM
> To: Yao, Jiewen <jiewen.yao@intel.com
<mailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com>>; Duran, Leo <leo.duran@amd.com
<mailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com>>; Zeng, Star <star.zeng@intel.com
<mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org>
> <mailto:edk2-devel@ml01.01.org>
> Cc: Tian, Feng <feng.tian@intel.com
<mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com>>; Singh, Brijesh <brijesh.singh@amd.com
<mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com>>
> Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
>
> On 02/08/17 18:05, Yao, Jiewen wrote:
>> HI Leo
>>
>> Thanks to clarify that.
>>
>>
>>
>> If that is the case, do you think it will be better to limit this PCD to
>> X64 only in DEC file. Such as [PcdsDynamic.X64, PcdsDynamicEx.X64]
>
> Not sure if this is the best place to raise the following observation,
> but it should do:
>
> please everyone remember that PcdDxeIplSwitchToLongMode is only TRUE if
> PEI is 32-bit and DXE is 64-bit. It is FALSE in *two* cases:
> - both PEI and DXE are 32-bit, and
> - both PEI and DXE are 64-bit.
>
> This doesn't necessarily invalidate anything said thus fair in the
> thread, but the following statement from Leo:
>
> The SEV feature requires 64-bit LongMode, so the
> PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time
>
> does not follow. The PCD is FALSE in OvmfPkgX64.dsc.
>
> Thanks,
> Laszlo
>
>>
>>
>>
>> Thank you
>>
>> Yao Jiewen
>>
>>
>>
>> *From:*Duran, Leo [mailto:leo.duran@amd.com]
>> *Sent:* Wednesday, February 8, 2017 9:00 AM
>> *To:* Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com
<mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com>>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>> *Cc:* Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com
<mailto:lersek@redhat.com%3cmailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%3cmailto:lersek@redhat.com>>>; Tian, Feng
>> <feng.tian@intel.com<mailto:feng.tian@intel.com
<mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com>>>; Singh, Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com
<mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com>>>; Yao,
>> Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com
<mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com>>>
>> *Subject:* RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>> PcdPteMemoryEncryptionAddressOrMask
>>
>>
>>
>> Pease see reply below.
>> Leo
>>
>>> -----Original Message-----
>>> From: Zeng, Star [mailto:star.zeng@intel.com]
>>> Sent: Tuesday, February 07, 2017 8:27 PM
>>> To: Duran, Leo <leo.duran@amd.com <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com
<mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com>>>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>> <mailto:edk2-devel@ml01.01.org>
>>> Cc: Laszlo Ersek <lersek@redhat.com
<mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%0b
<mailto:lersek@redhat.com%0b%0b>> <mailto:lersek@redhat.com%0b%3cmailto:lersek@redhat.com%0b>>> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
<mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com%0b
<mailto:feng.tian@intel.com%0b%0b>> <mailto:feng.tian@intel.com%0b%3cmailto:feng.tian@intel.com%0b>>> <mailto:feng.tian@intel.com>>;
>>> Singh, Brijesh <brijesh.singh@amd.com
<mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%0b
<mailto:brijesh.singh@amd.com%0b%0b>> <mailto:brijesh.singh@amd.com%0b%3cmailto:brijesh.singh@amd.com%0b>>> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
<mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com%0b
<mailto:star.zeng@intel.com%0b%0b>> <mailto:star.zeng@intel.com%0b%3cmailto:star.zeng@intel.com%0b>>> <mailto:star.zeng@intel.com>>;
>>> Yao, Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com<mailto:jiewen.yao@intel.com %3cmailto:jiewen.yao@intel.com
<mailto:jiewen.yao@intel.com %3cmailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com %3cmailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com %3cmailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com %3cmailto:jiewen.yao@intel.com>>>>
>>> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>> PcdPteMemoryEncryptionAddressOrMask
>>>
>>> Does Create4GPageTablesIa32Pae() also need to be updated?
>>>
>>> Thanks,
>>> Star
>> [Duran, Leo]
>> Hi Star,
>> No, I do not think Create4GPageTablesIa32Pae() is in the execution path.
>>
>> The SEV feature requires 64-bit LongMode, so the PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time,
>> in which case Create4GPageTablesIa32Pae() would *not* be called by HandOffToDxeCore().
>>
>>> -----Original Message-----
>>> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
>>> Leo Duran
>>> Sent: Wednesday, February 8, 2017 3:54 AM
>>> To: edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>> <mailto:edk2-devel@ml01.01.org>
>>> Cc: Laszlo Ersek <lersek@redhat.com
<mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%0b
<mailto:lersek@redhat.com%0b%0b>> <mailto:lersek@redhat.com%0b%3cmailto:lersek@redhat.com%0b>>> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
<mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com%0b
<mailto:feng.tian@intel.com%0b%0b>> <mailto:feng.tian@intel.com%0b%3cmailto:feng.tian@intel.com%0b>>> <mailto:feng.tian@intel.com>>;
>>> Brijesh Singh <brijesh.singh@amd.com
<mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%0b
<mailto:brijesh.singh@amd.com%0b%0b>> <mailto:brijesh.singh@amd.com%0b%3cmailto:brijesh.singh@amd.com%0b>>> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
<mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com%0b
<mailto:star.zeng@intel.com%0b%0b>> <mailto:star.zeng@intel.com%0b%3cmailto:star.zeng@intel.com%0b>>> <mailto:star.zeng@intel.com>>;
>>> Leo Duran <leo.duran@amd.com <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com
<mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com>>>>
>>> Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>> PcdPteMemoryEncryptionAddressOrMask
>>>
>>> From: Brijesh Singh <brijesh.singh@amd.com <mailto:brijesh.singh@amd.com<mailto:brijesh.singh@amd.com %3cmailto:brijesh.singh@amd.com
<mailto:brijesh.singh@amd.com %3cmailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com %3cmailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com %3cmailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com %3cmailto:brijesh.singh@amd.com>>>>
>>>
>>> This dynamic PCD holds the address mask for page table entries when
>>> memory encryption is enabled on AMD processors supporting the Secure
>>> Encrypted Virtualization (SEV) feature.
>>>
>>> Cc: Feng Tian <feng.tian@intel.com <mailto:feng.tian@intel.com<mailto:feng.tian@intel.com %3cmailto:feng.tian@intel.com
<mailto:feng.tian@intel.com %3cmailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com %3cmailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com %3cmailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com %3cmailto:feng.tian@intel.com>>>>
>>> Cc: Star Zeng <star.zeng@intel.com <mailto:star.zeng@intel.com<mailto:star.zeng@intel.com %3cmailto:star.zeng@intel.com
<mailto:star.zeng@intel.com %3cmailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com %3cmailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com %3cmailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com %3cmailto:star.zeng@intel.com>>>>
>>> Cc: Laszlo Ersek <lersek@redhat.com <mailto:lersek@redhat.com<mailto:lersek@redhat.com %3cmailto:lersek@redhat.com
<mailto:lersek@redhat.com %3cmailto:lersek@redhat.com%3cmailto:lersek@redhat.com %3cmailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com %3cmailto:lersek@redhat.com%3cmailto:lersek@redhat.com %3cmailto:lersek@redhat.com>>>>
>>> Contributed-under: TianoCore Contribution Agreement 1.0
>>> Signed-off-by: Leo Duran <leo.duran@amd.com <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com
<mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com>>>>
>>> ---
>>> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
>>> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18 ++++++++++--
>>> ------
>>> MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
>>> 3 files changed, 22 insertions(+), 9 deletions(-)
>>>
>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>> index 2bc41be..d62bd9b 100644
>>> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>> @@ -6,6 +6,8 @@
>>> # needed to run the DXE Foundation.
>>> #
>>> # Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
>>> # This program and the accompanying materials # are licensed and made
>>> available under the terms and conditions of the BSD License # which
>>> accompanies this distribution. The full text of the license may be found at
>>> @@ -111,7 +113,8 @@ [FeaturePcd]
>>> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ##
>>> CONSUMES
>>>
>>> [Pcd.IA32,Pcd.X64]
>>> - gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>> SOMETIMES_CONSUMES
>>> + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>> SOMETIMES_CONSUMES
>>> +
>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>> ask ## CONSUMES
>>>
>>> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
>>> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ##
>>> SOMETIMES_CONSUMES
>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>> index 790f6ab..2c52389 100644
>>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>> @@ -16,6 +16,8 @@
>>> 3) IA-32 Intel(R) Architecture Software Developer's Manual Volume
>>> 3:System Programmer's Guide, Intel
>>>
>>> Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
>>> +Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>>> +
>>> This program and the accompanying materials are licensed and made
>>> available under the terms and conditions of the BSD License which
>>> accompanies this distribution. The full text of the license may be found at
>>> @@ -71,14 +73,14 @@ Split2MPageTo4K (
>>> //
>>> // Fill in 2M page entry.
>>> //
>>> - *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P |
>>> IA32_PG_RW;
>>> + *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64
>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>>
>>> PhysicalAddress4K = PhysicalAddress;
>>> for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512;
>>> IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=
>>> SIZE_4KB) {
>>> //
>>> // Fill in the Page Table entries
>>> //
>>> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
>>> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | PcdGet64
>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>> PageTableEntry->Bits.ReadWrite = 1;
>>> PageTableEntry->Bits.Present = 1;
>>> if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K < StackBase +
>>> StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M (
>>> //
>>> // Fill in 1G page entry.
>>> //
>>> - *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P |
>>> IA32_PG_RW;
>>> + *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64
>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>>
>>> PhysicalAddress2M = PhysicalAddress;
>>> for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512;
>>> IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M
>>> += SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M (
>>> //
>>> // Fill in the Page Directory entries
>>> //
>>> - PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
>>> + PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M |
>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>> PageDirectoryEntry->Bits.Present = 1;
>>> PageDirectoryEntry->Bits.MustBe1 = 1; @@ -248,7 +250,7 @@
>>> CreateIdentityMappingPageTables (
>>> //
>>> // Make a PML4 Entry
>>> //
>>> - PageMapLevel4Entry->Uint64 =
>>> (UINT64)(UINTN)PageDirectoryPointerEntry;
>>> + PageMapLevel4Entry->Uint64 =
>>> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64
>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>> PageMapLevel4Entry->Bits.ReadWrite = 1;
>>> PageMapLevel4Entry->Bits.Present = 1;
>>>
>>> @@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
>>> //
>>> // Fill in the Page Directory entries
>>> //
>>> - PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
>>> + PageDirectory1GEntry->Uint64 = (UINT64)PageAddress | PcdGet64
>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>> PageDirectory1GEntry->Bits.ReadWrite = 1;
>>> PageDirectory1GEntry->Bits.Present = 1;
>>> PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -280,7 +282,7 @@
>>> CreateIdentityMappingPageTables (
>>> //
>>> // Fill in a Page Directory Pointer Entries
>>> //
>>> - PageDirectoryPointerEntry->Uint64 =
>>> (UINT64)(UINTN)PageDirectoryEntry;
>>> + PageDirectoryPointerEntry->Uint64 =
>>> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64
>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>> PageDirectoryPointerEntry->Bits.ReadWrite = 1;
>>> PageDirectoryPointerEntry->Bits.Present = 1;
>>>
>>> @@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
>>> //
>>> // Fill in the Page Directory entries
>>> //
>>> - PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
>>> + PageDirectoryEntry->Uint64 = (UINT64)PageAddress | PcdGet64
>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>> PageDirectoryEntry->Bits.Present = 1;
>>> PageDirectoryEntry->Bits.MustBe1 = 1; diff --git
>>> a/MdeModulePkg/MdeModulePkg.dec
>>> b/MdeModulePkg/MdeModulePkg.dec index 273cd7e..207384f 100644
>>> --- a/MdeModulePkg/MdeModulePkg.dec
>>> +++ b/MdeModulePkg/MdeModulePkg.dec
>>> @@ -6,6 +6,8 @@
>>> # Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR> #
>>> Copyright (c) 2016, Linaro Ltd. All rights reserved.<BR> # (C) Copyright 2016
>>> Hewlett Packard Enterprise Development LP<BR>
>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
>>> # This program and the accompanying materials are licensed and made
>>> available under # the terms and conditions of the BSD License that
>>> accompanies this distribution.
>>> # The full text of the license may be found at @@ -1738,5 +1740,11 @@
>>> [PcdsDynamic, PcdsDynamicEx]
>>> # @Prompt If there is any test key used by the platform.
>>>
>>> gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x0
>>> 0030003
>>>
>>> + ## This dynamic PCD holds the address mask for page table entries
>>> + when memory encryption is # enabled on AMD processors supporting the
>>> Secure Encrypted Virtualization (SEV) feature.
>>> + # This mask should be applied when creating 1:1 virtual to physical
>>> mapping tables.
>>> + #
>>> +
>>> +
>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>> ask|0x0
>>> + |UINT64|0x00030004
>>> +
>>> [UserExtensions.TianoCore."ExtraFiles"]
>>> MdeModulePkgExtra.uni
>>> --
>>> 1.9.1
>>>
>>> _______________________________________________
>>> edk2-devel mailing list
>>> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>
> <mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>> <mailto:edk2-devel@lists.01.org>
>>> https://lists.01.org/mailman/listinfo/edk2-devel
>>
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> <mailto:edk2-devel@lists.01.org>
> https://lists.01.org/mailman/listinfo/edk2-devel
>
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-08 17:29 ` Yao, Jiewen
@ 2017-02-08 18:30 ` Duran, Leo
2017-02-08 18:33 ` Yao, Jiewen
0 siblings, 1 reply; 33+ messages in thread
From: Duran, Leo @ 2017-02-08 18:30 UTC (permalink / raw)
To: 'Yao, Jiewen', Gao, Liming, edk2-devel@ml01.01.org
Cc: Singh, Brijesh, Tian, Feng, Laszlo Ersek, Zeng, Star
[Jiewen] The IA32 capsule code creates X64 page tables, then switch to X64.
So the page table is for X64. Would you please double check if this PCD is needed?
Regarding: MedModelePkg/Universal/CapsulePei/UefiCapsule.c
Create4GPageTables() explicitly sets PhysicalAddressBits = 32;
So it seems like the address space is restricted to 4GB's even after switching to LongMode.
However, to your point, SEV just requires LongMode... so I'll make the change.
Leo.
From: Yao, Jiewen [mailto:jiewen.yao@intel.com]
Sent: Wednesday, February 08, 2017 11:30 AM
To: Duran, Leo <leo.duran@amd.com>; Gao, Liming <liming.gao@intel.com>; edk2-devel@ml01.01.org
Cc: Singh, Brijesh <brijesh.singh@amd.com>; Tian, Feng <feng.tian@intel.com>; Laszlo Ersek <lersek@redhat.com>; Zeng, Star <star.zeng@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
Comments below:
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Duran, Leo
Sent: Wednesday, February 8, 2017 9:12 AM
To: Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org>
Cc: Singh, Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>; Tian, Feng <feng.tian@intel.com<mailto:feng.tian@intel.com>>; Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com>>
Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
Please see replies below.
Thanks,
Leo
> -----Original Message-----
> From: Gao, Liming [mailto:liming.gao@intel.com]
> Sent: Wednesday, February 08, 2017 9:19 AM
> To: Duran, Leo <leo.duran@amd.com<mailto:leo.duran@amd.com>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org>
> Cc: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com<mailto:feng.tian@intel.com>>;
> Singh, Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com>>
> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
> Leo:
> MdeModulePkg CapsulePei and UefiCpuPkg S3Resume2 also create
> PageTable to run X64 code. Do they require this change?
>
> Thanks
> Liming
[Duran, Leo]
1) MedModelePkg/Universal/CapsulePei:
Does not seem applicable for MDE_XPU_X64 compile-time option, which is required for SEV.
- ModeSwitch() calls Thunk32To64(), which in turn may call Create4GPageTables()
- However, ModeSwitch() is called only under #ifdef MDE_CPU_IA32
[Jiewen] The IA32 capsule code creates X64 page tables, then switch to X64.
So the page table is for X64. Would you please double check if this PCD is needed?
2) UefiCpuPkg/Universal/Acpi/S3Resume2Pei:
Agreed. Will incorporate changes in 'v2' of the patch.
> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> Leo Duran
> Sent: Wednesday, February 8, 2017 3:54 AM
> To: edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org>
> Cc: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com<mailto:feng.tian@intel.com>>;
> Brijesh Singh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com>>;
> Leo Duran <leo.duran@amd.com<mailto:leo.duran@amd.com>>
> Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
> From: Brijesh Singh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>
>
> This dynamic PCD holds the address mask for page table entries when
> memory encryption is enabled on AMD processors supporting the Secure
> Encrypted Virtualization (SEV) feature.
>
> Cc: Feng Tian <feng.tian@intel.com<mailto:feng.tian@intel.com>>
> Cc: Star Zeng <star.zeng@intel.com<mailto:star.zeng@intel.com>>
> Cc: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Leo Duran <leo.duran@amd.com<mailto:leo.duran@amd.com>>
> ---
> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18 ++++++++++--
> ------
> MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
> 3 files changed, 22 insertions(+), 9 deletions(-)
>
> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> index 2bc41be..d62bd9b 100644
> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> @@ -6,6 +6,8 @@
> # needed to run the DXE Foundation.
> #
> # Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
> # This program and the accompanying materials # are licensed and made
> available under the terms and conditions of the BSD License # which
> accompanies this distribution. The full text of the license may be found at
> @@ -111,7 +113,8 @@ [FeaturePcd]
> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ##
> CONSUMES
>
> [Pcd.IA32,Pcd.X64]
> - gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
> SOMETIMES_CONSUMES
> + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
> SOMETIMES_CONSUMES
> +
> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
> ask ## CONSUMES
>
> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ##
> SOMETIMES_CONSUMES
> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> index 790f6ab..2c52389 100644
> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> @@ -16,6 +16,8 @@
> 3) IA-32 Intel(R) Architecture Software Developer's Manual Volume
> 3:System Programmer's Guide, Intel
>
> Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
> +
> This program and the accompanying materials are licensed and made
> available under the terms and conditions of the BSD License which
> accompanies this distribution. The full text of the license may be found at
> @@ -71,14 +73,14 @@ Split2MPageTo4K (
> //
> // Fill in 2M page entry.
> //
> - *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P |
> IA32_PG_RW;
> + *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>
> PhysicalAddress4K = PhysicalAddress;
> for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512;
> IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=
> SIZE_4KB) {
> //
> // Fill in the Page Table entries
> //
> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageTableEntry->Bits.ReadWrite = 1;
> PageTableEntry->Bits.Present = 1;
> if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K < StackBase +
> StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M (
> //
> // Fill in 1G page entry.
> //
> - *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P |
> IA32_PG_RW;
> + *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>
> PhysicalAddress2M = PhysicalAddress;
> for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512;
> IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M
> += SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M (
> //
> // Fill in the Page Directory entries
> //
> - PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
> + PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M |
> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
> PageDirectoryEntry->Bits.ReadWrite = 1;
> PageDirectoryEntry->Bits.Present = 1;
> PageDirectoryEntry->Bits.MustBe1 = 1; @@ -248,7 +250,7 @@
> CreateIdentityMappingPageTables (
> //
> // Make a PML4 Entry
> //
> - PageMapLevel4Entry->Uint64 =
> (UINT64)(UINTN)PageDirectoryPointerEntry;
> + PageMapLevel4Entry->Uint64 =
> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageMapLevel4Entry->Bits.ReadWrite = 1;
> PageMapLevel4Entry->Bits.Present = 1;
>
> @@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
> //
> // Fill in the Page Directory entries
> //
> - PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
> + PageDirectory1GEntry->Uint64 = (UINT64)PageAddress | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageDirectory1GEntry->Bits.ReadWrite = 1;
> PageDirectory1GEntry->Bits.Present = 1;
> PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -280,7 +282,7 @@
> CreateIdentityMappingPageTables (
> //
> // Fill in a Page Directory Pointer Entries
> //
> - PageDirectoryPointerEntry->Uint64 =
> (UINT64)(UINTN)PageDirectoryEntry;
> + PageDirectoryPointerEntry->Uint64 =
> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageDirectoryPointerEntry->Bits.ReadWrite = 1;
> PageDirectoryPointerEntry->Bits.Present = 1;
>
> @@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
> //
> // Fill in the Page Directory entries
> //
> - PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
> + PageDirectoryEntry->Uint64 = (UINT64)PageAddress | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageDirectoryEntry->Bits.ReadWrite = 1;
> PageDirectoryEntry->Bits.Present = 1;
> PageDirectoryEntry->Bits.MustBe1 = 1; diff --git
> a/MdeModulePkg/MdeModulePkg.dec
> b/MdeModulePkg/MdeModulePkg.dec index 273cd7e..207384f 100644
> --- a/MdeModulePkg/MdeModulePkg.dec
> +++ b/MdeModulePkg/MdeModulePkg.dec
> @@ -6,6 +6,8 @@
> # Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR> #
> Copyright (c) 2016, Linaro Ltd. All rights reserved.<BR> # (C) Copyright 2016
> Hewlett Packard Enterprise Development LP<BR>
> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
> # This program and the accompanying materials are licensed and made
> available under # the terms and conditions of the BSD License that
> accompanies this distribution.
> # The full text of the license may be found at @@ -1738,5 +1740,11 @@
> [PcdsDynamic, PcdsDynamicEx]
> # @Prompt If there is any test key used by the platform.
>
> gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x0
> 0030003
>
> + ## This dynamic PCD holds the address mask for page table entries
> + when memory encryption is # enabled on AMD processors supporting the
> Secure Encrypted Virtualization (SEV) feature.
> + # This mask should be applied when creating 1:1 virtual to physical
> mapping tables.
> + #
> +
> +
> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
> ask|0x0
> + |UINT64|0x00030004
> +
> [UserExtensions.TianoCore."ExtraFiles"]
> MdeModulePkgExtra.uni
> --
> 1.9.1
>
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
> https://lists.01.org/mailman/listinfo/edk2-devel
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
https://lists.01.org/mailman/listinfo/edk2-devel
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-08 18:30 ` Duran, Leo
@ 2017-02-08 18:33 ` Yao, Jiewen
0 siblings, 0 replies; 33+ messages in thread
From: Yao, Jiewen @ 2017-02-08 18:33 UTC (permalink / raw)
To: Duran, Leo, Gao, Liming, edk2-devel@ml01.01.org
Cc: Laszlo Ersek, Tian, Feng, Singh, Brijesh, Zeng, Star
Comments below:
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Duran, Leo
Sent: Wednesday, February 8, 2017 10:31 AM
To: Yao, Jiewen <jiewen.yao@intel.com>; Gao, Liming <liming.gao@intel.com>; edk2-devel@ml01.01.org
Cc: Laszlo Ersek <lersek@redhat.com>; Tian, Feng <feng.tian@intel.com>; Singh, Brijesh <brijesh.singh@amd.com>; Zeng, Star <star.zeng@intel.com>
Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
[Jiewen] The IA32 capsule code creates X64 page tables, then switch to X64.
So the page table is for X64. Would you please double check if this PCD is needed?
Regarding: MedModelePkg/Universal/CapsulePei/UefiCapsule.c
Create4GPageTables() explicitly sets PhysicalAddressBits = 32;
So it seems like the address space is restricted to 4GB's even after switching to LongMode.
[Jiewen] We use page fault to handler above 4GiB access. :)
However, to your point, SEV just requires LongMode... so I'll make the change.
[Jiewen] Thank you.
Leo.
From: Yao, Jiewen [mailto:jiewen.yao@intel.com]
Sent: Wednesday, February 08, 2017 11:30 AM
To: Duran, Leo <leo.duran@amd.com<mailto:leo.duran@amd.com>>; Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org>
Cc: Singh, Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>; Tian, Feng <feng.tian@intel.com<mailto:feng.tian@intel.com>>; Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com>>; Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
Comments below:
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Duran, Leo
Sent: Wednesday, February 8, 2017 9:12 AM
To: Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com<mailto:liming.gao@intel.com%3cmailto:liming.gao@intel.com>>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
Cc: Singh, Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com<mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com>>>; Tian, Feng <feng.tian@intel.com<mailto:feng.tian@intel.com<mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com>>>; Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com<mailto:lersek@redhat.com%3cmailto:lersek@redhat.com>>>; Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com<mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com>>>
Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
Please see replies below.
Thanks,
Leo
> -----Original Message-----
> From: Gao, Liming [mailto:liming.gao@intel.com]
> Sent: Wednesday, February 08, 2017 9:19 AM
> To: Duran, Leo <leo.duran@amd.com<mailto:leo.duran@amd.com<mailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com>>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
> Cc: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com<mailto:lersek@redhat.com%3cmailto:lersek@redhat.com>>>; Tian, Feng <feng.tian@intel.com<mailto:feng.tian@intel.com<mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com>>>;
> Singh, Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com<mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com>>>; Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com<mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com>>>
> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
> Leo:
> MdeModulePkg CapsulePei and UefiCpuPkg S3Resume2 also create
> PageTable to run X64 code. Do they require this change?
>
> Thanks
> Liming
[Duran, Leo]
1) MedModelePkg/Universal/CapsulePei:
Does not seem applicable for MDE_XPU_X64 compile-time option, which is required for SEV.
- ModeSwitch() calls Thunk32To64(), which in turn may call Create4GPageTables()
- However, ModeSwitch() is called only under #ifdef MDE_CPU_IA32
[Jiewen] The IA32 capsule code creates X64 page tables, then switch to X64.
So the page table is for X64. Would you please double check if this PCD is needed?
2) UefiCpuPkg/Universal/Acpi/S3Resume2Pei:
Agreed. Will incorporate changes in 'v2' of the patch.
> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> Leo Duran
> Sent: Wednesday, February 8, 2017 3:54 AM
> To: edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
> Cc: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com<mailto:lersek@redhat.com%3cmailto:lersek@redhat.com>>>; Tian, Feng <feng.tian@intel.com<mailto:feng.tian@intel.com<mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com>>>;
> Brijesh Singh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com<mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com>>>; Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com<mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com>>>;
> Leo Duran <leo.duran@amd.com<mailto:leo.duran@amd.com<mailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com>>>
> Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
> From: Brijesh Singh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com<mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com>>>
>
> This dynamic PCD holds the address mask for page table entries when
> memory encryption is enabled on AMD processors supporting the Secure
> Encrypted Virtualization (SEV) feature.
>
> Cc: Feng Tian <feng.tian@intel.com<mailto:feng.tian@intel.com<mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com>>>
> Cc: Star Zeng <star.zeng@intel.com<mailto:star.zeng@intel.com<mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com>>>
> Cc: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com<mailto:lersek@redhat.com%3cmailto:lersek@redhat.com>>>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Leo Duran <leo.duran@amd.com<mailto:leo.duran@amd.com<mailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com>>>
> ---
> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18 ++++++++++--
> ------
> MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
> 3 files changed, 22 insertions(+), 9 deletions(-)
>
> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> index 2bc41be..d62bd9b 100644
> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> @@ -6,6 +6,8 @@
> # needed to run the DXE Foundation.
> #
> # Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
> # This program and the accompanying materials # are licensed and made
> available under the terms and conditions of the BSD License # which
> accompanies this distribution. The full text of the license may be found at
> @@ -111,7 +113,8 @@ [FeaturePcd]
> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ##
> CONSUMES
>
> [Pcd.IA32,Pcd.X64]
> - gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
> SOMETIMES_CONSUMES
> + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
> SOMETIMES_CONSUMES
> +
> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
> ask ## CONSUMES
>
> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ##
> SOMETIMES_CONSUMES
> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> index 790f6ab..2c52389 100644
> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> @@ -16,6 +16,8 @@
> 3) IA-32 Intel(R) Architecture Software Developer's Manual Volume
> 3:System Programmer's Guide, Intel
>
> Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
> +
> This program and the accompanying materials are licensed and made
> available under the terms and conditions of the BSD License which
> accompanies this distribution. The full text of the license may be found at
> @@ -71,14 +73,14 @@ Split2MPageTo4K (
> //
> // Fill in 2M page entry.
> //
> - *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P |
> IA32_PG_RW;
> + *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>
> PhysicalAddress4K = PhysicalAddress;
> for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512;
> IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=
> SIZE_4KB) {
> //
> // Fill in the Page Table entries
> //
> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageTableEntry->Bits.ReadWrite = 1;
> PageTableEntry->Bits.Present = 1;
> if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K < StackBase +
> StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M (
> //
> // Fill in 1G page entry.
> //
> - *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P |
> IA32_PG_RW;
> + *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>
> PhysicalAddress2M = PhysicalAddress;
> for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512;
> IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M
> += SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M (
> //
> // Fill in the Page Directory entries
> //
> - PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
> + PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M |
> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
> PageDirectoryEntry->Bits.ReadWrite = 1;
> PageDirectoryEntry->Bits.Present = 1;
> PageDirectoryEntry->Bits.MustBe1 = 1; @@ -248,7 +250,7 @@
> CreateIdentityMappingPageTables (
> //
> // Make a PML4 Entry
> //
> - PageMapLevel4Entry->Uint64 =
> (UINT64)(UINTN)PageDirectoryPointerEntry;
> + PageMapLevel4Entry->Uint64 =
> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageMapLevel4Entry->Bits.ReadWrite = 1;
> PageMapLevel4Entry->Bits.Present = 1;
>
> @@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
> //
> // Fill in the Page Directory entries
> //
> - PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
> + PageDirectory1GEntry->Uint64 = (UINT64)PageAddress | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageDirectory1GEntry->Bits.ReadWrite = 1;
> PageDirectory1GEntry->Bits.Present = 1;
> PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -280,7 +282,7 @@
> CreateIdentityMappingPageTables (
> //
> // Fill in a Page Directory Pointer Entries
> //
> - PageDirectoryPointerEntry->Uint64 =
> (UINT64)(UINTN)PageDirectoryEntry;
> + PageDirectoryPointerEntry->Uint64 =
> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageDirectoryPointerEntry->Bits.ReadWrite = 1;
> PageDirectoryPointerEntry->Bits.Present = 1;
>
> @@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
> //
> // Fill in the Page Directory entries
> //
> - PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
> + PageDirectoryEntry->Uint64 = (UINT64)PageAddress | PcdGet64
> + (PcdPteMemoryEncryptionAddressOrMask);
> PageDirectoryEntry->Bits.ReadWrite = 1;
> PageDirectoryEntry->Bits.Present = 1;
> PageDirectoryEntry->Bits.MustBe1 = 1; diff --git
> a/MdeModulePkg/MdeModulePkg.dec
> b/MdeModulePkg/MdeModulePkg.dec index 273cd7e..207384f 100644
> --- a/MdeModulePkg/MdeModulePkg.dec
> +++ b/MdeModulePkg/MdeModulePkg.dec
> @@ -6,6 +6,8 @@
> # Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR> #
> Copyright (c) 2016, Linaro Ltd. All rights reserved.<BR> # (C) Copyright 2016
> Hewlett Packard Enterprise Development LP<BR>
> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
> # This program and the accompanying materials are licensed and made
> available under # the terms and conditions of the BSD License that
> accompanies this distribution.
> # The full text of the license may be found at @@ -1738,5 +1740,11 @@
> [PcdsDynamic, PcdsDynamicEx]
> # @Prompt If there is any test key used by the platform.
>
> gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x0
> 0030003
>
> + ## This dynamic PCD holds the address mask for page table entries
> + when memory encryption is # enabled on AMD processors supporting the
> Secure Encrypted Virtualization (SEV) feature.
> + # This mask should be applied when creating 1:1 virtual to physical
> mapping tables.
> + #
> +
> +
> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
> ask|0x0
> + |UINT64|0x00030004
> +
> [UserExtensions.TianoCore."ExtraFiles"]
> MdeModulePkgExtra.uni
> --
> 1.9.1
>
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>>
> https://lists.01.org/mailman/listinfo/edk2-devel
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>>
https://lists.01.org/mailman/listinfo/edk2-devel
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
https://lists.01.org/mailman/listinfo/edk2-devel
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-08 18:13 ` Yao, Jiewen
@ 2017-02-08 18:36 ` Laszlo Ersek
0 siblings, 0 replies; 33+ messages in thread
From: Laszlo Ersek @ 2017-02-08 18:36 UTC (permalink / raw)
To: Yao, Jiewen, Duran, Leo, Zeng, Star, edk2-devel@ml01.01.org
Cc: Tian, Feng, Singh, Brijesh
On 02/08/17 19:13, Yao, Jiewen wrote:
> I think X64 DXEIPL **may** create page table for X64 DXE. It is
> controlled by PcdDxeIplBuildPageTables.
>
>
>
> if(FeaturePcdGet (PcdDxeIplBuildPageTables)) {
>
> //
>
> // Create page table and save PageMapLevel4 to CR3
>
> //
>
> PageTables = CreateIdentityMappingPageTables ((EFI_PHYSICAL_ADDRESS)
> (UINTN) BaseOfStack, STACK_SIZE);
That's a good find:
## Indicates if DxeIpl should rebuild page tables. This flag only
# makes sense in the case where the DxeIpl and the DxeCore are both X64.<BR><BR>
# TRUE - DxeIpl will rebuild page tables.<BR>
# FALSE - DxeIpl will not rebuild page tables.<BR>
# @Prompt DxeIpl rebuild page tables.
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplBuildPageTables|TRUE|BOOLEAN|0x0001003c
OVMF (all three platforms) inherit the DEC default without change.
For more confirmation, there's also:
## Indicates if to set NX for stack.<BR><BR>
# For the DxeIpl and the DxeCore are both X64, set NX for stack feature also require PcdDxeIplBuildPageTables be TRUE.<BR>
# For the DxeIpl and the DxeCore are both IA32 (PcdDxeIplSwitchToLongMode is FALSE), set NX for stack feature also require
# IA32 PAE is supported and Execute Disable Bit is available.<BR>
# TRUE - to set NX for stack.<BR>
# FALSE - Not to set NX for stack.<BR>
# @Prompt Set NX for stack.
gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE|BOOLEAN|0x0001006f
And in OVMF, all three platforms support NX-for-stack. It can be controlled dynamically, from the QEMU command line. We used to enable it by default, but it caused some old UEFI boot loaders to crash (because they were executing code from the stack), so we flipped it off, and exposed it on the QEMU command line.
901c58c59412 MdeModulePkg: PcdSetNxForStack: enable dynamism
d26753f8358c OvmfPkg: make PcdSetNxForStack dynamic
c075d250f6f2 OvmfPkg: make PcdPropertiesTableEnable dynamic
ab081a50e565 OvmfPkg: PlatformPei: take no-exec DXE settings from the QEMU command line
d20b06a3afdf OvmfPkg: disable no-exec DXE stack by default
Either way, the point is that OVMF X64 keeps PcdDxeIplBuildPageTables=TRUE.
Thank you!
Laszlo
>
>
>
> Thank you
>
> Yao Jiewen
>
>
>
>
>
> *From:*Laszlo Ersek [mailto:lersek@redhat.com]
> *Sent:* Wednesday, February 8, 2017 9:56 AM
> *To:* Duran, Leo <leo.duran@amd.com>; Yao, Jiewen
> <jiewen.yao@intel.com>; Zeng, Star <star.zeng@intel.com>;
> edk2-devel@ml01.01.org
> *Cc:* Tian, Feng <feng.tian@intel.com>; Singh, Brijesh
> <brijesh.singh@amd.com>
> *Subject:* Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
>
>
> On 02/08/17 18:28, Duran, Leo wrote:
>> Lazlo, et al,
>> Please see reply below.
>> Lleo
>>
>>> -----Original Message-----
>>> From: Laszlo Ersek [mailto:lersek@redhat.com]
>>> Sent: Wednesday, February 08, 2017 11:11 AM
>>> To: Yao, Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com>>; Duran, Leo
>>> <leo.duran@amd.com
> <mailto:leo.duran@amd.com>>; Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com>>; edk2-
>>> devel@ml01.01.org <mailto:devel@ml01.01.org>
>>> Cc: Tian, Feng <feng.tian@intel.com <mailto:feng.tian@intel.com>>; Singh, Brijesh
>>> <brijesh.singh@amd.com <mailto:brijesh.singh@amd.com>>
>>> Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>> PcdPteMemoryEncryptionAddressOrMask
>>>
>>> On 02/08/17 18:05, Yao, Jiewen wrote:
>>>> HI Leo
>>>>
>>>> Thanks to clarify that.
>>>>
>>>>
>>>>
>>>> If that is the case, do you think it will be better to limit this PCD
>>>> to
>>>> X64 only in DEC file. Such as [PcdsDynamic.X64, PcdsDynamicEx.X64]
>>>
>>> Not sure if this is the best place to raise the following observation, but it
>>> should do:
>>>
>>> please everyone remember that PcdDxeIplSwitchToLongMode is only TRUE
>>> if PEI is 32-bit and DXE is 64-bit. It is FALSE in *two* cases:
>>> - both PEI and DXE are 32-bit, and
>>> - both PEI and DXE are 64-bit.
>>>
>>> This doesn't necessarily invalidate anything said thus fair in the thread, but
>>> the following statement from Leo:
>>>
>>> The SEV feature requires 64-bit LongMode, so the
>>> PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time
>>>
>>> does not follow. The PCD is FALSE in OvmfPkgX64.dsc.
>> [Duran, Leo]
>> Good points... I should have provided more context.
>> 1) I had referred the "PEI is 32-bit and DXE is 64-bit."
>> 2) If both PEI and DXE are 64-bit, then you would be executing the X64 of HandOffToDxe(), which does *not* call Create4GPageTables().
>>
>> That is, Create4GPageTables() only gets called in the "PEI is 32-bit" case.
>
> Right. Now that you mention the function name HandOffToDxe(), I'm pretty
> sure that I've looked at this several times in the past, I just couldn't
> / can't recall it now, without looking.
>
> My goal was to ensure that all cases would be considered. Looks like
> they have been. :) It would be nice if both the Ia32X64 and the X64 OVMF
> platforms could work under SEV.
>
> Thanks!
> Laszlo
>
>
>
>
>>
>>>
>>> Thanks,
>>> Laszlo
>>>
>>>>
>>>>
>>>>
>>>> Thank you
>>>>
>>>> Yao Jiewen
>>>>
>>>>
>>>>
>>>> *From:*Duran, Leo [mailto:leo.duran@amd.com]
>>>> *Sent:* Wednesday, February 8, 2017 9:00 AM
>>>> *To:* Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com>>; edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org>
>>>> *Cc:* Laszlo Ersek <lersek@redhat.com <mailto:lersek@redhat.com>>; Tian, Feng
>>>> <feng.tian@intel.com
> <mailto:feng.tian@intel.com>>; Singh, Brijesh <brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com>>; Yao,
>>>> Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com>>
>>>> *Subject:* RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>
>>>>
>>>>
>>>> Pease see reply below.
>>>> Leo
>>>>
>>>>> -----Original Message-----
>>>>> From: Zeng, Star [mailto:star.zeng@intel.com]
>>>>> Sent: Tuesday, February 07, 2017 8:27 PM
>>>>> To: Duran, Leo <leo.duran@amd.com <mailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com>>>;
>>>>> edk2-devel@ml01.01.org <mailto:edk2-devel@ml01.01.org>
>>>> <mailto:edk2-devel@ml01.01.org>
>>>>> Cc: Laszlo Ersek <lersek@redhat.com
> <mailto:lersek@redhat.com%0b>>>> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
> <mailto:feng.tian@intel.com%0b>>>> <mailto:feng.tian@intel.com>>;
>>>>> Singh, Brijesh <brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com%0b>>>> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com%0b>>>> <mailto:star.zeng@intel.com>>;
>>>>> Yao, Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com
> <mailto:jiewen.yao@intel.com %3cmailto:jiewen.yao@intel.com>>>
>>>>> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>>
>>>>> Does Create4GPageTablesIa32Pae() also need to be updated?
>>>>>
>>>>> Thanks,
>>>>> Star
>>>> [Duran, Leo]
>>>> Hi Star,
>>>> No, I do not think Create4GPageTablesIa32Pae() is in the execution path.
>>>>
>>>> The SEV feature requires 64-bit LongMode, so the
>>>> PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time, in which
>>> case Create4GPageTablesIa32Pae() would *not* be called by
>>> HandOffToDxeCore().
>>>>
>>>>> -----Original Message-----
>>>>> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf
>>>>> Of Leo Duran
>>>>> Sent: Wednesday, February 8, 2017 3:54 AM
>>>>> To: edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org> <mailto:edk2-devel@ml01.01.org>
>>>>> Cc: Laszlo Ersek <lersek@redhat.com
> <mailto:lersek@redhat.com%0b>>>> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
> <mailto:feng.tian@intel.com%0b>>>> <mailto:feng.tian@intel.com>>;
>>>>> Brijesh Singh <brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com%0b>>>> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com%0b>>>> <mailto:star.zeng@intel.com>>;
>>>>> Leo Duran <leo.duran@amd.com <mailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com>>>
>>>>> Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>>
>>>>> From: Brijesh Singh <brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com%0b>>>>> <mailto:brijesh.singh@amd.com>>
>>>>>
>>>>> This dynamic PCD holds the address mask for page table entries when
>>>>> memory encryption is enabled on AMD processors supporting the Secure
>>>>> Encrypted Virtualization (SEV) feature.
>>>>>
>>>>> Cc: Feng Tian <feng.tian@intel.com <mailto:feng.tian@intel.com
> <mailto:feng.tian@intel.com %3cmailto:feng.tian@intel.com>>>
>>>>> Cc: Star Zeng <star.zeng@intel.com <mailto:star.zeng@intel.com
> <mailto:star.zeng@intel.com %3cmailto:star.zeng@intel.com>>>
>>>>> Cc: Laszlo Ersek <lersek@redhat.com <mailto:lersek@redhat.com
> <mailto:lersek@redhat.com %3cmailto:lersek@redhat.com>>>
>>>>> Contributed-under: TianoCore Contribution Agreement 1.0
>>>>> Signed-off-by: Leo Duran <leo.duran@amd.com
> <mailto:leo.duran@amd.com%0b>>>>> <mailto:leo.duran@amd.com>>
>>>>> ---
>>>>> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
>>>>> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18
>>> ++++++++++--
>>>>> ------
>>>>> MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
>>>>> 3 files changed, 22 insertions(+), 9 deletions(-)
>>>>>
>>>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>>> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>>> index 2bc41be..d62bd9b 100644
>>>>> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>>> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>>> @@ -6,6 +6,8 @@
>>>>> # needed to run the DXE Foundation.
>>>>> #
>>>>> # Copyright (c) 2006 - 2016, Intel Corporation. All rights
>>>>> reserved.<BR>
>>>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
>>>>> # This program and the accompanying materials # are licensed and
>>>>> made available under the terms and conditions of the BSD License #
>>>>> which accompanies this distribution. The full text of the license
>>>>> may be found at @@ -111,7 +113,8 @@ [FeaturePcd]
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress
>>> ##
>>>>> CONSUMES
>>>>>
>>>>> [Pcd.IA32,Pcd.X64]
>>>>> - gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>>>> SOMETIMES_CONSUMES
>>>>> + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>>>> SOMETIMES_CONSUMES
>>>>> +
>>>>>
>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>>>> ask ## CONSUMES
>>>>>
>>>>> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ##
>>>>> SOMETIMES_CONSUMES
>>>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>>> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>>> index 790f6ab..2c52389 100644
>>>>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>>> @@ -16,6 +16,8 @@
>>>>> 3) IA-32 Intel(R) Architecture Software Developer's Manual
>>>>> Volume 3:System Programmer's Guide, Intel
>>>>>
>>>>> Copyright (c) 2006 - 2016, Intel Corporation. All rights
>>>>> reserved.<BR>
>>>>> +Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>>>>> +
>>>>> This program and the accompanying materials are licensed and made
>>>>> available under the terms and conditions of the BSD License which
>>>>> accompanies this distribution. The full text of the license may be
>>>>> found at @@ -71,14 +73,14 @@ Split2MPageTo4K (
>>>>> //
>>>>> // Fill in 2M page entry.
>>>>> //
>>>>> - *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P |
>>>>> IA32_PG_RW;
>>>>> + *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64
>>>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P |
>>> IA32_PG_RW;
>>>>>
>>>>> PhysicalAddress4K = PhysicalAddress;
>>>>> for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512;
>>>>> IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=
>>>>> SIZE_4KB) {
>>>>> //
>>>>> // Fill in the Page Table entries
>>>>> //
>>>>> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
>>>>> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | PcdGet64
>>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageTableEntry->Bits.ReadWrite = 1;
>>>>> PageTableEntry->Bits.Present = 1;
>>>>> if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K <
>>>>> StackBase +
>>>>> StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M (
>>>>> //
>>>>> // Fill in 1G page entry.
>>>>> //
>>>>> - *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P |
>>>>> IA32_PG_RW;
>>>>> + *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64
>>>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P |
>>> IA32_PG_RW;
>>>>>
>>>>> PhysicalAddress2M = PhysicalAddress;
>>>>> for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries
>>>>> < 512;
>>>>> IndexOfPageDirectoryEntries++, PageDirectoryEntry++,
>>>>> IndexOfPageDirectoryEntries++PhysicalAddress2M
>>>>> += SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M (
>>>>> //
>>>>> // Fill in the Page Directory entries
>>>>> //
>>>>> - PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
>>>>> + PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M |
>>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>>>> PageDirectoryEntry->Bits.Present = 1;
>>>>> PageDirectoryEntry->Bits.MustBe1 = 1; @@ -248,7 +250,7 @@
>>>>> CreateIdentityMappingPageTables (
>>>>> //
>>>>> // Make a PML4 Entry
>>>>> //
>>>>> - PageMapLevel4Entry->Uint64 =
>>>>> (UINT64)(UINTN)PageDirectoryPointerEntry;
>>>>> + PageMapLevel4Entry->Uint64 =
>>>>> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64
>>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageMapLevel4Entry->Bits.ReadWrite = 1;
>>>>> PageMapLevel4Entry->Bits.Present = 1;
>>>>>
>>>>> @@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
>>>>> //
>>>>> // Fill in the Page Directory entries
>>>>> //
>>>>> - PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
>>>>> + PageDirectory1GEntry->Uint64 = (UINT64)PageAddress |
>>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageDirectory1GEntry->Bits.ReadWrite = 1;
>>>>> PageDirectory1GEntry->Bits.Present = 1;
>>>>> PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -280,7 +282,7
>>>>> @@ CreateIdentityMappingPageTables (
>>>>> //
>>>>> // Fill in a Page Directory Pointer Entries
>>>>> //
>>>>> - PageDirectoryPointerEntry->Uint64 =
>>>>> (UINT64)(UINTN)PageDirectoryEntry;
>>>>> + PageDirectoryPointerEntry->Uint64 =
>>>>> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64
>>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageDirectoryPointerEntry->Bits.ReadWrite = 1;
>>>>> PageDirectoryPointerEntry->Bits.Present = 1;
>>>>>
>>>>> @@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
>>>>> //
>>>>> // Fill in the Page Directory entries
>>>>> //
>>>>> - PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
>>>>> + PageDirectoryEntry->Uint64 = (UINT64)PageAddress |
>>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>>>> PageDirectoryEntry->Bits.Present = 1;
>>>>> PageDirectoryEntry->Bits.MustBe1 = 1; diff --git
>>>>> a/MdeModulePkg/MdeModulePkg.dec
>>> b/MdeModulePkg/MdeModulePkg.dec index
>>>>> 273cd7e..207384f 100644
>>>>> --- a/MdeModulePkg/MdeModulePkg.dec
>>>>> +++ b/MdeModulePkg/MdeModulePkg.dec
>>>>> @@ -6,6 +6,8 @@
>>>>> # Copyright (c) 2007 - 2017, Intel Corporation. All rights
>>>>> reserved.<BR> # Copyright (c) 2016, Linaro Ltd. All rights
>>>>> reserved.<BR> # (C) Copyright 2016 Hewlett Packard Enterprise
>>>>> Development LP<BR>
>>>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
>>>>> # This program and the accompanying materials are licensed and made
>>>>> available under # the terms and conditions of the BSD License that
>>>>> accompanies this distribution.
>>>>> # The full text of the license may be found at @@ -1738,5 +1740,11
>>>>> @@ [PcdsDynamic, PcdsDynamicEx]
>>>>> # @Prompt If there is any test key used by the platform.
>>>>>
>>>>>
>>> gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x0
>>>>> 0030003
>>>>>
>>>>> + ## This dynamic PCD holds the address mask for page table entries
>>>>> + when memory encryption is # enabled on AMD processors supporting
>>>>> + the
>>>>> Secure Encrypted Virtualization (SEV) feature.
>>>>> + # This mask should be applied when creating 1:1 virtual to
>>>>> + physical
>>>>> mapping tables.
>>>>> + #
>>>>> +
>>>>> +
>>>>>
>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>>>> ask|0x0
>>>>> + |UINT64|0x00030004
>>>>> +
>>>>> [UserExtensions.TianoCore."ExtraFiles"]
>>>>> MdeModulePkgExtra.uni
>>>>> --
>>>>> 1.9.1
>>>>>
>>>>> _______________________________________________
>>>>> edk2-devel mailing list
>>>>> edk2-devel@lists.01.org
> <mailto:edk2-devel@lists.01.org> <mailto:edk2-devel@lists.01.org>
>>>>> https://lists.01.org/mailman/listinfo/edk2-devel
>>>>
>>
>
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-08 18:20 ` Yao, Jiewen
@ 2017-02-08 19:47 ` Laszlo Ersek
2017-02-09 5:12 ` Zeng, Star
0 siblings, 1 reply; 33+ messages in thread
From: Laszlo Ersek @ 2017-02-08 19:47 UTC (permalink / raw)
To: Yao, Jiewen, Duran, Leo, Zeng, Star, edk2-devel@ml01.01.org
Cc: Tian, Feng, Singh, Brijesh, Justen, Jordan L
On 02/08/17 19:20, Yao, Jiewen wrote:
> Got it.
>
>
>
> If the means of PcdDxeIplSwitchtoLongMode is unclear, we may add more
> description to make it clear.
>
>
>
> If we believe “PcdDxeIplSwitchtoLongMode == DXE is Long mode” as final
> conclusion, can we treat that as a bug and fix OVMF X64?
I don't know how to "fix" that. What is there to fix?
Flipping the PCD to TRUE in OVMF X64 would break OVMF X64, and likely OVMF Ia32X64 too. For two reasons:
(1) Toggling the PCD would alter the behavior of the DXE IPL PEIM and/or the DXE Core, and that behavior has never ever been tested with OVMF X64.
The PcdDxeIplSwitchToLongMode=FALSE setting in the X64 DSC dates back to:
commit 8fa729a8b1401f01c6fd8ddbcab45e4a4904fa9a
Author: lgao4 <lgao4@6f19259b-4bc3-4df7-8a09-765794883524>
Date: Mon Mar 15 01:40:59 2010 +0000
Merge the same type PCD section.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10243 6f19259b-4bc3-4df7-8a09-765794883524
and before that, to:
commit 49ba9447c92d6fca214476381107a180d08e59d1
Author: jljusten <jljusten@6f19259b-4bc3-4df7-8a09-765794883524>
Date: Wed May 27 21:10:18 2009 +0000
Add initial version of Open Virtual Machine Firmware (OVMF) platform.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@8398 6f19259b-4bc3-4df7-8a09-765794883524
In other words, OVMF X64 has always worked like this, since its inception.
(2) PEI code under OvmfPkg itself uses this PCD to identify a 32-bit DXE phase.
//
// If DXE is 32-bit, then we're done; PciBusDxe will degrade 64-bit MMIO
// resources to 32-bit anyway. See DegradeResource() in
// "PciResourceSupport.c".
//
#ifdef MDE_CPU_IA32
if (!FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
return FirstNonAddress;
}
#endif
and
//
// If DXE is 32-bit, then just return the traditional 64 MB cap.
//
#ifdef MDE_CPU_IA32
if (!FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
return SIZE_64MB;
}
#endif
Thanks
Laszlo
>
>
>
> Thank you
>
> Yao Jiewen
>
>
>
>
>
> *From:*Laszlo Ersek [mailto:lersek@redhat.com]
> *Sent:* Wednesday, February 8, 2017 9:52 AM
> *To:* Yao, Jiewen <jiewen.yao@intel.com>; Duran, Leo
> <leo.duran@amd.com>; Zeng, Star <star.zeng@intel.com>;
> edk2-devel@ml01.01.org
> *Cc:* Tian, Feng <feng.tian@intel.com>; Singh, Brijesh
> <brijesh.singh@amd.com>; Justen, Jordan L <jordan.l.justen@intel.com>
> *Subject:* Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
>
>
> On 02/08/17 18:27, Yao, Jiewen wrote:
>> I believe PcdDxeIplSwitchtoLongMode == DXE is Long mode.
>>
>>
>>
>> See DEC description:
>>
>> # It is assumed that 64-bit DxeCore is built in firmware if it is
>> true; otherwise 32-bit DxeCore
>>
>> # is built in firmware.<BR><BR>
>
> Unfortunately, I have no historical context or background for this PCD;
> all I can say is that the X64 OVMF platform does not set the PCD.
>
> It enters long mode, and sets up page tables for the first 4GB of RAM,
> in SEC. Then SEC decompresses the flash contents to RAM, which covers
> both PEIFV and DXEFV. PEI runs from RAM.
>
> This is possible because on QEMU/KVM, there's no need to initialize RAM,
> thus only SEC runs from flash, in-place.
>
> Perhaps Jordan can provide more insight.
>
> If Brijesh and Leo would like to run the X64 OVMF platform as a SEV
> guest too, then this should be considered, in my opinion.
>
> One more comment below:
>
>>
>>
>>
>> And the code MdeModulePkg\Universal\Acpi\S3SaveStateDxe\AcpiS3ContextSave.c:
>>
>>
>>
>> BOOLEAN
>>
>> IsLongModeWakingVectorSupport (
>>
>> IN EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE*Facs
>>
>> )
>>
>> {
>>
>> if((Facs == NULL) ||
>>
>> (Facs->Signature !=
>> EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_SIGNATURE) ) {
>>
>> //
>>
>> // Something wrong with FACS.
>>
>> //
>>
>> returnFALSE;
>>
>> }
>>
>> if((Facs->Version ==
>> EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_VERSION) &&
>>
>> ((Facs->Flags & EFI_ACPI_4_0_64BIT_WAKE_SUPPORTED_F) != 0)) {
>>
>> //
>>
>> // BIOS supports 64bit waking vector.
>>
>> //
>>
>> if(FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
>>
>> returnTRUE;
>>
>> }
>>
>> }
>>
>> returnFALSE;
>>
>> }
>
> In practice, it's okay if the OVMF X64 platform is recognized as "not
> supporting a 64-bit waking vector for S3 resume". All the 64-bit guest
> OSes that I've tested with OVMF X64 (Linux, and the Windows 7 / 8 / 10
> families, both client and server) use a real mode (16-bit) waking
> vector, in practice.
>
> ... Actually, upon reviewing the above code more carefully, we don't
> even reach the FeaturePcdGet() call: the FACS that QEMU generates (and
> OVMF downloads and installs) corresponds to ACPI 1.0, that is,
> EFI_ACPI_1_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_VERSION.
>
> Thanks
> Laszlo
>
>
>>
>>
>>
>>
>>
>> Thank you
>>
>> Yao Jiewen
>>
>>
>>
>> *From:*edk2-devel [mailto:edk2-devel-bounces@lists.01.org] *On Behalf Of
>> *Yao, Jiewen
>> *Sent:* Wednesday, February 8, 2017 9:18 AM
>> *To:* Laszlo Ersek <lersek@redhat.com
> <mailto:lersek@redhat.com>>; Duran, Leo <leo.duran@amd.com
> <mailto:leo.duran@amd.com>>;
>> Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com>>; edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org>
>> *Cc:* Tian, Feng <feng.tian@intel.com <mailto:feng.tian@intel.com>>; Singh, Brijesh
>> <brijesh.singh@amd.com <mailto:brijesh.singh@amd.com>>
>> *Subject:* Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>> PcdPteMemoryEncryptionAddressOrMask
>>
>>
>>
>> Good reminder. I take back my word.
>>
>> In this case, we need consume PcdPteMemoryEncryptionAddressOrMask in IA32 mode to build X64 paging.
>>
>> We need
>>
>> From: Laszlo Ersek [mailto:lersek@redhat.com]
>> Sent: Wednesday, February 8, 2017 9:11 AM
>> To: Yao, Jiewen <jiewen.yao@intel.com
> <mailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com>>; Duran, Leo <leo.duran@amd.com
> <mailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com>>; Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com>>; edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org>
>> <mailto:edk2-devel@ml01.01.org>
>> Cc: Tian, Feng <feng.tian@intel.com
> <mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com>>; Singh, Brijesh <brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com>>
>> Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
>>
>> On 02/08/17 18:05, Yao, Jiewen wrote:
>>> HI Leo
>>>
>>> Thanks to clarify that.
>>>
>>>
>>>
>>> If that is the case, do you think it will be better to limit this PCD to
>>> X64 only in DEC file. Such as [PcdsDynamic.X64, PcdsDynamicEx.X64]
>>
>> Not sure if this is the best place to raise the following observation,
>> but it should do:
>>
>> please everyone remember that PcdDxeIplSwitchToLongMode is only TRUE if
>> PEI is 32-bit and DXE is 64-bit. It is FALSE in *two* cases:
>> - both PEI and DXE are 32-bit, and
>> - both PEI and DXE are 64-bit.
>>
>> This doesn't necessarily invalidate anything said thus fair in the
>> thread, but the following statement from Leo:
>>
>> The SEV feature requires 64-bit LongMode, so the
>> PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time
>>
>> does not follow. The PCD is FALSE in OvmfPkgX64.dsc.
>>
>> Thanks,
>> Laszlo
>>
>>>
>>>
>>>
>>> Thank you
>>>
>>> Yao Jiewen
>>>
>>>
>>>
>>> *From:*Duran, Leo [mailto:leo.duran@amd.com]
>>> *Sent:* Wednesday, February 8, 2017 9:00 AM
>>> *To:* Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com
> <mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com>>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>>> *Cc:* Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com
> <mailto:lersek@redhat.com%3cmailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%3cmailto:lersek@redhat.com>>>; Tian, Feng
>>> <feng.tian@intel.com<mailto:feng.tian@intel.com
> <mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com>>>; Singh, Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com>>>; Yao,
>>> Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com
> <mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com>>>
>>> *Subject:* RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>> PcdPteMemoryEncryptionAddressOrMask
>>>
>>>
>>>
>>> Pease see reply below.
>>> Leo
>>>
>>>> -----Original Message-----
>>>> From: Zeng, Star [mailto:star.zeng@intel.com]
>>>> Sent: Tuesday, February 07, 2017 8:27 PM
>>>> To: Duran, Leo <leo.duran@amd.com <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com>>>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>>> <mailto:edk2-devel@ml01.01.org>
>>>> Cc: Laszlo Ersek <lersek@redhat.com
> <mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%0b
> <mailto:lersek@redhat.com%0b%0b>> <mailto:lersek@redhat.com%0b%3cmailto:lersek@redhat.com%0b>>> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
> <mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com%0b
> <mailto:feng.tian@intel.com%0b%0b>> <mailto:feng.tian@intel.com%0b%3cmailto:feng.tian@intel.com%0b>>> <mailto:feng.tian@intel.com>>;
>>>> Singh, Brijesh <brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%0b
> <mailto:brijesh.singh@amd.com%0b%0b>> <mailto:brijesh.singh@amd.com%0b%3cmailto:brijesh.singh@amd.com%0b>>> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com%0b
> <mailto:star.zeng@intel.com%0b%0b>> <mailto:star.zeng@intel.com%0b%3cmailto:star.zeng@intel.com%0b>>> <mailto:star.zeng@intel.com>>;
>>>> Yao, Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com<mailto:jiewen.yao@intel.com %3cmailto:jiewen.yao@intel.com
> <mailto:jiewen.yao@intel.com %3cmailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com %3cmailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com %3cmailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com %3cmailto:jiewen.yao@intel.com>>>>
>>>> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>
>>>> Does Create4GPageTablesIa32Pae() also need to be updated?
>>>>
>>>> Thanks,
>>>> Star
>>> [Duran, Leo]
>>> Hi Star,
>>> No, I do not think Create4GPageTablesIa32Pae() is in the execution path.
>>>
>>> The SEV feature requires 64-bit LongMode, so the PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time,
>>> in which case Create4GPageTablesIa32Pae() would *not* be called by HandOffToDxeCore().
>>>
>>>> -----Original Message-----
>>>> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
>>>> Leo Duran
>>>> Sent: Wednesday, February 8, 2017 3:54 AM
>>>> To: edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>> <mailto:edk2-devel@ml01.01.org>
>>>> Cc: Laszlo Ersek <lersek@redhat.com
> <mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%0b
> <mailto:lersek@redhat.com%0b%0b>> <mailto:lersek@redhat.com%0b%3cmailto:lersek@redhat.com%0b>>> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
> <mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com%0b
> <mailto:feng.tian@intel.com%0b%0b>> <mailto:feng.tian@intel.com%0b%3cmailto:feng.tian@intel.com%0b>>> <mailto:feng.tian@intel.com>>;
>>>> Brijesh Singh <brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%0b
> <mailto:brijesh.singh@amd.com%0b%0b>> <mailto:brijesh.singh@amd.com%0b%3cmailto:brijesh.singh@amd.com%0b>>> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com%0b
> <mailto:star.zeng@intel.com%0b%0b>> <mailto:star.zeng@intel.com%0b%3cmailto:star.zeng@intel.com%0b>>> <mailto:star.zeng@intel.com>>;
>>>> Leo Duran <leo.duran@amd.com <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com>>>>
>>>> Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>
>>>> From: Brijesh Singh <brijesh.singh@amd.com <mailto:brijesh.singh@amd.com<mailto:brijesh.singh@amd.com %3cmailto:brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com %3cmailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com %3cmailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com %3cmailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com %3cmailto:brijesh.singh@amd.com>>>>
>>>>
>>>> This dynamic PCD holds the address mask for page table entries when
>>>> memory encryption is enabled on AMD processors supporting the Secure
>>>> Encrypted Virtualization (SEV) feature.
>>>>
>>>> Cc: Feng Tian <feng.tian@intel.com <mailto:feng.tian@intel.com<mailto:feng.tian@intel.com %3cmailto:feng.tian@intel.com
> <mailto:feng.tian@intel.com %3cmailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com %3cmailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com %3cmailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com %3cmailto:feng.tian@intel.com>>>>
>>>> Cc: Star Zeng <star.zeng@intel.com <mailto:star.zeng@intel.com<mailto:star.zeng@intel.com %3cmailto:star.zeng@intel.com
> <mailto:star.zeng@intel.com %3cmailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com %3cmailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com %3cmailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com %3cmailto:star.zeng@intel.com>>>>
>>>> Cc: Laszlo Ersek <lersek@redhat.com <mailto:lersek@redhat.com<mailto:lersek@redhat.com %3cmailto:lersek@redhat.com
> <mailto:lersek@redhat.com %3cmailto:lersek@redhat.com%3cmailto:lersek@redhat.com %3cmailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com %3cmailto:lersek@redhat.com%3cmailto:lersek@redhat.com %3cmailto:lersek@redhat.com>>>>
>>>> Contributed-under: TianoCore Contribution Agreement 1.0
>>>> Signed-off-by: Leo Duran <leo.duran@amd.com <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com>>>>
>>>> ---
>>>> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
>>>> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18 ++++++++++--
>>>> ------
>>>> MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
>>>> 3 files changed, 22 insertions(+), 9 deletions(-)
>>>>
>>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>> index 2bc41be..d62bd9b 100644
>>>> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>> @@ -6,6 +6,8 @@
>>>> # needed to run the DXE Foundation.
>>>> #
>>>> # Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
>>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
>>>> # This program and the accompanying materials # are licensed and made
>>>> available under the terms and conditions of the BSD License # which
>>>> accompanies this distribution. The full text of the license may be found at
>>>> @@ -111,7 +113,8 @@ [FeaturePcd]
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ##
>>>> CONSUMES
>>>>
>>>> [Pcd.IA32,Pcd.X64]
>>>> - gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>>> SOMETIMES_CONSUMES
>>>> + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>>> SOMETIMES_CONSUMES
>>>> +
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>>> ask ## CONSUMES
>>>>
>>>> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ##
>>>> SOMETIMES_CONSUMES
>>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>> index 790f6ab..2c52389 100644
>>>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>> @@ -16,6 +16,8 @@
>>>> 3) IA-32 Intel(R) Architecture Software Developer's Manual Volume
>>>> 3:System Programmer's Guide, Intel
>>>>
>>>> Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
>>>> +Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>>>> +
>>>> This program and the accompanying materials are licensed and made
>>>> available under the terms and conditions of the BSD License which
>>>> accompanies this distribution. The full text of the license may be found at
>>>> @@ -71,14 +73,14 @@ Split2MPageTo4K (
>>>> //
>>>> // Fill in 2M page entry.
>>>> //
>>>> - *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P |
>>>> IA32_PG_RW;
>>>> + *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>>>
>>>> PhysicalAddress4K = PhysicalAddress;
>>>> for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512;
>>>> IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=
>>>> SIZE_4KB) {
>>>> //
>>>> // Fill in the Page Table entries
>>>> //
>>>> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
>>>> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageTableEntry->Bits.ReadWrite = 1;
>>>> PageTableEntry->Bits.Present = 1;
>>>> if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K < StackBase +
>>>> StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M (
>>>> //
>>>> // Fill in 1G page entry.
>>>> //
>>>> - *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P |
>>>> IA32_PG_RW;
>>>> + *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>>>
>>>> PhysicalAddress2M = PhysicalAddress;
>>>> for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512;
>>>> IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M
>>>> += SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M (
>>>> //
>>>> // Fill in the Page Directory entries
>>>> //
>>>> - PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
>>>> + PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M |
>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>>> PageDirectoryEntry->Bits.Present = 1;
>>>> PageDirectoryEntry->Bits.MustBe1 = 1; @@ -248,7 +250,7 @@
>>>> CreateIdentityMappingPageTables (
>>>> //
>>>> // Make a PML4 Entry
>>>> //
>>>> - PageMapLevel4Entry->Uint64 =
>>>> (UINT64)(UINTN)PageDirectoryPointerEntry;
>>>> + PageMapLevel4Entry->Uint64 =
>>>> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageMapLevel4Entry->Bits.ReadWrite = 1;
>>>> PageMapLevel4Entry->Bits.Present = 1;
>>>>
>>>> @@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
>>>> //
>>>> // Fill in the Page Directory entries
>>>> //
>>>> - PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
>>>> + PageDirectory1GEntry->Uint64 = (UINT64)PageAddress | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageDirectory1GEntry->Bits.ReadWrite = 1;
>>>> PageDirectory1GEntry->Bits.Present = 1;
>>>> PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -280,7 +282,7 @@
>>>> CreateIdentityMappingPageTables (
>>>> //
>>>> // Fill in a Page Directory Pointer Entries
>>>> //
>>>> - PageDirectoryPointerEntry->Uint64 =
>>>> (UINT64)(UINTN)PageDirectoryEntry;
>>>> + PageDirectoryPointerEntry->Uint64 =
>>>> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageDirectoryPointerEntry->Bits.ReadWrite = 1;
>>>> PageDirectoryPointerEntry->Bits.Present = 1;
>>>>
>>>> @@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
>>>> //
>>>> // Fill in the Page Directory entries
>>>> //
>>>> - PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
>>>> + PageDirectoryEntry->Uint64 = (UINT64)PageAddress | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>>> PageDirectoryEntry->Bits.Present = 1;
>>>> PageDirectoryEntry->Bits.MustBe1 = 1; diff --git
>>>> a/MdeModulePkg/MdeModulePkg.dec
>>>> b/MdeModulePkg/MdeModulePkg.dec index 273cd7e..207384f 100644
>>>> --- a/MdeModulePkg/MdeModulePkg.dec
>>>> +++ b/MdeModulePkg/MdeModulePkg.dec
>>>> @@ -6,6 +6,8 @@
>>>> # Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR> #
>>>> Copyright (c) 2016, Linaro Ltd. All rights reserved.<BR> # (C) Copyright 2016
>>>> Hewlett Packard Enterprise Development LP<BR>
>>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
>>>> # This program and the accompanying materials are licensed and made
>>>> available under # the terms and conditions of the BSD License that
>>>> accompanies this distribution.
>>>> # The full text of the license may be found at @@ -1738,5 +1740,11 @@
>>>> [PcdsDynamic, PcdsDynamicEx]
>>>> # @Prompt If there is any test key used by the platform.
>>>>
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x0
>>>> 0030003
>>>>
>>>> + ## This dynamic PCD holds the address mask for page table entries
>>>> + when memory encryption is # enabled on AMD processors supporting the
>>>> Secure Encrypted Virtualization (SEV) feature.
>>>> + # This mask should be applied when creating 1:1 virtual to physical
>>>> mapping tables.
>>>> + #
>>>> +
>>>> +
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>>> ask|0x0
>>>> + |UINT64|0x00030004
>>>> +
>>>> [UserExtensions.TianoCore."ExtraFiles"]
>>>> MdeModulePkgExtra.uni
>>>> --
>>>> 1.9.1
>>>>
>>>> _______________________________________________
>>>> edk2-devel mailing list
>>>> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org
> <mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>
>> <mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>> <mailto:edk2-devel@lists.01.org>
>>>> https://lists.01.org/mailman/listinfo/edk2-devel
>>>
>> _______________________________________________
>> edk2-devel mailing list
>> edk2-devel@lists.01.org
> <mailto:edk2-devel@lists.01.org> <mailto:edk2-devel@lists.01.org>
>> https://lists.01.org/mailman/listinfo/edk2-devel
>>
>
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-08 19:47 ` Laszlo Ersek
@ 2017-02-09 5:12 ` Zeng, Star
2017-02-09 5:22 ` Yao, Jiewen
2017-02-09 5:26 ` Zeng, Star
0 siblings, 2 replies; 33+ messages in thread
From: Zeng, Star @ 2017-02-09 5:12 UTC (permalink / raw)
To: Laszlo Ersek, Yao, Jiewen, Duran, Leo, edk2-devel@ml01.01.org
Cc: Tian, Feng, Singh, Brijesh, Justen, Jordan L, Zeng, Star
In fact, X64 DxeIplPeim does not refer PcdDxeIplSwitchToLongMode at all.
DxeIpl.inf:
[FeaturePcd.IA32]
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode ## CONSUMES
As I remember, I did a draft patch below before for the discussion about how to determine DXE is 32BITs or 64BITs in title "[edk2] [PATCH v3 2/4] IntelFrameworkModulePkg: BdsDxe: only allocate below 4 GB if needed", I can't find the archive link any more.
---
MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c | 5 +++++
MdeModulePkg/MdeModulePkg.dec | 4 +++-
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
index 6488880..348e084 100644
--- a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
+++ b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
@@ -43,6 +43,11 @@ HandOffToDxeCore (
EFI_PEI_VECTOR_HANDOFF_INFO_PPI *VectorHandoffInfoPpi;
//
+ // It should be FALSE for both PEI and DXE are 64-bit.
+ //
+ ASSERT (PcdGetBool (PcdDxeIplSwitchToLongMode) == FALSE);
+
+ //
// Get Vector Hand-off Info PPI and build Guided HOB
//
Status = PeiServicesLocatePpi (
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index af7bcab..4a73f7b 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -712,8 +712,10 @@
## Indicates if DxeIpl should switch to long mode to enter DXE phase.
# It is assumed that 64-bit DxeCore is built in firmware if it is true; otherwise 32-bit DxeCore
# is built in firmware.<BR><BR>
+ # And it should be FALSE for both PEI and DXE are 64-bit.
# TRUE - DxeIpl will load a 64-bit DxeCore and switch to long mode to hand over to DxeCore.<BR>
- # FALSE - DxeIpl will load a 32-bit DxeCore and perform stack switch to hand over to DxeCore.<BR>
+ # FALSE - DxeIpl will load a 32-bit DxeCore and perform stack switch to hand over to DxeCore,<BR>
+ # or both PEI and DXE are 64-bit.<BR>
# @Prompt DxeIpl switch to long mode.
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|TRUE|BOOLEAN|0x0001003b
--
Thanks,
Star
-----Original Message-----
From: Laszlo Ersek [mailto:lersek@redhat.com]
Sent: Thursday, February 9, 2017 3:48 AM
To: Yao, Jiewen <jiewen.yao@intel.com>; Duran, Leo <leo.duran@amd.com>; Zeng, Star <star.zeng@intel.com>; edk2-devel@ml01.01.org
Cc: Tian, Feng <feng.tian@intel.com>; Singh, Brijesh <brijesh.singh@amd.com>; Justen, Jordan L <jordan.l.justen@intel.com>
Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
On 02/08/17 19:20, Yao, Jiewen wrote:
> Got it.
>
>
>
> If the means of PcdDxeIplSwitchtoLongMode is unclear, we may add more
> description to make it clear.
>
>
>
> If we believe "PcdDxeIplSwitchtoLongMode == DXE is Long mode" as
> final conclusion, can we treat that as a bug and fix OVMF X64?
I don't know how to "fix" that. What is there to fix?
Flipping the PCD to TRUE in OVMF X64 would break OVMF X64, and likely OVMF Ia32X64 too. For two reasons:
(1) Toggling the PCD would alter the behavior of the DXE IPL PEIM and/or the DXE Core, and that behavior has never ever been tested with OVMF X64.
The PcdDxeIplSwitchToLongMode=FALSE setting in the X64 DSC dates back to:
commit 8fa729a8b1401f01c6fd8ddbcab45e4a4904fa9a
Author: lgao4 <lgao4@6f19259b-4bc3-4df7-8a09-765794883524>
Date: Mon Mar 15 01:40:59 2010 +0000
Merge the same type PCD section.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10243 6f19259b-4bc3-4df7-8a09-765794883524
and before that, to:
commit 49ba9447c92d6fca214476381107a180d08e59d1
Author: jljusten <jljusten@6f19259b-4bc3-4df7-8a09-765794883524>
Date: Wed May 27 21:10:18 2009 +0000
Add initial version of Open Virtual Machine Firmware (OVMF) platform.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@8398 6f19259b-4bc3-4df7-8a09-765794883524
In other words, OVMF X64 has always worked like this, since its inception.
(2) PEI code under OvmfPkg itself uses this PCD to identify a 32-bit DXE phase.
//
// If DXE is 32-bit, then we're done; PciBusDxe will degrade 64-bit MMIO
// resources to 32-bit anyway. See DegradeResource() in
// "PciResourceSupport.c".
//
#ifdef MDE_CPU_IA32
if (!FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
return FirstNonAddress;
}
#endif
and
//
// If DXE is 32-bit, then just return the traditional 64 MB cap.
//
#ifdef MDE_CPU_IA32
if (!FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
return SIZE_64MB;
}
#endif
Thanks
Laszlo
>
>
>
> Thank you
>
> Yao Jiewen
>
>
>
>
>
> *From:*Laszlo Ersek [mailto:lersek@redhat.com]
> *Sent:* Wednesday, February 8, 2017 9:52 AM
> *To:* Yao, Jiewen <jiewen.yao@intel.com>; Duran, Leo
> <leo.duran@amd.com>; Zeng, Star <star.zeng@intel.com>;
> edk2-devel@ml01.01.org
> *Cc:* Tian, Feng <feng.tian@intel.com>; Singh, Brijesh
> <brijesh.singh@amd.com>; Justen, Jordan L <jordan.l.justen@intel.com>
> *Subject:* Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
>
>
> On 02/08/17 18:27, Yao, Jiewen wrote:
>> I believe PcdDxeIplSwitchtoLongMode == DXE is Long mode.
>>
>>
>>
>> See DEC description:
>>
>> # It is assumed that 64-bit DxeCore is built in firmware if it is
>> true; otherwise 32-bit DxeCore
>>
>> # is built in firmware.<BR><BR>
>
> Unfortunately, I have no historical context or background for this
> PCD; all I can say is that the X64 OVMF platform does not set the PCD.
>
> It enters long mode, and sets up page tables for the first 4GB of RAM,
> in SEC. Then SEC decompresses the flash contents to RAM, which covers
> both PEIFV and DXEFV. PEI runs from RAM.
>
> This is possible because on QEMU/KVM, there's no need to initialize
> RAM, thus only SEC runs from flash, in-place.
>
> Perhaps Jordan can provide more insight.
>
> If Brijesh and Leo would like to run the X64 OVMF platform as a SEV
> guest too, then this should be considered, in my opinion.
>
> One more comment below:
>
>>
>>
>>
>> And the code MdeModulePkg\Universal\Acpi\S3SaveStateDxe\AcpiS3ContextSave.c:
>>
>>
>>
>> BOOLEAN
>>
>> IsLongModeWakingVectorSupport (
>>
>> IN EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE*Facs
>>
>> )
>>
>> {
>>
>> if((Facs == NULL) ||
>>
>> (Facs->Signature !=
>> EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_SIGNATURE) ) {
>>
>> //
>>
>> // Something wrong with FACS.
>>
>> //
>>
>> returnFALSE;
>>
>> }
>>
>> if((Facs->Version ==
>> EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_VERSION) &&
>>
>> ((Facs->Flags & EFI_ACPI_4_0_64BIT_WAKE_SUPPORTED_F) != 0)) {
>>
>> //
>>
>> // BIOS supports 64bit waking vector.
>>
>> //
>>
>> if(FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
>>
>> returnTRUE;
>>
>> }
>>
>> }
>>
>> returnFALSE;
>>
>> }
>
> In practice, it's okay if the OVMF X64 platform is recognized as "not
> supporting a 64-bit waking vector for S3 resume". All the 64-bit guest
> OSes that I've tested with OVMF X64 (Linux, and the Windows 7 / 8 / 10
> families, both client and server) use a real mode (16-bit) waking
> vector, in practice.
>
> ... Actually, upon reviewing the above code more carefully, we don't
> even reach the FeaturePcdGet() call: the FACS that QEMU generates (and
> OVMF downloads and installs) corresponds to ACPI 1.0, that is,
> EFI_ACPI_1_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_VERSION.
>
> Thanks
> Laszlo
>
>
>>
>>
>>
>>
>>
>> Thank you
>>
>> Yao Jiewen
>>
>>
>>
>> *From:*edk2-devel [mailto:edk2-devel-bounces@lists.01.org] *On Behalf
>> Of *Yao, Jiewen
>> *Sent:* Wednesday, February 8, 2017 9:18 AM
>> *To:* Laszlo Ersek <lersek@redhat.com
> <mailto:lersek@redhat.com>>; Duran, Leo <leo.duran@amd.com
> <mailto:leo.duran@amd.com>>;
>> Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com>>; edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org>
>> *Cc:* Tian, Feng <feng.tian@intel.com <mailto:feng.tian@intel.com>>;
>> Singh, Brijesh <brijesh.singh@amd.com <mailto:brijesh.singh@amd.com>>
>> *Subject:* Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>> PcdPteMemoryEncryptionAddressOrMask
>>
>>
>>
>> Good reminder. I take back my word.
>>
>> In this case, we need consume PcdPteMemoryEncryptionAddressOrMask in IA32 mode to build X64 paging.
>>
>> We need
>>
>> From: Laszlo Ersek [mailto:lersek@redhat.com]
>> Sent: Wednesday, February 8, 2017 9:11 AM
>> To: Yao, Jiewen <jiewen.yao@intel.com
> <mailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com>>;
> Duran, Leo <leo.duran@amd.com <mailto:leo.duran@amd.com%0b>>
> <mailto:leo.duran@amd.com>>; Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com>>;
> edk2-devel@ml01.01.org <mailto:edk2-devel@ml01.01.org>
>> <mailto:edk2-devel@ml01.01.org>
>> Cc: Tian, Feng <feng.tian@intel.com
> <mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com>>; Singh,
> Brijesh <brijesh.singh@amd.com <mailto:brijesh.singh@amd.com%0b>>
> <mailto:brijesh.singh@amd.com>>
>> Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>> PcdPteMemoryEncryptionAddressOrMask
>>
>> On 02/08/17 18:05, Yao, Jiewen wrote:
>>> HI Leo
>>>
>>> Thanks to clarify that.
>>>
>>>
>>>
>>> If that is the case, do you think it will be better to limit this
>>> PCD to
>>> X64 only in DEC file. Such as [PcdsDynamic.X64, PcdsDynamicEx.X64]
>>
>> Not sure if this is the best place to raise the following
>> observation, but it should do:
>>
>> please everyone remember that PcdDxeIplSwitchToLongMode is only TRUE
>> if PEI is 32-bit and DXE is 64-bit. It is FALSE in *two* cases:
>> - both PEI and DXE are 32-bit, and
>> - both PEI and DXE are 64-bit.
>>
>> This doesn't necessarily invalidate anything said thus fair in the
>> thread, but the following statement from Leo:
>>
>> The SEV feature requires 64-bit LongMode, so the
>> PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time
>>
>> does not follow. The PCD is FALSE in OvmfPkgX64.dsc.
>>
>> Thanks,
>> Laszlo
>>
>>>
>>>
>>>
>>> Thank you
>>>
>>> Yao Jiewen
>>>
>>>
>>>
>>> *From:*Duran, Leo [mailto:leo.duran@amd.com]
>>> *Sent:* Wednesday, February 8, 2017 9:00 AM
>>> *To:* Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com
> <mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com%0b>>
> <mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com>>>;
> edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>>> *Cc:* Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com
> <mailto:lersek@redhat.com%3cmailto:lersek@redhat.com%0b>>
> <mailto:lersek@redhat.com%3cmailto:lersek@redhat.com>>>; Tian, Feng
>>> <feng.tian@intel.com<mailto:feng.tian@intel.com
> <mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com%0b>>
> <mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com>>>; Singh,
> Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com%0b>>
> <mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com>>>; Yao,
>>> Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com
> <mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com%0b>>
> <mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com>>>
>>> *Subject:* RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>> PcdPteMemoryEncryptionAddressOrMask
>>>
>>>
>>>
>>> Pease see reply below.
>>> Leo
>>>
>>>> -----Original Message-----
>>>> From: Zeng, Star [mailto:star.zeng@intel.com]
>>>> Sent: Tuesday, February 07, 2017 8:27 PM
>>>> To: Duran, Leo <leo.duran@amd.com
>>>> <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com
>>>> %3cmailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com>>>>;
> edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>>> <mailto:edk2-devel@ml01.01.org>
>>>> Cc: Laszlo Ersek <lersek@redhat.com
> <mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%0b
> <mailto:lersek@redhat.com%0b%0b>>
> <mailto:lersek@redhat.com%0b%3cmailto:lersek@redhat.com%0b>>>
> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
> <mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com%0b
> <mailto:feng.tian@intel.com%0b%0b>>
> <mailto:feng.tian@intel.com%0b%3cmailto:feng.tian@intel.com%0b>>>
> <mailto:feng.tian@intel.com>>;
>>>> Singh, Brijesh <brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%0b
> <mailto:brijesh.singh@amd.com%0b%0b>>
> <mailto:brijesh.singh@amd.com%0b%3cmailto:brijesh.singh@amd.com%0b>>>
> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com%0b
> <mailto:star.zeng@intel.com%0b%0b>>
> <mailto:star.zeng@intel.com%0b%3cmailto:star.zeng@intel.com%0b>>>
> <mailto:star.zeng@intel.com>>;
>>>> Yao, Jiewen <jiewen.yao@intel.com
>>>> <mailto:jiewen.yao@intel.com<mailto:jiewen.yao@intel.com
>>>> %3cmailto:jiewen.yao@intel.com
> <mailto:jiewen.yao@intel.com
> %3cmailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com
> %3cmailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com
> %3cmailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com
> %3cmailto:jiewen.yao@intel.com>>>>
>>>> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>
>>>> Does Create4GPageTablesIa32Pae() also need to be updated?
>>>>
>>>> Thanks,
>>>> Star
>>> [Duran, Leo]
>>> Hi Star,
>>> No, I do not think Create4GPageTablesIa32Pae() is in the execution path.
>>>
>>> The SEV feature requires 64-bit LongMode, so the
>>> PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time, in which case Create4GPageTablesIa32Pae() would *not* be called by HandOffToDxeCore().
>>>
>>>> -----Original Message-----
>>>> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf
>>>> Of Leo Duran
>>>> Sent: Wednesday, February 8, 2017 3:54 AM
>>>> To: edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>> <mailto:edk2-devel@ml01.01.org>
>>>> Cc: Laszlo Ersek <lersek@redhat.com
> <mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%0b
> <mailto:lersek@redhat.com%0b%0b>>
> <mailto:lersek@redhat.com%0b%3cmailto:lersek@redhat.com%0b>>>
> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
> <mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com%0b
> <mailto:feng.tian@intel.com%0b%0b>>
> <mailto:feng.tian@intel.com%0b%3cmailto:feng.tian@intel.com%0b>>>
> <mailto:feng.tian@intel.com>>;
>>>> Brijesh Singh <brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%0b
> <mailto:brijesh.singh@amd.com%0b%0b>>
> <mailto:brijesh.singh@amd.com%0b%3cmailto:brijesh.singh@amd.com%0b>>>
> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com%0b
> <mailto:star.zeng@intel.com%0b%0b>>
> <mailto:star.zeng@intel.com%0b%3cmailto:star.zeng@intel.com%0b>>>
> <mailto:star.zeng@intel.com>>;
>>>> Leo Duran <leo.duran@amd.com
>>>> <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com
>>>> %3cmailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com>>>>
>>>> Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>
>>>> From: Brijesh Singh <brijesh.singh@amd.com
>>>> <mailto:brijesh.singh@amd.com<mailto:brijesh.singh@amd.com
>>>> %3cmailto:brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com
> %3cmailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com
> %3cmailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com
> %3cmailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com
> %3cmailto:brijesh.singh@amd.com>>>>
>>>>
>>>> This dynamic PCD holds the address mask for page table entries when
>>>> memory encryption is enabled on AMD processors supporting the
>>>> Secure Encrypted Virtualization (SEV) feature.
>>>>
>>>> Cc: Feng Tian <feng.tian@intel.com
>>>> <mailto:feng.tian@intel.com<mailto:feng.tian@intel.com
>>>> %3cmailto:feng.tian@intel.com
> <mailto:feng.tian@intel.com
> %3cmailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com
> %3cmailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com
> %3cmailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com
> %3cmailto:feng.tian@intel.com>>>>
>>>> Cc: Star Zeng <star.zeng@intel.com
>>>> <mailto:star.zeng@intel.com<mailto:star.zeng@intel.com
>>>> %3cmailto:star.zeng@intel.com
> <mailto:star.zeng@intel.com
> %3cmailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com
> %3cmailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com
> %3cmailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com
> %3cmailto:star.zeng@intel.com>>>>
>>>> Cc: Laszlo Ersek <lersek@redhat.com
>>>> <mailto:lersek@redhat.com<mailto:lersek@redhat.com
>>>> %3cmailto:lersek@redhat.com
> <mailto:lersek@redhat.com
> %3cmailto:lersek@redhat.com%3cmailto:lersek@redhat.com
> %3cmailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com
> %3cmailto:lersek@redhat.com%3cmailto:lersek@redhat.com
> %3cmailto:lersek@redhat.com>>>>
>>>> Contributed-under: TianoCore Contribution Agreement 1.0
>>>> Signed-off-by: Leo Duran <leo.duran@amd.com
>>>> <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com
>>>> %3cmailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com>>>>
>>>> ---
>>>> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
>>>> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18 ++++++++++--
>>>> ------
>>>> MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
>>>> 3 files changed, 22 insertions(+), 9 deletions(-)
>>>>
>>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>> index 2bc41be..d62bd9b 100644
>>>> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>> @@ -6,6 +6,8 @@
>>>> # needed to run the DXE Foundation.
>>>> #
>>>> # Copyright (c) 2006 - 2016, Intel Corporation. All rights
>>>> reserved.<BR>
>>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>>>> +#
>>>> # This program and the accompanying materials # are licensed
>>>> and made available under the terms and conditions of the BSD
>>>> License # which accompanies this distribution. The full text of
>>>> the license may be found at @@ -111,7 +113,8 @@ [FeaturePcd]
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ##
>>>> CONSUMES
>>>>
>>>> [Pcd.IA32,Pcd.X64]
>>>> - gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>>> SOMETIMES_CONSUMES
>>>> + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>>> SOMETIMES_CONSUMES
>>>> +
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>>> ask ## CONSUMES
>>>>
>>>> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ##
>>>> SOMETIMES_CONSUMES
>>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>> index 790f6ab..2c52389 100644
>>>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>> @@ -16,6 +16,8 @@
>>>> 3) IA-32 Intel(R) Architecture Software Developer's Manual
>>>> Volume 3:System Programmer's Guide, Intel
>>>>
>>>> Copyright (c) 2006 - 2016, Intel Corporation. All rights
>>>> reserved.<BR>
>>>> +Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>>>> +
>>>> This program and the accompanying materials are licensed and made
>>>> available under the terms and conditions of the BSD License which
>>>> accompanies this distribution. The full text of the license may be
>>>> found at @@ -71,14 +73,14 @@ Split2MPageTo4K (
>>>> //
>>>> // Fill in 2M page entry.
>>>> //
>>>> - *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P |
>>>> IA32_PG_RW;
>>>> + *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>>>
>>>> PhysicalAddress4K = PhysicalAddress;
>>>> for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512;
>>>> IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=
>>>> SIZE_4KB) {
>>>> //
>>>> // Fill in the Page Table entries
>>>> //
>>>> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
>>>> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageTableEntry->Bits.ReadWrite = 1;
>>>> PageTableEntry->Bits.Present = 1;
>>>> if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K <
>>>> StackBase +
>>>> StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M (
>>>> //
>>>> // Fill in 1G page entry.
>>>> //
>>>> - *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P |
>>>> IA32_PG_RW;
>>>> + *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>>>
>>>> PhysicalAddress2M = PhysicalAddress;
>>>> for (IndexOfPageDirectoryEntries = 0;
>>>> IndexOfPageDirectoryEntries < 512;
>>>> IndexOfPageDirectoryEntries++, PageDirectoryEntry++,
>>>> IndexOfPageDirectoryEntries++PhysicalAddress2M
>>>> += SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M (
>>>> //
>>>> // Fill in the Page Directory entries
>>>> //
>>>> - PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
>>>> + PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M |
>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>>> PageDirectoryEntry->Bits.Present = 1;
>>>> PageDirectoryEntry->Bits.MustBe1 = 1; @@ -248,7 +250,7 @@
>>>> CreateIdentityMappingPageTables (
>>>> //
>>>> // Make a PML4 Entry
>>>> //
>>>> - PageMapLevel4Entry->Uint64 =
>>>> (UINT64)(UINTN)PageDirectoryPointerEntry;
>>>> + PageMapLevel4Entry->Uint64 =
>>>> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageMapLevel4Entry->Bits.ReadWrite = 1;
>>>> PageMapLevel4Entry->Bits.Present = 1;
>>>>
>>>> @@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
>>>> //
>>>> // Fill in the Page Directory entries
>>>> //
>>>> - PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
>>>> + PageDirectory1GEntry->Uint64 = (UINT64)PageAddress |
>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageDirectory1GEntry->Bits.ReadWrite = 1;
>>>> PageDirectory1GEntry->Bits.Present = 1;
>>>> PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -280,7 +282,7
>>>> @@ CreateIdentityMappingPageTables (
>>>> //
>>>> // Fill in a Page Directory Pointer Entries
>>>> //
>>>> - PageDirectoryPointerEntry->Uint64 =
>>>> (UINT64)(UINTN)PageDirectoryEntry;
>>>> + PageDirectoryPointerEntry->Uint64 =
>>>> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageDirectoryPointerEntry->Bits.ReadWrite = 1;
>>>> PageDirectoryPointerEntry->Bits.Present = 1;
>>>>
>>>> @@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
>>>> //
>>>> // Fill in the Page Directory entries
>>>> //
>>>> - PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
>>>> + PageDirectoryEntry->Uint64 = (UINT64)PageAddress |
>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>>> PageDirectoryEntry->Bits.Present = 1;
>>>> PageDirectoryEntry->Bits.MustBe1 = 1; diff --git
>>>> a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
>>>> index 273cd7e..207384f 100644
>>>> --- a/MdeModulePkg/MdeModulePkg.dec
>>>> +++ b/MdeModulePkg/MdeModulePkg.dec
>>>> @@ -6,6 +6,8 @@
>>>> # Copyright (c) 2007 - 2017, Intel Corporation. All rights
>>>> reserved.<BR> # Copyright (c) 2016, Linaro Ltd. All rights
>>>> reserved.<BR> # (C) Copyright 2016 Hewlett Packard Enterprise
>>>> Development LP<BR>
>>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
>>>> # This program and the accompanying materials are licensed and
>>>> made available under # the terms and conditions of the BSD License
>>>> that accompanies this distribution.
>>>> # The full text of the license may be found at @@ -1738,5 +1740,11
>>>> @@ [PcdsDynamic, PcdsDynamicEx]
>>>> # @Prompt If there is any test key used by the platform.
>>>>
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x0
>>>> 0030003
>>>>
>>>> + ## This dynamic PCD holds the address mask for page table
>>>> + entries when memory encryption is # enabled on AMD processors
>>>> + supporting the
>>>> Secure Encrypted Virtualization (SEV) feature.
>>>> + # This mask should be applied when creating 1:1 virtual to
>>>> + physical
>>>> mapping tables.
>>>> + #
>>>> +
>>>> +
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>>> ask|0x0
>>>> + |UINT64|0x00030004
>>>> +
>>>> [UserExtensions.TianoCore."ExtraFiles"]
>>>> MdeModulePkgExtra.uni
>>>> --
>>>> 1.9.1
>>>>
>>>> _______________________________________________
>>>> edk2-devel mailing list
>>>> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org
> <mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>
>> <mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>>
>> <mailto:edk2-devel@lists.01.org>
>>>> https://lists.01.org/mailman/listinfo/edk2-devel
>>>
>> _______________________________________________
>> edk2-devel mailing list
>> edk2-devel@lists.01.org
> <mailto:edk2-devel@lists.01.org> <mailto:edk2-devel@lists.01.org>
>> https://lists.01.org/mailman/listinfo/edk2-devel
>>
>
^ permalink raw reply related [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-09 5:12 ` Zeng, Star
@ 2017-02-09 5:22 ` Yao, Jiewen
2017-02-09 5:56 ` Zeng, Star
2017-02-09 5:26 ` Zeng, Star
1 sibling, 1 reply; 33+ messages in thread
From: Yao, Jiewen @ 2017-02-09 5:22 UTC (permalink / raw)
To: Zeng, Star, Laszlo Ersek, Duran, Leo, edk2-devel@ml01.01.org
Cc: Tian, Feng, Singh, Brijesh, Justen, Jordan L
I suggest we evaluate *all* usages of PcdDxeIplSwitchToLongMode because this is an incompatible change.
# It is assumed that 64-bit DxeCore is built in firmware if it is true; otherwise 32-bit DxeCore
Thank you
Yao Jiewen
From: Zeng, Star
Sent: Wednesday, February 8, 2017 9:12 PM
To: Laszlo Ersek <lersek@redhat.com>; Yao, Jiewen <jiewen.yao@intel.com>; Duran, Leo <leo.duran@amd.com>; edk2-devel@ml01.01.org
Cc: Tian, Feng <feng.tian@intel.com>; Singh, Brijesh <brijesh.singh@amd.com>; Justen, Jordan L <jordan.l.justen@intel.com>; Zeng, Star <star.zeng@intel.com>
Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
In fact, X64 DxeIplPeim does not refer PcdDxeIplSwitchToLongMode at all.
DxeIpl.inf:
[FeaturePcd.IA32]
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode ## CONSUMES
As I remember, I did a draft patch below before for the discussion about how to determine DXE is 32BITs or 64BITs in title "[edk2] [PATCH v3 2/4] IntelFrameworkModulePkg: BdsDxe: only allocate below 4 GB if needed", I can't find the archive link any more.
---
MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c | 5 +++++
MdeModulePkg/MdeModulePkg.dec | 4 +++-
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
index 6488880..348e084 100644
--- a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
+++ b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
@@ -43,6 +43,11 @@ HandOffToDxeCore (
EFI_PEI_VECTOR_HANDOFF_INFO_PPI *VectorHandoffInfoPpi;
//
+ // It should be FALSE for both PEI and DXE are 64-bit.
+ //
+ ASSERT (PcdGetBool (PcdDxeIplSwitchToLongMode) == FALSE);
+
+ //
// Get Vector Hand-off Info PPI and build Guided HOB
//
Status = PeiServicesLocatePpi (
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index af7bcab..4a73f7b 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -712,8 +712,10 @@
## Indicates if DxeIpl should switch to long mode to enter DXE phase.
# It is assumed that 64-bit DxeCore is built in firmware if it is true; otherwise 32-bit DxeCore
# is built in firmware.<BR><BR>
+ # And it should be FALSE for both PEI and DXE are 64-bit.
# TRUE - DxeIpl will load a 64-bit DxeCore and switch to long mode to hand over to DxeCore.<BR>
- # FALSE - DxeIpl will load a 32-bit DxeCore and perform stack switch to hand over to DxeCore.<BR>
+ # FALSE - DxeIpl will load a 32-bit DxeCore and perform stack switch to hand over to DxeCore,<BR>
+ # or both PEI and DXE are 64-bit.<BR>
# @Prompt DxeIpl switch to long mode.
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|TRUE|BOOLEAN|0x0001003b
--
Thanks,
Star
-----Original Message-----
From: Laszlo Ersek [mailto:lersek@redhat.com]
Sent: Thursday, February 9, 2017 3:48 AM
To: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Duran, Leo <leo.duran@amd.com<mailto:leo.duran@amd.com>>; Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org>
Cc: Tian, Feng <feng.tian@intel.com<mailto:feng.tian@intel.com>>; Singh, Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>; Justen, Jordan L <jordan.l.justen@intel.com<mailto:jordan.l.justen@intel.com>>
Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
On 02/08/17 19:20, Yao, Jiewen wrote:
> Got it.
>
>
>
> If the means of PcdDxeIplSwitchtoLongMode is unclear, we may add more
> description to make it clear.
>
>
>
> If we believe "PcdDxeIplSwitchtoLongMode == DXE is Long mode" as
> final conclusion, can we treat that as a bug and fix OVMF X64?
I don't know how to "fix" that. What is there to fix?
Flipping the PCD to TRUE in OVMF X64 would break OVMF X64, and likely OVMF Ia32X64 too. For two reasons:
(1) Toggling the PCD would alter the behavior of the DXE IPL PEIM and/or the DXE Core, and that behavior has never ever been tested with OVMF X64.
The PcdDxeIplSwitchToLongMode=FALSE setting in the X64 DSC dates back to:
commit 8fa729a8b1401f01c6fd8ddbcab45e4a4904fa9a
Author: lgao4 <lgao4@6f19259b-4bc3-4df7-8a09-765794883524>
Date: Mon Mar 15 01:40:59 2010 +0000
Merge the same type PCD section.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10243 6f19259b-4bc3-4df7-8a09-765794883524
and before that, to:
commit 49ba9447c92d6fca214476381107a180d08e59d1
Author: jljusten <jljusten@6f19259b-4bc3-4df7-8a09-765794883524>
Date: Wed May 27 21:10:18 2009 +0000
Add initial version of Open Virtual Machine Firmware (OVMF) platform.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@8398 6f19259b-4bc3-4df7-8a09-765794883524
In other words, OVMF X64 has always worked like this, since its inception.
(2) PEI code under OvmfPkg itself uses this PCD to identify a 32-bit DXE phase.
//
// If DXE is 32-bit, then we're done; PciBusDxe will degrade 64-bit MMIO
// resources to 32-bit anyway. See DegradeResource() in
// "PciResourceSupport.c".
//
#ifdef MDE_CPU_IA32
if (!FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
return FirstNonAddress;
}
#endif
and
//
// If DXE is 32-bit, then just return the traditional 64 MB cap.
//
#ifdef MDE_CPU_IA32
if (!FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
return SIZE_64MB;
}
#endif
Thanks
Laszlo
>
>
>
> Thank you
>
> Yao Jiewen
>
>
>
>
>
> *From:*Laszlo Ersek [mailto:lersek@redhat.com]
> *Sent:* Wednesday, February 8, 2017 9:52 AM
> *To:* Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Duran, Leo
> <leo.duran@amd.com<mailto:leo.duran@amd.com>>; Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com>>;
> edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org>
> *Cc:* Tian, Feng <feng.tian@intel.com<mailto:feng.tian@intel.com>>; Singh, Brijesh
> <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>; Justen, Jordan L <jordan.l.justen@intel.com<mailto:jordan.l.justen@intel.com>>
> *Subject:* Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
>
>
> On 02/08/17 18:27, Yao, Jiewen wrote:
>> I believe PcdDxeIplSwitchtoLongMode == DXE is Long mode.
>>
>>
>>
>> See DEC description:
>>
>> # It is assumed that 64-bit DxeCore is built in firmware if it is
>> true; otherwise 32-bit DxeCore
>>
>> # is built in firmware.<BR><BR>
>
> Unfortunately, I have no historical context or background for this
> PCD; all I can say is that the X64 OVMF platform does not set the PCD.
>
> It enters long mode, and sets up page tables for the first 4GB of RAM,
> in SEC. Then SEC decompresses the flash contents to RAM, which covers
> both PEIFV and DXEFV. PEI runs from RAM.
>
> This is possible because on QEMU/KVM, there's no need to initialize
> RAM, thus only SEC runs from flash, in-place.
>
> Perhaps Jordan can provide more insight.
>
> If Brijesh and Leo would like to run the X64 OVMF platform as a SEV
> guest too, then this should be considered, in my opinion.
>
> One more comment below:
>
>>
>>
>>
>> And the code MdeModulePkg\Universal\Acpi\S3SaveStateDxe\AcpiS3ContextSave.c:
>>
>>
>>
>> BOOLEAN
>>
>> IsLongModeWakingVectorSupport (
>>
>> IN EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE*Facs
>>
>> )
>>
>> {
>>
>> if((Facs == NULL) ||
>>
>> (Facs->Signature !=
>> EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_SIGNATURE) ) {
>>
>> //
>>
>> // Something wrong with FACS.
>>
>> //
>>
>> returnFALSE;
>>
>> }
>>
>> if((Facs->Version ==
>> EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_VERSION) &&
>>
>> ((Facs->Flags & EFI_ACPI_4_0_64BIT_WAKE_SUPPORTED_F) != 0)) {
>>
>> //
>>
>> // BIOS supports 64bit waking vector.
>>
>> //
>>
>> if(FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
>>
>> returnTRUE;
>>
>> }
>>
>> }
>>
>> returnFALSE;
>>
>> }
>
> In practice, it's okay if the OVMF X64 platform is recognized as "not
> supporting a 64-bit waking vector for S3 resume". All the 64-bit guest
> OSes that I've tested with OVMF X64 (Linux, and the Windows 7 / 8 / 10
> families, both client and server) use a real mode (16-bit) waking
> vector, in practice.
>
> ... Actually, upon reviewing the above code more carefully, we don't
> even reach the FeaturePcdGet() call: the FACS that QEMU generates (and
> OVMF downloads and installs) corresponds to ACPI 1.0, that is,
> EFI_ACPI_1_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_VERSION.
>
> Thanks
> Laszlo
>
>
>>
>>
>>
>>
>>
>> Thank you
>>
>> Yao Jiewen
>>
>>
>>
>> *From:*edk2-devel [mailto:edk2-devel-bounces@lists.01.org] *On Behalf
>> Of *Yao, Jiewen
>> *Sent:* Wednesday, February 8, 2017 9:18 AM
>> *To:* Laszlo Ersek <lersek@redhat.com
<mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com>>; Duran, Leo <leo.duran@amd.com
<mailto:leo.duran@amd.com %0b>> <mailto:leo.duran@amd.com>>;
>> Zeng, Star <star.zeng@intel.com
<mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org>
> <mailto:edk2-devel@ml01.01.org>
>> *Cc:* Tian, Feng <feng.tian@intel.com <mailto:feng.tian@intel.com<mailto:feng.tian@intel.com %3cmailto:feng.tian@intel.com>>>;
>> Singh, Brijesh <brijesh.singh@amd.com <mailto:brijesh.singh@amd.com<mailto:brijesh.singh@amd.com %3cmailto:brijesh.singh@amd.com>>>
>> *Subject:* Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>> PcdPteMemoryEncryptionAddressOrMask
>>
>>
>>
>> Good reminder. I take back my word.
>>
>> In this case, we need consume PcdPteMemoryEncryptionAddressOrMask in IA32 mode to build X64 paging.
>>
>> We need
>>
>> From: Laszlo Ersek [mailto:lersek@redhat.com]
>> Sent: Wednesday, February 8, 2017 9:11 AM
>> To: Yao, Jiewen <jiewen.yao@intel.com
<mailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com>>;
> Duran, Leo <leo.duran@amd.com <mailto:leo.duran@amd.com%0b<mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com%0b>>>
> <mailto:leo.duran@amd.com>>; Zeng, Star <star.zeng@intel.com
<mailto:star.zeng@intel.com %0b>> <mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com>>;
> edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org> <mailto:edk2-devel@ml01.01.org>
>> <mailto:edk2-devel@ml01.01.org>
>> Cc: Tian, Feng <feng.tian@intel.com
<mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com>>; Singh,
> Brijesh <brijesh.singh@amd.com <mailto:brijesh.singh@amd.com%0b<mailto:brijesh.singh@amd.com %3cmailto:brijesh.singh@amd.com%0b>>>
> <mailto:brijesh.singh@amd.com>>
>> Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>> PcdPteMemoryEncryptionAddressOrMask
>>
>> On 02/08/17 18:05, Yao, Jiewen wrote:
>>> HI Leo
>>>
>>> Thanks to clarify that.
>>>
>>>
>>>
>>> If that is the case, do you think it will be better to limit this
>>> PCD to
>>> X64 only in DEC file. Such as [PcdsDynamic.X64, PcdsDynamicEx.X64]
>>
>> Not sure if this is the best place to raise the following
>> observation, but it should do:
>>
>> please everyone remember that PcdDxeIplSwitchToLongMode is only TRUE
>> if PEI is 32-bit and DXE is 64-bit. It is FALSE in *two* cases:
>> - both PEI and DXE are 32-bit, and
>> - both PEI and DXE are 64-bit.
>>
>> This doesn't necessarily invalidate anything said thus fair in the
>> thread, but the following statement from Leo:
>>
>> The SEV feature requires 64-bit LongMode, so the
>> PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time
>>
>> does not follow. The PCD is FALSE in OvmfPkgX64.dsc.
>>
>> Thanks,
>> Laszlo
>>
>>>
>>>
>>>
>>> Thank you
>>>
>>> Yao Jiewen
>>>
>>>
>>>
>>> *From:*Duran, Leo [mailto:leo.duran@amd.com]
>>> *Sent:* Wednesday, February 8, 2017 9:00 AM
>>> *To:* Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com
<mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com%0b>>
> <mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com>>>;
> edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>>> *Cc:* Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com
<mailto:lersek@redhat.com%3cmailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%3cmailto:lersek@redhat.com%0b>>
> <mailto:lersek@redhat.com%3cmailto:lersek@redhat.com>>>; Tian, Feng
>>> <feng.tian@intel.com<mailto:feng.tian@intel.com
<mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com%0b>>
> <mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com>>>; Singh,
> Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com
<mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com%0b>>
> <mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com>>>; Yao,
>>> Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com
<mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com%0b>>
> <mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com>>>
>>> *Subject:* RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>> PcdPteMemoryEncryptionAddressOrMask
>>>
>>>
>>>
>>> Pease see reply below.
>>> Leo
>>>
>>>> -----Original Message-----
>>>> From: Zeng, Star [mailto:star.zeng@intel.com]
>>>> Sent: Tuesday, February 07, 2017 8:27 PM
>>>> To: Duran, Leo <leo.duran@amd.com
<mailto:leo.duran@amd.com %0b>>>>> <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com
<mailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %0b>>>>> %3cmailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com
<mailto:leo.duran@amd.com %0b>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com
<mailto:leo.duran@amd.com %0b>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com>>>>;
> edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>>> <mailto:edk2-devel@ml01.01.org>
>>>> Cc: Laszlo Ersek <lersek@redhat.com
<mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%0b
<mailto:lersek@redhat.com%0b %0b>> <mailto:lersek@redhat.com%0b%0b>>
> <mailto:lersek@redhat.com%0b%3cmailto:lersek@redhat.com%0b>>>
> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
<mailto:feng.tian@intel.com %0b>> <mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com%0b
<mailto:feng.tian@intel.com%0b %0b>> <mailto:feng.tian@intel.com%0b%0b>>
> <mailto:feng.tian@intel.com%0b%3cmailto:feng.tian@intel.com%0b>>>
> <mailto:feng.tian@intel.com>>;
>>>> Singh, Brijesh <brijesh.singh@amd.com
<mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%0b
<mailto:brijesh.singh@amd.com%0b %0b>> <mailto:brijesh.singh@amd.com%0b%0b>>
> <mailto:brijesh.singh@amd.com%0b%3cmailto:brijesh.singh@amd.com%0b>>>
> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
<mailto:star.zeng@intel.com %0b>> <mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com%0b
<mailto:star.zeng@intel.com%0b %0b>> <mailto:star.zeng@intel.com%0b%0b>>
> <mailto:star.zeng@intel.com%0b%3cmailto:star.zeng@intel.com%0b>>>
> <mailto:star.zeng@intel.com>>;
>>>> Yao, Jiewen <jiewen.yao@intel.com
<mailto:jiewen.yao@intel.com %0b>>>>> <mailto:jiewen.yao@intel.com<mailto:jiewen.yao@intel.com
<mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com %0b>>>>> %3cmailto:jiewen.yao@intel.com
> <mailto:jiewen.yao@intel.com
<mailto:jiewen.yao@intel.com %0b>> %3cmailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com
> %3cmailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com
<mailto:jiewen.yao@intel.com %0b>> %3cmailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com
> %3cmailto:jiewen.yao@intel.com>>>>
>>>> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>
>>>> Does Create4GPageTablesIa32Pae() also need to be updated?
>>>>
>>>> Thanks,
>>>> Star
>>> [Duran, Leo]
>>> Hi Star,
>>> No, I do not think Create4GPageTablesIa32Pae() is in the execution path.
>>>
>>> The SEV feature requires 64-bit LongMode, so the
>>> PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time, in which case Create4GPageTablesIa32Pae() would *not* be called by HandOffToDxeCore().
>>>
>>>> -----Original Message-----
>>>> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf
>>>> Of Leo Duran
>>>> Sent: Wednesday, February 8, 2017 3:54 AM
>>>> To: edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>> <mailto:edk2-devel@ml01.01.org>
>>>> Cc: Laszlo Ersek <lersek@redhat.com
<mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%0b
<mailto:lersek@redhat.com%0b %0b>> <mailto:lersek@redhat.com%0b%0b>>
> <mailto:lersek@redhat.com%0b%3cmailto:lersek@redhat.com%0b>>>
> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
<mailto:feng.tian@intel.com %0b>> <mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com%0b
<mailto:feng.tian@intel.com%0b %0b>> <mailto:feng.tian@intel.com%0b%0b>>
> <mailto:feng.tian@intel.com%0b%3cmailto:feng.tian@intel.com%0b>>>
> <mailto:feng.tian@intel.com>>;
>>>> Brijesh Singh <brijesh.singh@amd.com
<mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%0b
<mailto:brijesh.singh@amd.com%0b %0b>> <mailto:brijesh.singh@amd.com%0b%0b>>
> <mailto:brijesh.singh@amd.com%0b%3cmailto:brijesh.singh@amd.com%0b>>>
> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
<mailto:star.zeng@intel.com %0b>> <mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com%0b
<mailto:star.zeng@intel.com%0b %0b>> <mailto:star.zeng@intel.com%0b%0b>>
> <mailto:star.zeng@intel.com%0b%3cmailto:star.zeng@intel.com%0b>>>
> <mailto:star.zeng@intel.com>>;
>>>> Leo Duran <leo.duran@amd.com
<mailto:leo.duran@amd.com %0b>>>>> <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com
<mailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %0b>>>>> %3cmailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com
<mailto:leo.duran@amd.com %0b>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com
<mailto:leo.duran@amd.com %0b>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com>>>>
>>>> Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>
>>>> From: Brijesh Singh <brijesh.singh@amd.com
<mailto:brijesh.singh@amd.com %0b>>>>> <mailto:brijesh.singh@amd.com<mailto:brijesh.singh@amd.com
<mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com %0b>>>>> %3cmailto:brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com
<mailto:brijesh.singh@amd.com %0b>> %3cmailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com
> %3cmailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com
<mailto:brijesh.singh@amd.com %0b>> %3cmailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com
> %3cmailto:brijesh.singh@amd.com>>>>
>>>>
>>>> This dynamic PCD holds the address mask for page table entries when
>>>> memory encryption is enabled on AMD processors supporting the
>>>> Secure Encrypted Virtualization (SEV) feature.
>>>>
>>>> Cc: Feng Tian <feng.tian@intel.com
<mailto:feng.tian@intel.com %0b>>>>> <mailto:feng.tian@intel.com<mailto:feng.tian@intel.com
<mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com %0b>>>>> %3cmailto:feng.tian@intel.com
> <mailto:feng.tian@intel.com
<mailto:feng.tian@intel.com %0b>> %3cmailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com
> %3cmailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com
<mailto:feng.tian@intel.com %0b>> %3cmailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com
> %3cmailto:feng.tian@intel.com>>>>
>>>> Cc: Star Zeng <star.zeng@intel.com
<mailto:star.zeng@intel.com %0b>>>>> <mailto:star.zeng@intel.com<mailto:star.zeng@intel.com
<mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com %0b>>>>> %3cmailto:star.zeng@intel.com
> <mailto:star.zeng@intel.com
<mailto:star.zeng@intel.com %0b>> %3cmailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com
> %3cmailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com
<mailto:star.zeng@intel.com %0b>> %3cmailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com
> %3cmailto:star.zeng@intel.com>>>>
>>>> Cc: Laszlo Ersek <lersek@redhat.com
<mailto:lersek@redhat.com %0b>>>>> <mailto:lersek@redhat.com<mailto:lersek@redhat.com
<mailto:lersek@redhat.com%3cmailto:lersek@redhat.com %0b>>>>> %3cmailto:lersek@redhat.com
> <mailto:lersek@redhat.com
<mailto:lersek@redhat.com %0b>> %3cmailto:lersek@redhat.com%3cmailto:lersek@redhat.com
> %3cmailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com
<mailto:lersek@redhat.com %0b>> %3cmailto:lersek@redhat.com%3cmailto:lersek@redhat.com
> %3cmailto:lersek@redhat.com>>>>
>>>> Contributed-under: TianoCore Contribution Agreement 1.0
>>>> Signed-off-by: Leo Duran <leo.duran@amd.com
<mailto:leo.duran@amd.com %0b>>>>> <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com
<mailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %0b>>>>> %3cmailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com
<mailto:leo.duran@amd.com %0b>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com
<mailto:leo.duran@amd.com %0b>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com>>>>
>>>> ---
>>>> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
>>>> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18 ++++++++++--
>>>> ------
>>>> MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
>>>> 3 files changed, 22 insertions(+), 9 deletions(-)
>>>>
>>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>> index 2bc41be..d62bd9b 100644
>>>> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>> @@ -6,6 +6,8 @@
>>>> # needed to run the DXE Foundation.
>>>> #
>>>> # Copyright (c) 2006 - 2016, Intel Corporation. All rights
>>>> reserved.<BR>
>>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>>>> +#
>>>> # This program and the accompanying materials # are licensed
>>>> and made available under the terms and conditions of the BSD
>>>> License # which accompanies this distribution. The full text of
>>>> the license may be found at @@ -111,7 +113,8 @@ [FeaturePcd]
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ##
>>>> CONSUMES
>>>>
>>>> [Pcd.IA32,Pcd.X64]
>>>> - gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>>> SOMETIMES_CONSUMES
>>>> + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>>> SOMETIMES_CONSUMES
>>>> +
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>>> ask ## CONSUMES
>>>>
>>>> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ##
>>>> SOMETIMES_CONSUMES
>>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>> index 790f6ab..2c52389 100644
>>>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>> @@ -16,6 +16,8 @@
>>>> 3) IA-32 Intel(R) Architecture Software Developer's Manual
>>>> Volume 3:System Programmer's Guide, Intel
>>>>
>>>> Copyright (c) 2006 - 2016, Intel Corporation. All rights
>>>> reserved.<BR>
>>>> +Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>>>> +
>>>> This program and the accompanying materials are licensed and made
>>>> available under the terms and conditions of the BSD License which
>>>> accompanies this distribution. The full text of the license may be
>>>> found at @@ -71,14 +73,14 @@ Split2MPageTo4K (
>>>> //
>>>> // Fill in 2M page entry.
>>>> //
>>>> - *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P |
>>>> IA32_PG_RW;
>>>> + *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>>>
>>>> PhysicalAddress4K = PhysicalAddress;
>>>> for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512;
>>>> IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=
>>>> SIZE_4KB) {
>>>> //
>>>> // Fill in the Page Table entries
>>>> //
>>>> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
>>>> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageTableEntry->Bits.ReadWrite = 1;
>>>> PageTableEntry->Bits.Present = 1;
>>>> if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K <
>>>> StackBase +
>>>> StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M (
>>>> //
>>>> // Fill in 1G page entry.
>>>> //
>>>> - *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P |
>>>> IA32_PG_RW;
>>>> + *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>>>
>>>> PhysicalAddress2M = PhysicalAddress;
>>>> for (IndexOfPageDirectoryEntries = 0;
>>>> IndexOfPageDirectoryEntries < 512;
>>>> IndexOfPageDirectoryEntries++, PageDirectoryEntry++,
>>>> IndexOfPageDirectoryEntries++PhysicalAddress2M
>>>> += SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M (
>>>> //
>>>> // Fill in the Page Directory entries
>>>> //
>>>> - PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
>>>> + PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M |
>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>>> PageDirectoryEntry->Bits.Present = 1;
>>>> PageDirectoryEntry->Bits.MustBe1 = 1; @@ -248,7 +250,7 @@
>>>> CreateIdentityMappingPageTables (
>>>> //
>>>> // Make a PML4 Entry
>>>> //
>>>> - PageMapLevel4Entry->Uint64 =
>>>> (UINT64)(UINTN)PageDirectoryPointerEntry;
>>>> + PageMapLevel4Entry->Uint64 =
>>>> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageMapLevel4Entry->Bits.ReadWrite = 1;
>>>> PageMapLevel4Entry->Bits.Present = 1;
>>>>
>>>> @@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
>>>> //
>>>> // Fill in the Page Directory entries
>>>> //
>>>> - PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
>>>> + PageDirectory1GEntry->Uint64 = (UINT64)PageAddress |
>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageDirectory1GEntry->Bits.ReadWrite = 1;
>>>> PageDirectory1GEntry->Bits.Present = 1;
>>>> PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -280,7 +282,7
>>>> @@ CreateIdentityMappingPageTables (
>>>> //
>>>> // Fill in a Page Directory Pointer Entries
>>>> //
>>>> - PageDirectoryPointerEntry->Uint64 =
>>>> (UINT64)(UINTN)PageDirectoryEntry;
>>>> + PageDirectoryPointerEntry->Uint64 =
>>>> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageDirectoryPointerEntry->Bits.ReadWrite = 1;
>>>> PageDirectoryPointerEntry->Bits.Present = 1;
>>>>
>>>> @@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
>>>> //
>>>> // Fill in the Page Directory entries
>>>> //
>>>> - PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
>>>> + PageDirectoryEntry->Uint64 = (UINT64)PageAddress |
>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>>> PageDirectoryEntry->Bits.Present = 1;
>>>> PageDirectoryEntry->Bits.MustBe1 = 1; diff --git
>>>> a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
>>>> index 273cd7e..207384f 100644
>>>> --- a/MdeModulePkg/MdeModulePkg.dec
>>>> +++ b/MdeModulePkg/MdeModulePkg.dec
>>>> @@ -6,6 +6,8 @@
>>>> # Copyright (c) 2007 - 2017, Intel Corporation. All rights
>>>> reserved.<BR> # Copyright (c) 2016, Linaro Ltd. All rights
>>>> reserved.<BR> # (C) Copyright 2016 Hewlett Packard Enterprise
>>>> Development LP<BR>
>>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
>>>> # This program and the accompanying materials are licensed and
>>>> made available under # the terms and conditions of the BSD License
>>>> that accompanies this distribution.
>>>> # The full text of the license may be found at @@ -1738,5 +1740,11
>>>> @@ [PcdsDynamic, PcdsDynamicEx]
>>>> # @Prompt If there is any test key used by the platform.
>>>>
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x0
>>>> 0030003
>>>>
>>>> + ## This dynamic PCD holds the address mask for page table
>>>> + entries when memory encryption is # enabled on AMD processors
>>>> + supporting the
>>>> Secure Encrypted Virtualization (SEV) feature.
>>>> + # This mask should be applied when creating 1:1 virtual to
>>>> + physical
>>>> mapping tables.
>>>> + #
>>>> +
>>>> +
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>>> ask|0x0
>>>> + |UINT64|0x00030004
>>>> +
>>>> [UserExtensions.TianoCore."ExtraFiles"]
>>>> MdeModulePkgExtra.uni
>>>> --
>>>> 1.9.1
>>>>
>>>> _______________________________________________
>>>> edk2-devel mailing list
>>>> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>
> <mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>
>> <mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>>
>> <mailto:edk2-devel@lists.01.org>
>>>> https://lists.01.org/mailman/listinfo/edk2-devel
>>>
>> _______________________________________________
>> edk2-devel mailing list
>> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
> <mailto:edk2-devel@lists.01.org> <mailto:edk2-devel@lists.01.org>
>> https://lists.01.org/mailman/listinfo/edk2-devel
>>
>
^ permalink raw reply related [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-09 5:12 ` Zeng, Star
2017-02-09 5:22 ` Yao, Jiewen
@ 2017-02-09 5:26 ` Zeng, Star
2017-02-09 9:13 ` Laszlo Ersek
1 sibling, 1 reply; 33+ messages in thread
From: Zeng, Star @ 2017-02-09 5:26 UTC (permalink / raw)
To: Laszlo Ersek, Yao, Jiewen, Duran, Leo, edk2-devel@ml01.01.org
Cc: Tian, Feng, Singh, Brijesh, Justen, Jordan L, Zeng, Star
Correct typo in below email.
"about how to determine DXE is 32BITs or 64BITs" should be "about how to determine PEI is 32BITs or 64BITs".
At that time, we were discussing if the code needs to allocate <4G ACPI table for PEI phase at S3 resume.
Thanks,
Star
-----Original Message-----
From: Zeng, Star
Sent: Thursday, February 9, 2017 1:12 PM
To: Laszlo Ersek <lersek@redhat.com>; Yao, Jiewen <jiewen.yao@intel.com>; Duran, Leo <leo.duran@amd.com>; edk2-devel@ml01.01.org
Cc: Tian, Feng <feng.tian@intel.com>; Singh, Brijesh <brijesh.singh@amd.com>; Justen, Jordan L <jordan.l.justen@intel.com>; Zeng, Star <star.zeng@intel.com>
Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
In fact, X64 DxeIplPeim does not refer PcdDxeIplSwitchToLongMode at all.
DxeIpl.inf:
[FeaturePcd.IA32]
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode ## CONSUMES
As I remember, I did a draft patch below before for the discussion about how to determine DXE is 32BITs or 64BITs in title "[edk2] [PATCH v3 2/4] IntelFrameworkModulePkg: BdsDxe: only allocate below 4 GB if needed", I can't find the archive link any more.
---
MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c | 5 +++++
MdeModulePkg/MdeModulePkg.dec | 4 +++-
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
index 6488880..348e084 100644
--- a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
+++ b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
@@ -43,6 +43,11 @@ HandOffToDxeCore (
EFI_PEI_VECTOR_HANDOFF_INFO_PPI *VectorHandoffInfoPpi;
//
+ // It should be FALSE for both PEI and DXE are 64-bit.
+ //
+ ASSERT (PcdGetBool (PcdDxeIplSwitchToLongMode) == FALSE);
+
+ //
// Get Vector Hand-off Info PPI and build Guided HOB
//
Status = PeiServicesLocatePpi (
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index af7bcab..4a73f7b 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -712,8 +712,10 @@
## Indicates if DxeIpl should switch to long mode to enter DXE phase.
# It is assumed that 64-bit DxeCore is built in firmware if it is true; otherwise 32-bit DxeCore
# is built in firmware.<BR><BR>
+ # And it should be FALSE for both PEI and DXE are 64-bit.
# TRUE - DxeIpl will load a 64-bit DxeCore and switch to long mode to hand over to DxeCore.<BR>
- # FALSE - DxeIpl will load a 32-bit DxeCore and perform stack switch to hand over to DxeCore.<BR>
+ # FALSE - DxeIpl will load a 32-bit DxeCore and perform stack switch to hand over to DxeCore,<BR>
+ # or both PEI and DXE are 64-bit.<BR>
# @Prompt DxeIpl switch to long mode.
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|TRUE|BOOLEAN|0x0001003b
--
Thanks,
Star
-----Original Message-----
From: Laszlo Ersek [mailto:lersek@redhat.com]
Sent: Thursday, February 9, 2017 3:48 AM
To: Yao, Jiewen <jiewen.yao@intel.com>; Duran, Leo <leo.duran@amd.com>; Zeng, Star <star.zeng@intel.com>; edk2-devel@ml01.01.org
Cc: Tian, Feng <feng.tian@intel.com>; Singh, Brijesh <brijesh.singh@amd.com>; Justen, Jordan L <jordan.l.justen@intel.com>
Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
On 02/08/17 19:20, Yao, Jiewen wrote:
> Got it.
>
>
>
> If the means of PcdDxeIplSwitchtoLongMode is unclear, we may add more
> description to make it clear.
>
>
>
> If we believe "PcdDxeIplSwitchtoLongMode == DXE is Long mode" as
> final conclusion, can we treat that as a bug and fix OVMF X64?
I don't know how to "fix" that. What is there to fix?
Flipping the PCD to TRUE in OVMF X64 would break OVMF X64, and likely OVMF Ia32X64 too. For two reasons:
(1) Toggling the PCD would alter the behavior of the DXE IPL PEIM and/or the DXE Core, and that behavior has never ever been tested with OVMF X64.
The PcdDxeIplSwitchToLongMode=FALSE setting in the X64 DSC dates back to:
commit 8fa729a8b1401f01c6fd8ddbcab45e4a4904fa9a
Author: lgao4 <lgao4@6f19259b-4bc3-4df7-8a09-765794883524>
Date: Mon Mar 15 01:40:59 2010 +0000
Merge the same type PCD section.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10243 6f19259b-4bc3-4df7-8a09-765794883524
and before that, to:
commit 49ba9447c92d6fca214476381107a180d08e59d1
Author: jljusten <jljusten@6f19259b-4bc3-4df7-8a09-765794883524>
Date: Wed May 27 21:10:18 2009 +0000
Add initial version of Open Virtual Machine Firmware (OVMF) platform.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@8398 6f19259b-4bc3-4df7-8a09-765794883524
In other words, OVMF X64 has always worked like this, since its inception.
(2) PEI code under OvmfPkg itself uses this PCD to identify a 32-bit DXE phase.
//
// If DXE is 32-bit, then we're done; PciBusDxe will degrade 64-bit MMIO
// resources to 32-bit anyway. See DegradeResource() in
// "PciResourceSupport.c".
//
#ifdef MDE_CPU_IA32
if (!FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
return FirstNonAddress;
}
#endif
and
//
// If DXE is 32-bit, then just return the traditional 64 MB cap.
//
#ifdef MDE_CPU_IA32
if (!FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
return SIZE_64MB;
}
#endif
Thanks
Laszlo
>
>
>
> Thank you
>
> Yao Jiewen
>
>
>
>
>
> *From:*Laszlo Ersek [mailto:lersek@redhat.com]
> *Sent:* Wednesday, February 8, 2017 9:52 AM
> *To:* Yao, Jiewen <jiewen.yao@intel.com>; Duran, Leo
> <leo.duran@amd.com>; Zeng, Star <star.zeng@intel.com>;
> edk2-devel@ml01.01.org
> *Cc:* Tian, Feng <feng.tian@intel.com>; Singh, Brijesh
> <brijesh.singh@amd.com>; Justen, Jordan L <jordan.l.justen@intel.com>
> *Subject:* Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
>
>
> On 02/08/17 18:27, Yao, Jiewen wrote:
>> I believe PcdDxeIplSwitchtoLongMode == DXE is Long mode.
>>
>>
>>
>> See DEC description:
>>
>> # It is assumed that 64-bit DxeCore is built in firmware if it is
>> true; otherwise 32-bit DxeCore
>>
>> # is built in firmware.<BR><BR>
>
> Unfortunately, I have no historical context or background for this
> PCD; all I can say is that the X64 OVMF platform does not set the PCD.
>
> It enters long mode, and sets up page tables for the first 4GB of RAM,
> in SEC. Then SEC decompresses the flash contents to RAM, which covers
> both PEIFV and DXEFV. PEI runs from RAM.
>
> This is possible because on QEMU/KVM, there's no need to initialize
> RAM, thus only SEC runs from flash, in-place.
>
> Perhaps Jordan can provide more insight.
>
> If Brijesh and Leo would like to run the X64 OVMF platform as a SEV
> guest too, then this should be considered, in my opinion.
>
> One more comment below:
>
>>
>>
>>
>> And the code MdeModulePkg\Universal\Acpi\S3SaveStateDxe\AcpiS3ContextSave.c:
>>
>>
>>
>> BOOLEAN
>>
>> IsLongModeWakingVectorSupport (
>>
>> IN EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE*Facs
>>
>> )
>>
>> {
>>
>> if((Facs == NULL) ||
>>
>> (Facs->Signature !=
>> EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_SIGNATURE) ) {
>>
>> //
>>
>> // Something wrong with FACS.
>>
>> //
>>
>> returnFALSE;
>>
>> }
>>
>> if((Facs->Version ==
>> EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_VERSION) &&
>>
>> ((Facs->Flags & EFI_ACPI_4_0_64BIT_WAKE_SUPPORTED_F) != 0)) {
>>
>> //
>>
>> // BIOS supports 64bit waking vector.
>>
>> //
>>
>> if(FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
>>
>> returnTRUE;
>>
>> }
>>
>> }
>>
>> returnFALSE;
>>
>> }
>
> In practice, it's okay if the OVMF X64 platform is recognized as "not
> supporting a 64-bit waking vector for S3 resume". All the 64-bit guest
> OSes that I've tested with OVMF X64 (Linux, and the Windows 7 / 8 / 10
> families, both client and server) use a real mode (16-bit) waking
> vector, in practice.
>
> ... Actually, upon reviewing the above code more carefully, we don't
> even reach the FeaturePcdGet() call: the FACS that QEMU generates (and
> OVMF downloads and installs) corresponds to ACPI 1.0, that is,
> EFI_ACPI_1_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_VERSION.
>
> Thanks
> Laszlo
>
>
>>
>>
>>
>>
>>
>> Thank you
>>
>> Yao Jiewen
>>
>>
>>
>> *From:*edk2-devel [mailto:edk2-devel-bounces@lists.01.org] *On Behalf
>> Of *Yao, Jiewen
>> *Sent:* Wednesday, February 8, 2017 9:18 AM
>> *To:* Laszlo Ersek <lersek@redhat.com
> <mailto:lersek@redhat.com>>; Duran, Leo <leo.duran@amd.com
> <mailto:leo.duran@amd.com>>;
>> Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com>>; edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org>
>> *Cc:* Tian, Feng <feng.tian@intel.com <mailto:feng.tian@intel.com>>;
>> Singh, Brijesh <brijesh.singh@amd.com <mailto:brijesh.singh@amd.com>>
>> *Subject:* Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>> PcdPteMemoryEncryptionAddressOrMask
>>
>>
>>
>> Good reminder. I take back my word.
>>
>> In this case, we need consume PcdPteMemoryEncryptionAddressOrMask in IA32 mode to build X64 paging.
>>
>> We need
>>
>> From: Laszlo Ersek [mailto:lersek@redhat.com]
>> Sent: Wednesday, February 8, 2017 9:11 AM
>> To: Yao, Jiewen <jiewen.yao@intel.com
> <mailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com>>;
> Duran, Leo <leo.duran@amd.com <mailto:leo.duran@amd.com%0b>>
> <mailto:leo.duran@amd.com>>; Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com>>;
> edk2-devel@ml01.01.org <mailto:edk2-devel@ml01.01.org>
>> <mailto:edk2-devel@ml01.01.org>
>> Cc: Tian, Feng <feng.tian@intel.com
> <mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com>>; Singh,
> Brijesh <brijesh.singh@amd.com <mailto:brijesh.singh@amd.com%0b>>
> <mailto:brijesh.singh@amd.com>>
>> Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>> PcdPteMemoryEncryptionAddressOrMask
>>
>> On 02/08/17 18:05, Yao, Jiewen wrote:
>>> HI Leo
>>>
>>> Thanks to clarify that.
>>>
>>>
>>>
>>> If that is the case, do you think it will be better to limit this
>>> PCD to
>>> X64 only in DEC file. Such as [PcdsDynamic.X64, PcdsDynamicEx.X64]
>>
>> Not sure if this is the best place to raise the following
>> observation, but it should do:
>>
>> please everyone remember that PcdDxeIplSwitchToLongMode is only TRUE
>> if PEI is 32-bit and DXE is 64-bit. It is FALSE in *two* cases:
>> - both PEI and DXE are 32-bit, and
>> - both PEI and DXE are 64-bit.
>>
>> This doesn't necessarily invalidate anything said thus fair in the
>> thread, but the following statement from Leo:
>>
>> The SEV feature requires 64-bit LongMode, so the
>> PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time
>>
>> does not follow. The PCD is FALSE in OvmfPkgX64.dsc.
>>
>> Thanks,
>> Laszlo
>>
>>>
>>>
>>>
>>> Thank you
>>>
>>> Yao Jiewen
>>>
>>>
>>>
>>> *From:*Duran, Leo [mailto:leo.duran@amd.com]
>>> *Sent:* Wednesday, February 8, 2017 9:00 AM
>>> *To:* Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com
> <mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com%0b>>
> <mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com>>>;
> edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>>> *Cc:* Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com
> <mailto:lersek@redhat.com%3cmailto:lersek@redhat.com%0b>>
> <mailto:lersek@redhat.com%3cmailto:lersek@redhat.com>>>; Tian, Feng
>>> <feng.tian@intel.com<mailto:feng.tian@intel.com
> <mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com%0b>>
> <mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com>>>; Singh,
> Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com%0b>>
> <mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com>>>; Yao,
>>> Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com
> <mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com%0b>>
> <mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com>>>
>>> *Subject:* RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>> PcdPteMemoryEncryptionAddressOrMask
>>>
>>>
>>>
>>> Pease see reply below.
>>> Leo
>>>
>>>> -----Original Message-----
>>>> From: Zeng, Star [mailto:star.zeng@intel.com]
>>>> Sent: Tuesday, February 07, 2017 8:27 PM
>>>> To: Duran, Leo <leo.duran@amd.com
>>>> <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com
>>>> %3cmailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com>>>>;
> edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>>> <mailto:edk2-devel@ml01.01.org>
>>>> Cc: Laszlo Ersek <lersek@redhat.com
> <mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%0b
> <mailto:lersek@redhat.com%0b%0b>>
> <mailto:lersek@redhat.com%0b%3cmailto:lersek@redhat.com%0b>>>
> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
> <mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com%0b
> <mailto:feng.tian@intel.com%0b%0b>>
> <mailto:feng.tian@intel.com%0b%3cmailto:feng.tian@intel.com%0b>>>
> <mailto:feng.tian@intel.com>>;
>>>> Singh, Brijesh <brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%0b
> <mailto:brijesh.singh@amd.com%0b%0b>>
> <mailto:brijesh.singh@amd.com%0b%3cmailto:brijesh.singh@amd.com%0b>>>
> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com%0b
> <mailto:star.zeng@intel.com%0b%0b>>
> <mailto:star.zeng@intel.com%0b%3cmailto:star.zeng@intel.com%0b>>>
> <mailto:star.zeng@intel.com>>;
>>>> Yao, Jiewen <jiewen.yao@intel.com
>>>> <mailto:jiewen.yao@intel.com<mailto:jiewen.yao@intel.com
>>>> %3cmailto:jiewen.yao@intel.com
> <mailto:jiewen.yao@intel.com
> %3cmailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com
> %3cmailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com
> %3cmailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com
> %3cmailto:jiewen.yao@intel.com>>>>
>>>> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>
>>>> Does Create4GPageTablesIa32Pae() also need to be updated?
>>>>
>>>> Thanks,
>>>> Star
>>> [Duran, Leo]
>>> Hi Star,
>>> No, I do not think Create4GPageTablesIa32Pae() is in the execution path.
>>>
>>> The SEV feature requires 64-bit LongMode, so the
>>> PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time, in which case Create4GPageTablesIa32Pae() would *not* be called by HandOffToDxeCore().
>>>
>>>> -----Original Message-----
>>>> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf
>>>> Of Leo Duran
>>>> Sent: Wednesday, February 8, 2017 3:54 AM
>>>> To: edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>> <mailto:edk2-devel@ml01.01.org>
>>>> Cc: Laszlo Ersek <lersek@redhat.com
> <mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%0b
> <mailto:lersek@redhat.com%0b%0b>>
> <mailto:lersek@redhat.com%0b%3cmailto:lersek@redhat.com%0b>>>
> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
> <mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com%0b
> <mailto:feng.tian@intel.com%0b%0b>>
> <mailto:feng.tian@intel.com%0b%3cmailto:feng.tian@intel.com%0b>>>
> <mailto:feng.tian@intel.com>>;
>>>> Brijesh Singh <brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%0b
> <mailto:brijesh.singh@amd.com%0b%0b>>
> <mailto:brijesh.singh@amd.com%0b%3cmailto:brijesh.singh@amd.com%0b>>>
> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com%0b
> <mailto:star.zeng@intel.com%0b%0b>>
> <mailto:star.zeng@intel.com%0b%3cmailto:star.zeng@intel.com%0b>>>
> <mailto:star.zeng@intel.com>>;
>>>> Leo Duran <leo.duran@amd.com
>>>> <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com
>>>> %3cmailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com>>>>
>>>> Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>
>>>> From: Brijesh Singh <brijesh.singh@amd.com
>>>> <mailto:brijesh.singh@amd.com<mailto:brijesh.singh@amd.com
>>>> %3cmailto:brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com
> %3cmailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com
> %3cmailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com
> %3cmailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com
> %3cmailto:brijesh.singh@amd.com>>>>
>>>>
>>>> This dynamic PCD holds the address mask for page table entries when
>>>> memory encryption is enabled on AMD processors supporting the
>>>> Secure Encrypted Virtualization (SEV) feature.
>>>>
>>>> Cc: Feng Tian <feng.tian@intel.com
>>>> <mailto:feng.tian@intel.com<mailto:feng.tian@intel.com
>>>> %3cmailto:feng.tian@intel.com
> <mailto:feng.tian@intel.com
> %3cmailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com
> %3cmailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com
> %3cmailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com
> %3cmailto:feng.tian@intel.com>>>>
>>>> Cc: Star Zeng <star.zeng@intel.com
>>>> <mailto:star.zeng@intel.com<mailto:star.zeng@intel.com
>>>> %3cmailto:star.zeng@intel.com
> <mailto:star.zeng@intel.com
> %3cmailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com
> %3cmailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com
> %3cmailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com
> %3cmailto:star.zeng@intel.com>>>>
>>>> Cc: Laszlo Ersek <lersek@redhat.com
>>>> <mailto:lersek@redhat.com<mailto:lersek@redhat.com
>>>> %3cmailto:lersek@redhat.com
> <mailto:lersek@redhat.com
> %3cmailto:lersek@redhat.com%3cmailto:lersek@redhat.com
> %3cmailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com
> %3cmailto:lersek@redhat.com%3cmailto:lersek@redhat.com
> %3cmailto:lersek@redhat.com>>>>
>>>> Contributed-under: TianoCore Contribution Agreement 1.0
>>>> Signed-off-by: Leo Duran <leo.duran@amd.com
>>>> <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com
>>>> %3cmailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com>>>>
>>>> ---
>>>> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
>>>> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18 ++++++++++--
>>>> ------
>>>> MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
>>>> 3 files changed, 22 insertions(+), 9 deletions(-)
>>>>
>>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>> index 2bc41be..d62bd9b 100644
>>>> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>> @@ -6,6 +6,8 @@
>>>> # needed to run the DXE Foundation.
>>>> #
>>>> # Copyright (c) 2006 - 2016, Intel Corporation. All rights
>>>> reserved.<BR>
>>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>>>> +#
>>>> # This program and the accompanying materials # are licensed
>>>> and made available under the terms and conditions of the BSD
>>>> License # which accompanies this distribution. The full text of
>>>> the license may be found at @@ -111,7 +113,8 @@ [FeaturePcd]
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ##
>>>> CONSUMES
>>>>
>>>> [Pcd.IA32,Pcd.X64]
>>>> - gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>>> SOMETIMES_CONSUMES
>>>> + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>>> SOMETIMES_CONSUMES
>>>> +
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>>> ask ## CONSUMES
>>>>
>>>> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ##
>>>> SOMETIMES_CONSUMES
>>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>> index 790f6ab..2c52389 100644
>>>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>> @@ -16,6 +16,8 @@
>>>> 3) IA-32 Intel(R) Architecture Software Developer's Manual
>>>> Volume 3:System Programmer's Guide, Intel
>>>>
>>>> Copyright (c) 2006 - 2016, Intel Corporation. All rights
>>>> reserved.<BR>
>>>> +Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>>>> +
>>>> This program and the accompanying materials are licensed and made
>>>> available under the terms and conditions of the BSD License which
>>>> accompanies this distribution. The full text of the license may be
>>>> found at @@ -71,14 +73,14 @@ Split2MPageTo4K (
>>>> //
>>>> // Fill in 2M page entry.
>>>> //
>>>> - *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P |
>>>> IA32_PG_RW;
>>>> + *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>>>
>>>> PhysicalAddress4K = PhysicalAddress;
>>>> for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512;
>>>> IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=
>>>> SIZE_4KB) {
>>>> //
>>>> // Fill in the Page Table entries
>>>> //
>>>> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
>>>> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageTableEntry->Bits.ReadWrite = 1;
>>>> PageTableEntry->Bits.Present = 1;
>>>> if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K <
>>>> StackBase +
>>>> StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M (
>>>> //
>>>> // Fill in 1G page entry.
>>>> //
>>>> - *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P |
>>>> IA32_PG_RW;
>>>> + *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>>>
>>>> PhysicalAddress2M = PhysicalAddress;
>>>> for (IndexOfPageDirectoryEntries = 0;
>>>> IndexOfPageDirectoryEntries < 512;
>>>> IndexOfPageDirectoryEntries++, PageDirectoryEntry++,
>>>> IndexOfPageDirectoryEntries++PhysicalAddress2M
>>>> += SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M (
>>>> //
>>>> // Fill in the Page Directory entries
>>>> //
>>>> - PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
>>>> + PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M |
>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>>> PageDirectoryEntry->Bits.Present = 1;
>>>> PageDirectoryEntry->Bits.MustBe1 = 1; @@ -248,7 +250,7 @@
>>>> CreateIdentityMappingPageTables (
>>>> //
>>>> // Make a PML4 Entry
>>>> //
>>>> - PageMapLevel4Entry->Uint64 =
>>>> (UINT64)(UINTN)PageDirectoryPointerEntry;
>>>> + PageMapLevel4Entry->Uint64 =
>>>> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageMapLevel4Entry->Bits.ReadWrite = 1;
>>>> PageMapLevel4Entry->Bits.Present = 1;
>>>>
>>>> @@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
>>>> //
>>>> // Fill in the Page Directory entries
>>>> //
>>>> - PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
>>>> + PageDirectory1GEntry->Uint64 = (UINT64)PageAddress |
>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageDirectory1GEntry->Bits.ReadWrite = 1;
>>>> PageDirectory1GEntry->Bits.Present = 1;
>>>> PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -280,7 +282,7
>>>> @@ CreateIdentityMappingPageTables (
>>>> //
>>>> // Fill in a Page Directory Pointer Entries
>>>> //
>>>> - PageDirectoryPointerEntry->Uint64 =
>>>> (UINT64)(UINTN)PageDirectoryEntry;
>>>> + PageDirectoryPointerEntry->Uint64 =
>>>> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageDirectoryPointerEntry->Bits.ReadWrite = 1;
>>>> PageDirectoryPointerEntry->Bits.Present = 1;
>>>>
>>>> @@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
>>>> //
>>>> // Fill in the Page Directory entries
>>>> //
>>>> - PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
>>>> + PageDirectoryEntry->Uint64 = (UINT64)PageAddress |
>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>>> PageDirectoryEntry->Bits.Present = 1;
>>>> PageDirectoryEntry->Bits.MustBe1 = 1; diff --git
>>>> a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
>>>> index 273cd7e..207384f 100644
>>>> --- a/MdeModulePkg/MdeModulePkg.dec
>>>> +++ b/MdeModulePkg/MdeModulePkg.dec
>>>> @@ -6,6 +6,8 @@
>>>> # Copyright (c) 2007 - 2017, Intel Corporation. All rights
>>>> reserved.<BR> # Copyright (c) 2016, Linaro Ltd. All rights
>>>> reserved.<BR> # (C) Copyright 2016 Hewlett Packard Enterprise
>>>> Development LP<BR>
>>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
>>>> # This program and the accompanying materials are licensed and
>>>> made available under # the terms and conditions of the BSD License
>>>> that accompanies this distribution.
>>>> # The full text of the license may be found at @@ -1738,5 +1740,11
>>>> @@ [PcdsDynamic, PcdsDynamicEx]
>>>> # @Prompt If there is any test key used by the platform.
>>>>
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x0
>>>> 0030003
>>>>
>>>> + ## This dynamic PCD holds the address mask for page table
>>>> + entries when memory encryption is # enabled on AMD processors
>>>> + supporting the
>>>> Secure Encrypted Virtualization (SEV) feature.
>>>> + # This mask should be applied when creating 1:1 virtual to
>>>> + physical
>>>> mapping tables.
>>>> + #
>>>> +
>>>> +
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>>> ask|0x0
>>>> + |UINT64|0x00030004
>>>> +
>>>> [UserExtensions.TianoCore."ExtraFiles"]
>>>> MdeModulePkgExtra.uni
>>>> --
>>>> 1.9.1
>>>>
>>>> _______________________________________________
>>>> edk2-devel mailing list
>>>> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org
> <mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>
>> <mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>>
>> <mailto:edk2-devel@lists.01.org>
>>>> https://lists.01.org/mailman/listinfo/edk2-devel
>>>
>> _______________________________________________
>> edk2-devel mailing list
>> edk2-devel@lists.01.org
> <mailto:edk2-devel@lists.01.org> <mailto:edk2-devel@lists.01.org>
>> https://lists.01.org/mailman/listinfo/edk2-devel
>>
>
^ permalink raw reply related [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-09 5:22 ` Yao, Jiewen
@ 2017-02-09 5:56 ` Zeng, Star
2017-02-09 9:10 ` Laszlo Ersek
0 siblings, 1 reply; 33+ messages in thread
From: Zeng, Star @ 2017-02-09 5:56 UTC (permalink / raw)
To: Yao, Jiewen, Laszlo Ersek, Duran, Leo, edk2-devel@ml01.01.org
Cc: Tian, Feng, Singh, Brijesh, Justen, Jordan L, Zeng, Star
Stick to current comments and code, OvmfPkg X64 has bug? :)
PCD comments:
# It is assumed that 64-bit DxeCore is built in firmware if it is true; otherwise 32-bit DxeCore
Code pieces in S3ResumePei, S3SaveStateDxe, SmmLockBoxPeiLib, etc:
// Both BIOS and OS wants 64bit vector
if (FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
return TRUE;
}
//
// BIOS supports 64bit waking vector.
//
if(FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
returnTRUE;
}
if ((sizeof(UINTN) == sizeof(UINT32)) && (FeaturePcdGet (PcdDxeIplSwitchToLongMode)) ) {
//
// 32 PEI + 64 DXE
//
According to above, the patch I drafted is wrong.
Thanks,
Star
From: Yao, Jiewen
Sent: Thursday, February 9, 2017 1:23 PM
To: Zeng, Star <star.zeng@intel.com>; Laszlo Ersek <lersek@redhat.com>; Duran, Leo <leo.duran@amd.com>; edk2-devel@ml01.01.org
Cc: Tian, Feng <feng.tian@intel.com>; Singh, Brijesh <brijesh.singh@amd.com>; Justen, Jordan L <jordan.l.justen@intel.com>
Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
I suggest we evaluate *all* usages of PcdDxeIplSwitchToLongMode because this is an incompatible change.
# It is assumed that 64-bit DxeCore is built in firmware if it is true; otherwise 32-bit DxeCore
Thank you
Yao Jiewen
From: Zeng, Star
Sent: Wednesday, February 8, 2017 9:12 PM
To: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Duran, Leo <leo.duran@amd.com<mailto:leo.duran@amd.com>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org>
Cc: Tian, Feng <feng.tian@intel.com<mailto:feng.tian@intel.com>>; Singh, Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>; Justen, Jordan L <jordan.l.justen@intel.com<mailto:jordan.l.justen@intel.com>>; Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com>>
Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
In fact, X64 DxeIplPeim does not refer PcdDxeIplSwitchToLongMode at all.
DxeIpl.inf:
[FeaturePcd.IA32]
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode ## CONSUMES
As I remember, I did a draft patch below before for the discussion about how to determine *PEI* is 32BITs or 64BITs in title "[edk2] [PATCH v3 2/4] IntelFrameworkModulePkg: BdsDxe: only allocate below 4 GB if needed", I can't find the archive link any more.
---
MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c | 5 +++++
MdeModulePkg/MdeModulePkg.dec | 4 +++-
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
index 6488880..348e084 100644
--- a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
+++ b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
@@ -43,6 +43,11 @@ HandOffToDxeCore (
EFI_PEI_VECTOR_HANDOFF_INFO_PPI *VectorHandoffInfoPpi;
//
+ // It should be FALSE for both PEI and DXE are 64-bit.
+ //
+ ASSERT (PcdGetBool (PcdDxeIplSwitchToLongMode) == FALSE);
+
+ //
// Get Vector Hand-off Info PPI and build Guided HOB
//
Status = PeiServicesLocatePpi (
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index af7bcab..4a73f7b 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -712,8 +712,10 @@
## Indicates if DxeIpl should switch to long mode to enter DXE phase.
# It is assumed that 64-bit DxeCore is built in firmware if it is true; otherwise 32-bit DxeCore
# is built in firmware.<BR><BR>
+ # And it should be FALSE for both PEI and DXE are 64-bit.
# TRUE - DxeIpl will load a 64-bit DxeCore and switch to long mode to hand over to DxeCore.<BR>
- # FALSE - DxeIpl will load a 32-bit DxeCore and perform stack switch to hand over to DxeCore.<BR>
+ # FALSE - DxeIpl will load a 32-bit DxeCore and perform stack switch to hand over to DxeCore,<BR>
+ # or both PEI and DXE are 64-bit.<BR>
# @Prompt DxeIpl switch to long mode.
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|TRUE|BOOLEAN|0x0001003b
--
Thanks,
Star
-----Original Message-----
From: Laszlo Ersek [mailto:lersek@redhat.com]
Sent: Thursday, February 9, 2017 3:48 AM
To: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Duran, Leo <leo.duran@amd.com<mailto:leo.duran@amd.com>>; Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org>
Cc: Tian, Feng <feng.tian@intel.com<mailto:feng.tian@intel.com>>; Singh, Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>; Justen, Jordan L <jordan.l.justen@intel.com<mailto:jordan.l.justen@intel.com>>
Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
On 02/08/17 19:20, Yao, Jiewen wrote:
> Got it.
>
>
>
> If the means of PcdDxeIplSwitchtoLongMode is unclear, we may add more
> description to make it clear.
>
>
>
> If we believe "PcdDxeIplSwitchtoLongMode == DXE is Long mode" as
> final conclusion, can we treat that as a bug and fix OVMF X64?
I don't know how to "fix" that. What is there to fix?
Flipping the PCD to TRUE in OVMF X64 would break OVMF X64, and likely OVMF Ia32X64 too. For two reasons:
(1) Toggling the PCD would alter the behavior of the DXE IPL PEIM and/or the DXE Core, and that behavior has never ever been tested with OVMF X64.
The PcdDxeIplSwitchToLongMode=FALSE setting in the X64 DSC dates back to:
commit 8fa729a8b1401f01c6fd8ddbcab45e4a4904fa9a
Author: lgao4 <lgao4@6f19259b-4bc3-4df7-8a09-765794883524>
Date: Mon Mar 15 01:40:59 2010 +0000
Merge the same type PCD section.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10243 6f19259b-4bc3-4df7-8a09-765794883524
and before that, to:
commit 49ba9447c92d6fca214476381107a180d08e59d1
Author: jljusten <jljusten@6f19259b-4bc3-4df7-8a09-765794883524>
Date: Wed May 27 21:10:18 2009 +0000
Add initial version of Open Virtual Machine Firmware (OVMF) platform.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@8398 6f19259b-4bc3-4df7-8a09-765794883524
In other words, OVMF X64 has always worked like this, since its inception.
(2) PEI code under OvmfPkg itself uses this PCD to identify a 32-bit DXE phase.
//
// If DXE is 32-bit, then we're done; PciBusDxe will degrade 64-bit MMIO
// resources to 32-bit anyway. See DegradeResource() in
// "PciResourceSupport.c".
//
#ifdef MDE_CPU_IA32
if (!FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
return FirstNonAddress;
}
#endif
and
//
// If DXE is 32-bit, then just return the traditional 64 MB cap.
//
#ifdef MDE_CPU_IA32
if (!FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
return SIZE_64MB;
}
#endif
Thanks
Laszlo
>
>
>
> Thank you
>
> Yao Jiewen
>
>
>
>
>
> *From:*Laszlo Ersek [mailto:lersek@redhat.com]
> *Sent:* Wednesday, February 8, 2017 9:52 AM
> *To:* Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Duran, Leo
> <leo.duran@amd.com<mailto:leo.duran@amd.com>>; Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com>>;
> edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org>
> *Cc:* Tian, Feng <feng.tian@intel.com<mailto:feng.tian@intel.com>>; Singh, Brijesh
> <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com>>; Justen, Jordan L <jordan.l.justen@intel.com<mailto:jordan.l.justen@intel.com>>
> *Subject:* Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
>
>
> On 02/08/17 18:27, Yao, Jiewen wrote:
>> I believe PcdDxeIplSwitchtoLongMode == DXE is Long mode.
>>
>>
>>
>> See DEC description:
>>
>> # It is assumed that 64-bit DxeCore is built in firmware if it is
>> true; otherwise 32-bit DxeCore
>>
>> # is built in firmware.<BR><BR>
>
> Unfortunately, I have no historical context or background for this
> PCD; all I can say is that the X64 OVMF platform does not set the PCD.
>
> It enters long mode, and sets up page tables for the first 4GB of RAM,
> in SEC. Then SEC decompresses the flash contents to RAM, which covers
> both PEIFV and DXEFV. PEI runs from RAM.
>
> This is possible because on QEMU/KVM, there's no need to initialize
> RAM, thus only SEC runs from flash, in-place.
>
> Perhaps Jordan can provide more insight.
>
> If Brijesh and Leo would like to run the X64 OVMF platform as a SEV
> guest too, then this should be considered, in my opinion.
>
> One more comment below:
>
>>
>>
>>
>> And the code MdeModulePkg\Universal\Acpi\S3SaveStateDxe\AcpiS3ContextSave.c:
>>
>>
>>
>> BOOLEAN
>>
>> IsLongModeWakingVectorSupport (
>>
>> IN EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE*Facs
>>
>> )
>>
>> {
>>
>> if((Facs == NULL) ||
>>
>> (Facs->Signature !=
>> EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_SIGNATURE) ) {
>>
>> //
>>
>> // Something wrong with FACS.
>>
>> //
>>
>> returnFALSE;
>>
>> }
>>
>> if((Facs->Version ==
>> EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_VERSION) &&
>>
>> ((Facs->Flags & EFI_ACPI_4_0_64BIT_WAKE_SUPPORTED_F) != 0)) {
>>
>> //
>>
>> // BIOS supports 64bit waking vector.
>>
>> //
>>
>> if(FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
>>
>> returnTRUE;
>>
>> }
>>
>> }
>>
>> returnFALSE;
>>
>> }
>
> In practice, it's okay if the OVMF X64 platform is recognized as "not
> supporting a 64-bit waking vector for S3 resume". All the 64-bit guest
> OSes that I've tested with OVMF X64 (Linux, and the Windows 7 / 8 / 10
> families, both client and server) use a real mode (16-bit) waking
> vector, in practice.
>
> ... Actually, upon reviewing the above code more carefully, we don't
> even reach the FeaturePcdGet() call: the FACS that QEMU generates (and
> OVMF downloads and installs) corresponds to ACPI 1.0, that is,
> EFI_ACPI_1_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_VERSION.
>
> Thanks
> Laszlo
>
>
>>
>>
>>
>>
>>
>> Thank you
>>
>> Yao Jiewen
>>
>>
>>
>> *From:*edk2-devel [mailto:edk2-devel-bounces@lists.01.org] *On Behalf
>> Of *Yao, Jiewen
>> *Sent:* Wednesday, February 8, 2017 9:18 AM
>> *To:* Laszlo Ersek <lersek@redhat.com
<mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com>>; Duran, Leo <leo.duran@amd.com
<mailto:leo.duran@amd.com %0b>> <mailto:leo.duran@amd.com>>;
>> Zeng, Star <star.zeng@intel.com
<mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com>>; edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org>
> <mailto:edk2-devel@ml01.01.org>
>> *Cc:* Tian, Feng <feng.tian@intel.com <mailto:feng.tian@intel.com<mailto:feng.tian@intel.com %3cmailto:feng.tian@intel.com>>>;
>> Singh, Brijesh <brijesh.singh@amd.com <mailto:brijesh.singh@amd.com<mailto:brijesh.singh@amd.com %3cmailto:brijesh.singh@amd.com>>>
>> *Subject:* Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>> PcdPteMemoryEncryptionAddressOrMask
>>
>>
>>
>> Good reminder. I take back my word.
>>
>> In this case, we need consume PcdPteMemoryEncryptionAddressOrMask in IA32 mode to build X64 paging.
>>
>> We need
>>
>> From: Laszlo Ersek [mailto:lersek@redhat.com]
>> Sent: Wednesday, February 8, 2017 9:11 AM
>> To: Yao, Jiewen <jiewen.yao@intel.com
<mailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com>>;
> Duran, Leo <leo.duran@amd.com <mailto:leo.duran@amd.com%0b<mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com%0b>>>
> <mailto:leo.duran@amd.com>>; Zeng, Star <star.zeng@intel.com
<mailto:star.zeng@intel.com %0b>> <mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com>>;
> edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org> <mailto:edk2-devel@ml01.01.org>
>> <mailto:edk2-devel@ml01.01.org>
>> Cc: Tian, Feng <feng.tian@intel.com
<mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com>>; Singh,
> Brijesh <brijesh.singh@amd.com <mailto:brijesh.singh@amd.com%0b<mailto:brijesh.singh@amd.com %3cmailto:brijesh.singh@amd.com%0b>>>
> <mailto:brijesh.singh@amd.com>>
>> Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>> PcdPteMemoryEncryptionAddressOrMask
>>
>> On 02/08/17 18:05, Yao, Jiewen wrote:
>>> HI Leo
>>>
>>> Thanks to clarify that.
>>>
>>>
>>>
>>> If that is the case, do you think it will be better to limit this
>>> PCD to
>>> X64 only in DEC file. Such as [PcdsDynamic.X64, PcdsDynamicEx.X64]
>>
>> Not sure if this is the best place to raise the following
>> observation, but it should do:
>>
>> please everyone remember that PcdDxeIplSwitchToLongMode is only TRUE
>> if PEI is 32-bit and DXE is 64-bit. It is FALSE in *two* cases:
>> - both PEI and DXE are 32-bit, and
>> - both PEI and DXE are 64-bit.
>>
>> This doesn't necessarily invalidate anything said thus fair in the
>> thread, but the following statement from Leo:
>>
>> The SEV feature requires 64-bit LongMode, so the
>> PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time
>>
>> does not follow. The PCD is FALSE in OvmfPkgX64.dsc.
>>
>> Thanks,
>> Laszlo
>>
>>>
>>>
>>>
>>> Thank you
>>>
>>> Yao Jiewen
>>>
>>>
>>>
>>> *From:*Duran, Leo [mailto:leo.duran@amd.com]
>>> *Sent:* Wednesday, February 8, 2017 9:00 AM
>>> *To:* Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com
<mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com%0b>>
> <mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com>>>;
> edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>>> *Cc:* Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com
<mailto:lersek@redhat.com%3cmailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%3cmailto:lersek@redhat.com%0b>>
> <mailto:lersek@redhat.com%3cmailto:lersek@redhat.com>>>; Tian, Feng
>>> <feng.tian@intel.com<mailto:feng.tian@intel.com
<mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com%0b>>
> <mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com>>>; Singh,
> Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com
<mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com%0b>>
> <mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com>>>; Yao,
>>> Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com
<mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com%0b>>
> <mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com>>>
>>> *Subject:* RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>> PcdPteMemoryEncryptionAddressOrMask
>>>
>>>
>>>
>>> Pease see reply below.
>>> Leo
>>>
>>>> -----Original Message-----
>>>> From: Zeng, Star [mailto:star.zeng@intel.com]
>>>> Sent: Tuesday, February 07, 2017 8:27 PM
>>>> To: Duran, Leo <leo.duran@amd.com
<mailto:leo.duran@amd.com %0b>>>>> <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com
<mailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %0b>>>>> %3cmailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com
<mailto:leo.duran@amd.com %0b>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com
<mailto:leo.duran@amd.com %0b>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com>>>>;
> edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>>> <mailto:edk2-devel@ml01.01.org>
>>>> Cc: Laszlo Ersek <lersek@redhat.com
<mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%0b
<mailto:lersek@redhat.com%0b %0b>> <mailto:lersek@redhat.com%0b%0b>>
> <mailto:lersek@redhat.com%0b%3cmailto:lersek@redhat.com%0b>>>
> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
<mailto:feng.tian@intel.com %0b>> <mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com%0b
<mailto:feng.tian@intel.com%0b %0b>> <mailto:feng.tian@intel.com%0b%0b>>
> <mailto:feng.tian@intel.com%0b%3cmailto:feng.tian@intel.com%0b>>>
> <mailto:feng.tian@intel.com>>;
>>>> Singh, Brijesh <brijesh.singh@amd.com
<mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%0b
<mailto:brijesh.singh@amd.com%0b %0b>> <mailto:brijesh.singh@amd.com%0b%0b>>
> <mailto:brijesh.singh@amd.com%0b%3cmailto:brijesh.singh@amd.com%0b>>>
> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
<mailto:star.zeng@intel.com %0b>> <mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com%0b
<mailto:star.zeng@intel.com%0b %0b>> <mailto:star.zeng@intel.com%0b%0b>>
> <mailto:star.zeng@intel.com%0b%3cmailto:star.zeng@intel.com%0b>>>
> <mailto:star.zeng@intel.com>>;
>>>> Yao, Jiewen <jiewen.yao@intel.com
<mailto:jiewen.yao@intel.com %0b>>>>> <mailto:jiewen.yao@intel.com<mailto:jiewen.yao@intel.com
<mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com %0b>>>>> %3cmailto:jiewen.yao@intel.com
> <mailto:jiewen.yao@intel.com
<mailto:jiewen.yao@intel.com %0b>> %3cmailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com
> %3cmailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com
<mailto:jiewen.yao@intel.com %0b>> %3cmailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com
> %3cmailto:jiewen.yao@intel.com>>>>
>>>> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>
>>>> Does Create4GPageTablesIa32Pae() also need to be updated?
>>>>
>>>> Thanks,
>>>> Star
>>> [Duran, Leo]
>>> Hi Star,
>>> No, I do not think Create4GPageTablesIa32Pae() is in the execution path.
>>>
>>> The SEV feature requires 64-bit LongMode, so the
>>> PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time, in which case Create4GPageTablesIa32Pae() would *not* be called by HandOffToDxeCore().
>>>
>>>> -----Original Message-----
>>>> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf
>>>> Of Leo Duran
>>>> Sent: Wednesday, February 8, 2017 3:54 AM
>>>> To: edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>> <mailto:edk2-devel@ml01.01.org>
>>>> Cc: Laszlo Ersek <lersek@redhat.com
<mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%0b
<mailto:lersek@redhat.com%0b %0b>> <mailto:lersek@redhat.com%0b%0b>>
> <mailto:lersek@redhat.com%0b%3cmailto:lersek@redhat.com%0b>>>
> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
<mailto:feng.tian@intel.com %0b>> <mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com%0b
<mailto:feng.tian@intel.com%0b %0b>> <mailto:feng.tian@intel.com%0b%0b>>
> <mailto:feng.tian@intel.com%0b%3cmailto:feng.tian@intel.com%0b>>>
> <mailto:feng.tian@intel.com>>;
>>>> Brijesh Singh <brijesh.singh@amd.com
<mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%0b
<mailto:brijesh.singh@amd.com%0b %0b>> <mailto:brijesh.singh@amd.com%0b%0b>>
> <mailto:brijesh.singh@amd.com%0b%3cmailto:brijesh.singh@amd.com%0b>>>
> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
<mailto:star.zeng@intel.com %0b>> <mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com%0b
<mailto:star.zeng@intel.com%0b %0b>> <mailto:star.zeng@intel.com%0b%0b>>
> <mailto:star.zeng@intel.com%0b%3cmailto:star.zeng@intel.com%0b>>>
> <mailto:star.zeng@intel.com>>;
>>>> Leo Duran <leo.duran@amd.com
<mailto:leo.duran@amd.com %0b>>>>> <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com
<mailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %0b>>>>> %3cmailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com
<mailto:leo.duran@amd.com %0b>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com
<mailto:leo.duran@amd.com %0b>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com>>>>
>>>> Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>
>>>> From: Brijesh Singh <brijesh.singh@amd.com
<mailto:brijesh.singh@amd.com %0b>>>>> <mailto:brijesh.singh@amd.com<mailto:brijesh.singh@amd.com
<mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com %0b>>>>> %3cmailto:brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com
<mailto:brijesh.singh@amd.com %0b>> %3cmailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com
> %3cmailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com
<mailto:brijesh.singh@amd.com %0b>> %3cmailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com
> %3cmailto:brijesh.singh@amd.com>>>>
>>>>
>>>> This dynamic PCD holds the address mask for page table entries when
>>>> memory encryption is enabled on AMD processors supporting the
>>>> Secure Encrypted Virtualization (SEV) feature.
>>>>
>>>> Cc: Feng Tian <feng.tian@intel.com
<mailto:feng.tian@intel.com %0b>>>>> <mailto:feng.tian@intel.com<mailto:feng.tian@intel.com
<mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com %0b>>>>> %3cmailto:feng.tian@intel.com
> <mailto:feng.tian@intel.com
<mailto:feng.tian@intel.com %0b>> %3cmailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com
> %3cmailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com
<mailto:feng.tian@intel.com %0b>> %3cmailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com
> %3cmailto:feng.tian@intel.com>>>>
>>>> Cc: Star Zeng <star.zeng@intel.com
<mailto:star.zeng@intel.com %0b>>>>> <mailto:star.zeng@intel.com<mailto:star.zeng@intel.com
<mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com %0b>>>>> %3cmailto:star.zeng@intel.com
> <mailto:star.zeng@intel.com
<mailto:star.zeng@intel.com %0b>> %3cmailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com
> %3cmailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com
<mailto:star.zeng@intel.com %0b>> %3cmailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com
> %3cmailto:star.zeng@intel.com>>>>
>>>> Cc: Laszlo Ersek <lersek@redhat.com
<mailto:lersek@redhat.com %0b>>>>> <mailto:lersek@redhat.com<mailto:lersek@redhat.com
<mailto:lersek@redhat.com%3cmailto:lersek@redhat.com %0b>>>>> %3cmailto:lersek@redhat.com
> <mailto:lersek@redhat.com
<mailto:lersek@redhat.com %0b>> %3cmailto:lersek@redhat.com%3cmailto:lersek@redhat.com
> %3cmailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com
<mailto:lersek@redhat.com %0b>> %3cmailto:lersek@redhat.com%3cmailto:lersek@redhat.com
> %3cmailto:lersek@redhat.com>>>>
>>>> Contributed-under: TianoCore Contribution Agreement 1.0
>>>> Signed-off-by: Leo Duran <leo.duran@amd.com
<mailto:leo.duran@amd.com %0b>>>>> <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com
<mailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %0b>>>>> %3cmailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com
<mailto:leo.duran@amd.com %0b>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com
<mailto:leo.duran@amd.com %0b>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
> %3cmailto:leo.duran@amd.com>>>>
>>>> ---
>>>> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
>>>> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18 ++++++++++--
>>>> ------
>>>> MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
>>>> 3 files changed, 22 insertions(+), 9 deletions(-)
>>>>
>>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>> index 2bc41be..d62bd9b 100644
>>>> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>> @@ -6,6 +6,8 @@
>>>> # needed to run the DXE Foundation.
>>>> #
>>>> # Copyright (c) 2006 - 2016, Intel Corporation. All rights
>>>> reserved.<BR>
>>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>>>> +#
>>>> # This program and the accompanying materials # are licensed
>>>> and made available under the terms and conditions of the BSD
>>>> License # which accompanies this distribution. The full text of
>>>> the license may be found at @@ -111,7 +113,8 @@ [FeaturePcd]
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ##
>>>> CONSUMES
>>>>
>>>> [Pcd.IA32,Pcd.X64]
>>>> - gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>>> SOMETIMES_CONSUMES
>>>> + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>>> SOMETIMES_CONSUMES
>>>> +
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>>> ask ## CONSUMES
>>>>
>>>> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ##
>>>> SOMETIMES_CONSUMES
>>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>> index 790f6ab..2c52389 100644
>>>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>> @@ -16,6 +16,8 @@
>>>> 3) IA-32 Intel(R) Architecture Software Developer's Manual
>>>> Volume 3:System Programmer's Guide, Intel
>>>>
>>>> Copyright (c) 2006 - 2016, Intel Corporation. All rights
>>>> reserved.<BR>
>>>> +Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>>>> +
>>>> This program and the accompanying materials are licensed and made
>>>> available under the terms and conditions of the BSD License which
>>>> accompanies this distribution. The full text of the license may be
>>>> found at @@ -71,14 +73,14 @@ Split2MPageTo4K (
>>>> //
>>>> // Fill in 2M page entry.
>>>> //
>>>> - *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P |
>>>> IA32_PG_RW;
>>>> + *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>>>
>>>> PhysicalAddress4K = PhysicalAddress;
>>>> for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512;
>>>> IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=
>>>> SIZE_4KB) {
>>>> //
>>>> // Fill in the Page Table entries
>>>> //
>>>> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
>>>> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageTableEntry->Bits.ReadWrite = 1;
>>>> PageTableEntry->Bits.Present = 1;
>>>> if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K <
>>>> StackBase +
>>>> StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M (
>>>> //
>>>> // Fill in 1G page entry.
>>>> //
>>>> - *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P |
>>>> IA32_PG_RW;
>>>> + *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>>>
>>>> PhysicalAddress2M = PhysicalAddress;
>>>> for (IndexOfPageDirectoryEntries = 0;
>>>> IndexOfPageDirectoryEntries < 512;
>>>> IndexOfPageDirectoryEntries++, PageDirectoryEntry++,
>>>> IndexOfPageDirectoryEntries++PhysicalAddress2M
>>>> += SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M (
>>>> //
>>>> // Fill in the Page Directory entries
>>>> //
>>>> - PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
>>>> + PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M |
>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>>> PageDirectoryEntry->Bits.Present = 1;
>>>> PageDirectoryEntry->Bits.MustBe1 = 1; @@ -248,7 +250,7 @@
>>>> CreateIdentityMappingPageTables (
>>>> //
>>>> // Make a PML4 Entry
>>>> //
>>>> - PageMapLevel4Entry->Uint64 =
>>>> (UINT64)(UINTN)PageDirectoryPointerEntry;
>>>> + PageMapLevel4Entry->Uint64 =
>>>> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageMapLevel4Entry->Bits.ReadWrite = 1;
>>>> PageMapLevel4Entry->Bits.Present = 1;
>>>>
>>>> @@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
>>>> //
>>>> // Fill in the Page Directory entries
>>>> //
>>>> - PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
>>>> + PageDirectory1GEntry->Uint64 = (UINT64)PageAddress |
>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageDirectory1GEntry->Bits.ReadWrite = 1;
>>>> PageDirectory1GEntry->Bits.Present = 1;
>>>> PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -280,7 +282,7
>>>> @@ CreateIdentityMappingPageTables (
>>>> //
>>>> // Fill in a Page Directory Pointer Entries
>>>> //
>>>> - PageDirectoryPointerEntry->Uint64 =
>>>> (UINT64)(UINTN)PageDirectoryEntry;
>>>> + PageDirectoryPointerEntry->Uint64 =
>>>> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64
>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageDirectoryPointerEntry->Bits.ReadWrite = 1;
>>>> PageDirectoryPointerEntry->Bits.Present = 1;
>>>>
>>>> @@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
>>>> //
>>>> // Fill in the Page Directory entries
>>>> //
>>>> - PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
>>>> + PageDirectoryEntry->Uint64 = (UINT64)PageAddress |
>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>>> PageDirectoryEntry->Bits.Present = 1;
>>>> PageDirectoryEntry->Bits.MustBe1 = 1; diff --git
>>>> a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
>>>> index 273cd7e..207384f 100644
>>>> --- a/MdeModulePkg/MdeModulePkg.dec
>>>> +++ b/MdeModulePkg/MdeModulePkg.dec
>>>> @@ -6,6 +6,8 @@
>>>> # Copyright (c) 2007 - 2017, Intel Corporation. All rights
>>>> reserved.<BR> # Copyright (c) 2016, Linaro Ltd. All rights
>>>> reserved.<BR> # (C) Copyright 2016 Hewlett Packard Enterprise
>>>> Development LP<BR>
>>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
>>>> # This program and the accompanying materials are licensed and
>>>> made available under # the terms and conditions of the BSD License
>>>> that accompanies this distribution.
>>>> # The full text of the license may be found at @@ -1738,5 +1740,11
>>>> @@ [PcdsDynamic, PcdsDynamicEx]
>>>> # @Prompt If there is any test key used by the platform.
>>>>
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x0
>>>> 0030003
>>>>
>>>> + ## This dynamic PCD holds the address mask for page table
>>>> + entries when memory encryption is # enabled on AMD processors
>>>> + supporting the
>>>> Secure Encrypted Virtualization (SEV) feature.
>>>> + # This mask should be applied when creating 1:1 virtual to
>>>> + physical
>>>> mapping tables.
>>>> + #
>>>> +
>>>> +
>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>>> ask|0x0
>>>> + |UINT64|0x00030004
>>>> +
>>>> [UserExtensions.TianoCore."ExtraFiles"]
>>>> MdeModulePkgExtra.uni
>>>> --
>>>> 1.9.1
>>>>
>>>> _______________________________________________
>>>> edk2-devel mailing list
>>>> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>
> <mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>
>> <mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>>
>> <mailto:edk2-devel@lists.01.org>
>>>> https://lists.01.org/mailman/listinfo/edk2-devel
>>>
>> _______________________________________________
>> edk2-devel mailing list
>> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
> <mailto:edk2-devel@lists.01.org> <mailto:edk2-devel@lists.01.org>
>> https://lists.01.org/mailman/listinfo/edk2-devel
>>
>
^ permalink raw reply related [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-09 5:56 ` Zeng, Star
@ 2017-02-09 9:10 ` Laszlo Ersek
2017-02-09 9:18 ` Zeng, Star
0 siblings, 1 reply; 33+ messages in thread
From: Laszlo Ersek @ 2017-02-09 9:10 UTC (permalink / raw)
To: Zeng, Star, Yao, Jiewen, Duran, Leo, edk2-devel@ml01.01.org
Cc: Tian, Feng, Singh, Brijesh, Justen, Jordan L
On 02/09/17 06:56, Zeng, Star wrote:
> Stick to current comments and code, OvmfPkg X64 has bug? J
>
>
>
> PCD comments:
>
> #
> It is assumed that 64-bit DxeCore is built in firmware if it is true; otherwise 32-bit DxeCore
>
>
>
> Code pieces in S3ResumePei, S3SaveStateDxe, SmmLockBoxPeiLib, etc:
>
> // Both BIOS and OS wants 64bit vector
>
> if (FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
>
> return TRUE;
>
> }
>
>
>
> //
>
> // BIOS supports 64bit waking vector.
> //
>
> if(FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
> returnTRUE;
>
> }
>
>
>
> if ((sizeof(UINTN) == sizeof(UINT32)) && (FeaturePcdGet
> (PcdDxeIplSwitchToLongMode)) ) {
>
> //
>
> // 32 PEI + 64 DXE
>
> //
>
>
>
>
>
> According to above, the patch I drafted is wrong.
That's too bad, because I agreed with it. :(
I can't start working on this right now, but if you guys think it's a
big problem, please file an OvmfPkg BZ, and we'll have to audit all uses
of PcdDxeIplSwitchToLongMode, to see what might break if we flip it to
TRUE for OVMF X64.
Thanks
Laszlo
>
>
>
> Thanks,
>
> Star
>
> *From:*Yao, Jiewen
> *Sent:* Thursday, February 9, 2017 1:23 PM
> *To:* Zeng, Star <star.zeng@intel.com>; Laszlo Ersek
> <lersek@redhat.com>; Duran, Leo <leo.duran@amd.com>; edk2-devel@ml01.01.org
> *Cc:* Tian, Feng <feng.tian@intel.com>; Singh, Brijesh
> <brijesh.singh@amd.com>; Justen, Jordan L <jordan.l.justen@intel.com>
> *Subject:* RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
>
>
> I suggest we evaluate **all** usages of PcdDxeIplSwitchToLongModebecause
> this is an incompatible change.
>
>
>
> #
> It is assumed that 64-bit DxeCore is built in firmware if it is true; otherwise 32-bit DxeCore
>
>
>
> Thank you
>
> Yao Jiewen
>
>
>
> *From:*Zeng, Star
> *Sent:* Wednesday, February 8, 2017 9:12 PM
> *To:* Laszlo Ersek <lersek@redhat.com <mailto:lersek@redhat.com>>; Yao,
> Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com>>; Duran, Leo
> <leo.duran@amd.com <mailto:leo.duran@amd.com>>; edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org>
> *Cc:* Tian, Feng <feng.tian@intel.com <mailto:feng.tian@intel.com>>;
> Singh, Brijesh <brijesh.singh@amd.com <mailto:brijesh.singh@amd.com>>;
> Justen, Jordan L <jordan.l.justen@intel.com
> <mailto:jordan.l.justen@intel.com>>; Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com>>
> *Subject:* RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
>
>
> In fact, X64 DxeIplPeim does not refer PcdDxeIplSwitchToLongMode at all.
>
> DxeIpl.inf:
> [FeaturePcd.IA32]
> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode ## CONSUMES
>
> As I remember, I did a draft patch below before for the discussion about how to determine *PEI* is 32BITs or 64BITs in title "[edk2] [PATCH v3 2/4] IntelFrameworkModulePkg: BdsDxe: only allocate below 4 GB if needed", I can't find the archive link any more.
>
> ---
> MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c | 5 +++++
> MdeModulePkg/MdeModulePkg.dec | 4 +++-
> 2 files changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
> index 6488880..348e084 100644
> --- a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
> @@ -43,6 +43,11 @@ HandOffToDxeCore (
> EFI_PEI_VECTOR_HANDOFF_INFO_PPI *VectorHandoffInfoPpi;
>
> //
> + // It should be FALSE for both PEI and DXE are 64-bit.
> + //
> + ASSERT (PcdGetBool (PcdDxeIplSwitchToLongMode) == FALSE);
> +
> + //
> // Get Vector Hand-off Info PPI and build Guided HOB
> //
> Status = PeiServicesLocatePpi (
> diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
> index af7bcab..4a73f7b 100644
> --- a/MdeModulePkg/MdeModulePkg.dec
> +++ b/MdeModulePkg/MdeModulePkg.dec
> @@ -712,8 +712,10 @@
> ## Indicates if DxeIpl should switch to long mode to enter DXE phase.
> # It is assumed that 64-bit DxeCore is built in firmware if it is true; otherwise 32-bit DxeCore
> # is built in firmware.<BR><BR>
> + # And it should be FALSE for both PEI and DXE are 64-bit.
> # TRUE - DxeIpl will load a 64-bit DxeCore and switch to long mode to hand over to DxeCore.<BR>
> - # FALSE - DxeIpl will load a 32-bit DxeCore and perform stack switch to hand over to DxeCore.<BR>
> + # FALSE - DxeIpl will load a 32-bit DxeCore and perform stack switch to hand over to DxeCore,<BR>
> + # or both PEI and DXE are 64-bit.<BR>
> # @Prompt DxeIpl switch to long mode.
> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|TRUE|BOOLEAN|0x0001003b
>
> --
>
>
> Thanks,
> Star
> -----Original Message-----
> From: Laszlo Ersek [mailto:lersek@redhat.com]
> Sent: Thursday, February 9, 2017 3:48 AM
> To: Yao, Jiewen <jiewen.yao@intel.com
> <mailto:jiewen.yao@intel.com>>; Duran, Leo <leo.duran@amd.com
> <mailto:leo.duran@amd.com>>; Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com>>; edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org>
> Cc: Tian, Feng <feng.tian@intel.com
> <mailto:feng.tian@intel.com>>; Singh, Brijesh <brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com>>; Justen, Jordan L <jordan.l.justen@intel.com
> <mailto:jordan.l.justen@intel.com>>
> Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
>
> On 02/08/17 19:20, Yao, Jiewen wrote:
>> Got it.
>>
>>
>>
>> If the means of PcdDxeIplSwitchtoLongMode is unclear, we may add more
>> description to make it clear.
>>
>>
>>
>> If we believe “PcdDxeIplSwitchtoLongMode == DXE is Long mode” as
>> final conclusion, can we treat that as a bug and fix OVMF X64?
>
> I don't know how to "fix" that. What is there to fix?
>
> Flipping the PCD to TRUE in OVMF X64 would break OVMF X64, and likely OVMF Ia32X64 too. For two reasons:
>
>
> (1) Toggling the PCD would alter the behavior of the DXE IPL PEIM and/or the DXE Core, and that behavior has never ever been tested with OVMF X64.
>
> The PcdDxeIplSwitchToLongMode=FALSE setting in the X64 DSC dates back to:
>
> commit 8fa729a8b1401f01c6fd8ddbcab45e4a4904fa9a
> Author: lgao4 <lgao4@6f19259b-4bc3-4df7-8a09-765794883524>
> Date: Mon Mar 15 01:40:59 2010 +0000
>
> Merge the same type PCD section.
>
> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10243 6f19259b-4bc3-4df7-8a09-765794883524
>
> and before that, to:
>
> commit 49ba9447c92d6fca214476381107a180d08e59d1
> Author: jljusten <jljusten@6f19259b-4bc3-4df7-8a09-765794883524>
> Date: Wed May 27 21:10:18 2009 +0000
>
> Add initial version of Open Virtual Machine Firmware (OVMF) platform.
>
> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@8398 6f19259b-4bc3-4df7-8a09-765794883524
>
> In other words, OVMF X64 has always worked like this, since its inception.
>
>
> (2) PEI code under OvmfPkg itself uses this PCD to identify a 32-bit DXE phase.
>
> //
> // If DXE is 32-bit, then we're done; PciBusDxe will degrade 64-bit MMIO
> // resources to 32-bit anyway. See DegradeResource() in
> // "PciResourceSupport.c".
> //
> #ifdef MDE_CPU_IA32
> if (!FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
> return FirstNonAddress;
> }
> #endif
>
> and
>
> //
> // If DXE is 32-bit, then just return the traditional 64 MB cap.
> //
> #ifdef MDE_CPU_IA32
> if (!FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
> return SIZE_64MB;
> }
> #endif
>
> Thanks
> Laszlo
>
>>
>>
>>
>> Thank you
>>
>> Yao Jiewen
>>
>>
>>
>>
>>
>> *From:*Laszlo Ersek [mailto:lersek@redhat.com]
>> *Sent:* Wednesday, February 8, 2017 9:52 AM
>> *To:* Yao, Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com>>; Duran, Leo
>> <leo.duran@amd.com
> <mailto:leo.duran@amd.com>>; Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com>>;
>> edk2-devel@ml01.01.org <mailto:edk2-devel@ml01.01.org>
>> *Cc:* Tian, Feng <feng.tian@intel.com <mailto:feng.tian@intel.com>>; Singh, Brijesh
>> <brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com>>; Justen, Jordan L <jordan.l.justen@intel.com
> <mailto:jordan.l.justen@intel.com>>
>> *Subject:* Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>> PcdPteMemoryEncryptionAddressOrMask
>>
>>
>>
>> On 02/08/17 18:27, Yao, Jiewen wrote:
>>> I believe PcdDxeIplSwitchtoLongMode == DXE is Long mode.
>>>
>>>
>>>
>>> See DEC description:
>>>
>>> # It is assumed that 64-bit DxeCore is built in firmware if it is
>>> true; otherwise 32-bit DxeCore
>>>
>>> # is built in firmware.<BR><BR>
>>
>> Unfortunately, I have no historical context or background for this
>> PCD; all I can say is that the X64 OVMF platform does not set the PCD.
>>
>> It enters long mode, and sets up page tables for the first 4GB of RAM,
>> in SEC. Then SEC decompresses the flash contents to RAM, which covers
>> both PEIFV and DXEFV. PEI runs from RAM.
>>
>> This is possible because on QEMU/KVM, there's no need to initialize
>> RAM, thus only SEC runs from flash, in-place.
>>
>> Perhaps Jordan can provide more insight.
>>
>> If Brijesh and Leo would like to run the X64 OVMF platform as a SEV
>> guest too, then this should be considered, in my opinion.
>>
>> One more comment below:
>>
>>>
>>>
>>>
>>> And the code MdeModulePkg\Universal\Acpi\S3SaveStateDxe\AcpiS3ContextSave.c:
>>>
>>>
>>>
>>> BOOLEAN
>>>
>>> IsLongModeWakingVectorSupport (
>>>
>>> IN EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE*Facs
>>>
>>> )
>>>
>>> {
>>>
>>> if((Facs == NULL) ||
>>>
>>> (Facs->Signature !=
>>> EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_SIGNATURE) ) {
>>>
>>> //
>>>
>>> // Something wrong with FACS.
>>>
>>> //
>>>
>>> returnFALSE;
>>>
>>> }
>>>
>>> if((Facs->Version ==
>>> EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_VERSION) &&
>>>
>>> ((Facs->Flags & EFI_ACPI_4_0_64BIT_WAKE_SUPPORTED_F) != 0)) {
>>>
>>> //
>>>
>>> // BIOS supports 64bit waking vector.
>>>
>>> //
>>>
>>> if(FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
>>>
>>> returnTRUE;
>>>
>>> }
>>>
>>> }
>>>
>>> returnFALSE;
>>>
>>> }
>>
>> In practice, it's okay if the OVMF X64 platform is recognized as "not
>> supporting a 64-bit waking vector for S3 resume". All the 64-bit guest
>> OSes that I've tested with OVMF X64 (Linux, and the Windows 7 / 8 / 10
>> families, both client and server) use a real mode (16-bit) waking
>> vector, in practice.
>>
>> ... Actually, upon reviewing the above code more carefully, we don't
>> even reach the FeaturePcdGet() call: the FACS that QEMU generates (and
>> OVMF downloads and installs) corresponds to ACPI 1.0, that is,
>> EFI_ACPI_1_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_VERSION.
>>
>> Thanks
>> Laszlo
>>
>>
>>>
>>>
>>>
>>>
>>>
>>> Thank you
>>>
>>> Yao Jiewen
>>>
>>>
>>>
>>> *From:*edk2-devel [mailto:edk2-devel-bounces@lists.01.org] *On Behalf
>>> Of *Yao, Jiewen
>>> *Sent:* Wednesday, February 8, 2017 9:18 AM
>>> *To:* Laszlo Ersek <lersek@redhat.com
> <mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com>>; Duran, Leo <leo.duran@amd.com
> <mailto:leo.duran@amd.com %0b>> <mailto:leo.duran@amd.com>>;
>>> Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com>>; edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org>
>> <mailto:edk2-devel@ml01.01.org>
>>> *Cc:* Tian, Feng <feng.tian@intel.com <mailto:feng.tian@intel.com
> <mailto:feng.tian@intel.com %3cmailto:feng.tian@intel.com>>>;
>>> Singh, Brijesh <brijesh.singh@amd.com <mailto:brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com %3cmailto:brijesh.singh@amd.com>>>
>>> *Subject:* Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>> PcdPteMemoryEncryptionAddressOrMask
>>>
>>>
>>>
>>> Good reminder. I take back my word.
>>>
>>> In this case, we need consume PcdPteMemoryEncryptionAddressOrMask in IA32 mode to build X64 paging.
>>>
>>> We need
>>>
>>> From: Laszlo Ersek [mailto:lersek@redhat.com]
>>> Sent: Wednesday, February 8, 2017 9:11 AM
>>> To: Yao, Jiewen <jiewen.yao@intel.com
> <mailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com>>;
>> Duran, Leo <leo.duran@amd.com <mailto:leo.duran@amd.com%0b
> <mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com%0b>>>
>> <mailto:leo.duran@amd.com>>; Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com %0b>> <mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com>>;
>> edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org> <mailto:edk2-devel@ml01.01.org>
>>> <mailto:edk2-devel@ml01.01.org>
>>> Cc: Tian, Feng <feng.tian@intel.com
> <mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com>>; Singh,
>> Brijesh <brijesh.singh@amd.com <mailto:brijesh.singh@amd.com%0b
> <mailto:brijesh.singh@amd.com %3cmailto:brijesh.singh@amd.com%0b>>>
>> <mailto:brijesh.singh@amd.com>>
>>> Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>> PcdPteMemoryEncryptionAddressOrMask
>>>
>>> On 02/08/17 18:05, Yao, Jiewen wrote:
>>>> HI Leo
>>>>
>>>> Thanks to clarify that.
>>>>
>>>>
>>>>
>>>> If that is the case, do you think it will be better to limit this
>>>> PCD to
>>>> X64 only in DEC file. Such as [PcdsDynamic.X64, PcdsDynamicEx.X64]
>>>
>>> Not sure if this is the best place to raise the following
>>> observation, but it should do:
>>>
>>> please everyone remember that PcdDxeIplSwitchToLongMode is only TRUE
>>> if PEI is 32-bit and DXE is 64-bit. It is FALSE in *two* cases:
>>> - both PEI and DXE are 32-bit, and
>>> - both PEI and DXE are 64-bit.
>>>
>>> This doesn't necessarily invalidate anything said thus fair in the
>>> thread, but the following statement from Leo:
>>>
>>> The SEV feature requires 64-bit LongMode, so the
>>> PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time
>>>
>>> does not follow. The PCD is FALSE in OvmfPkgX64.dsc.
>>>
>>> Thanks,
>>> Laszlo
>>>
>>>>
>>>>
>>>>
>>>> Thank you
>>>>
>>>> Yao Jiewen
>>>>
>>>>
>>>>
>>>> *From:*Duran, Leo [mailto:leo.duran@amd.com]
>>>> *Sent:* Wednesday, February 8, 2017 9:00 AM
>>>> *To:* Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com
> <mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com%0b>>
>> <mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com>>>;
>> edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>>>> *Cc:* Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com
> <mailto:lersek@redhat.com%3cmailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%3cmailto:lersek@redhat.com%0b>>
>> <mailto:lersek@redhat.com%3cmailto:lersek@redhat.com>>>; Tian, Feng
>>>> <feng.tian@intel.com<mailto:feng.tian@intel.com
> <mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com%0b>>
>> <mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com>>>; Singh,
>> Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com%0b>>
>> <mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com>>>; Yao,
>>>> Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com
> <mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com%0b>>
>> <mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com>>>
>>>> *Subject:* RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>
>>>>
>>>>
>>>> Pease see reply below.
>>>> Leo
>>>>
>>>>> -----Original Message-----
>>>>> From: Zeng, Star [mailto:star.zeng@intel.com]
>>>>> Sent: Tuesday, February 07, 2017 8:27 PM
>>>>> To: Duran, Leo <leo.duran@amd.com
> <mailto:leo.duran@amd.com %0b>>>>> <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %0b>>>>> %3cmailto:leo.duran@amd.com
>> <mailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com %0b>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com %0b>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com>>>>;
>> edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>>>> <mailto:edk2-devel@ml01.01.org>
>>>>> Cc: Laszlo Ersek <lersek@redhat.com
> <mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%0b
> <mailto:lersek@redhat.com%0b %0b>> <mailto:lersek@redhat.com%0b%0b>>
>> <mailto:lersek@redhat.com%0b%3cmailto:lersek@redhat.com%0b>>>
>> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
> <mailto:feng.tian@intel.com %0b>> <mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com%0b
> <mailto:feng.tian@intel.com%0b %0b>> <mailto:feng.tian@intel.com%0b%0b>>
>> <mailto:feng.tian@intel.com%0b%3cmailto:feng.tian@intel.com%0b>>>
>> <mailto:feng.tian@intel.com>>;
>>>>> Singh, Brijesh <brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%0b
> <mailto:brijesh.singh@amd.com%0b %0b>> <mailto:brijesh.singh@amd.com%0b%0b>>
>> <mailto:brijesh.singh@amd.com%0b%3cmailto:brijesh.singh@amd.com%0b>>>
>> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com %0b>> <mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com%0b
> <mailto:star.zeng@intel.com%0b %0b>> <mailto:star.zeng@intel.com%0b%0b>>
>> <mailto:star.zeng@intel.com%0b%3cmailto:star.zeng@intel.com%0b>>>
>> <mailto:star.zeng@intel.com>>;
>>>>> Yao, Jiewen <jiewen.yao@intel.com
> <mailto:jiewen.yao@intel.com %0b>>>>> <mailto:jiewen.yao@intel.com<mailto:jiewen.yao@intel.com
> <mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com %0b>>>>> %3cmailto:jiewen.yao@intel.com
>> <mailto:jiewen.yao@intel.com
> <mailto:jiewen.yao@intel.com %0b>> %3cmailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com
>> %3cmailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com
> <mailto:jiewen.yao@intel.com %0b>> %3cmailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com
>> %3cmailto:jiewen.yao@intel.com>>>>
>>>>> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>>
>>>>> Does Create4GPageTablesIa32Pae() also need to be updated?
>>>>>
>>>>> Thanks,
>>>>> Star
>>>> [Duran, Leo]
>>>> Hi Star,
>>>> No, I do not think Create4GPageTablesIa32Pae() is in the execution path.
>>>>
>>>> The SEV feature requires 64-bit LongMode, so the
>>>> PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time, in which case Create4GPageTablesIa32Pae() would *not* be called by HandOffToDxeCore().
>>>>
>>>>> -----Original Message-----
>>>>> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf
>>>>> Of Leo Duran
>>>>> Sent: Wednesday, February 8, 2017 3:54 AM
>>>>> To: edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>>> <mailto:edk2-devel@ml01.01.org>
>>>>> Cc: Laszlo Ersek <lersek@redhat.com
> <mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%0b
> <mailto:lersek@redhat.com%0b %0b>> <mailto:lersek@redhat.com%0b%0b>>
>> <mailto:lersek@redhat.com%0b%3cmailto:lersek@redhat.com%0b>>>
>> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
> <mailto:feng.tian@intel.com %0b>> <mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com%0b
> <mailto:feng.tian@intel.com%0b %0b>> <mailto:feng.tian@intel.com%0b%0b>>
>> <mailto:feng.tian@intel.com%0b%3cmailto:feng.tian@intel.com%0b>>>
>> <mailto:feng.tian@intel.com>>;
>>>>> Brijesh Singh <brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%0b
> <mailto:brijesh.singh@amd.com%0b %0b>> <mailto:brijesh.singh@amd.com%0b%0b>>
>> <mailto:brijesh.singh@amd.com%0b%3cmailto:brijesh.singh@amd.com%0b>>>
>> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com %0b>> <mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com%0b
> <mailto:star.zeng@intel.com%0b %0b>> <mailto:star.zeng@intel.com%0b%0b>>
>> <mailto:star.zeng@intel.com%0b%3cmailto:star.zeng@intel.com%0b>>>
>> <mailto:star.zeng@intel.com>>;
>>>>> Leo Duran <leo.duran@amd.com
> <mailto:leo.duran@amd.com %0b>>>>> <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %0b>>>>> %3cmailto:leo.duran@amd.com
>> <mailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com %0b>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com %0b>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com>>>>
>>>>> Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>>
>>>>> From: Brijesh Singh <brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com %0b>>>>> <mailto:brijesh.singh@amd.com<mailto:brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com %0b>>>>> %3cmailto:brijesh.singh@amd.com
>> <mailto:brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com %0b>> %3cmailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com
>> %3cmailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com %0b>> %3cmailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com
>> %3cmailto:brijesh.singh@amd.com>>>>
>>>>>
>>>>> This dynamic PCD holds the address mask for page table entries when
>>>>> memory encryption is enabled on AMD processors supporting the
>>>>> Secure Encrypted Virtualization (SEV) feature.
>>>>>
>>>>> Cc: Feng Tian <feng.tian@intel.com
> <mailto:feng.tian@intel.com %0b>>>>> <mailto:feng.tian@intel.com<mailto:feng.tian@intel.com
> <mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com %0b>>>>> %3cmailto:feng.tian@intel.com
>> <mailto:feng.tian@intel.com
> <mailto:feng.tian@intel.com %0b>> %3cmailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com
>> %3cmailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com
> <mailto:feng.tian@intel.com %0b>> %3cmailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com
>> %3cmailto:feng.tian@intel.com>>>>
>>>>> Cc: Star Zeng <star.zeng@intel.com
> <mailto:star.zeng@intel.com %0b>>>>> <mailto:star.zeng@intel.com<mailto:star.zeng@intel.com
> <mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com %0b>>>>> %3cmailto:star.zeng@intel.com
>> <mailto:star.zeng@intel.com
> <mailto:star.zeng@intel.com %0b>> %3cmailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com
>> %3cmailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com
> <mailto:star.zeng@intel.com %0b>> %3cmailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com
>> %3cmailto:star.zeng@intel.com>>>>
>>>>> Cc: Laszlo Ersek <lersek@redhat.com
> <mailto:lersek@redhat.com %0b>>>>> <mailto:lersek@redhat.com<mailto:lersek@redhat.com
> <mailto:lersek@redhat.com%3cmailto:lersek@redhat.com %0b>>>>> %3cmailto:lersek@redhat.com
>> <mailto:lersek@redhat.com
> <mailto:lersek@redhat.com %0b>> %3cmailto:lersek@redhat.com%3cmailto:lersek@redhat.com
>> %3cmailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com
> <mailto:lersek@redhat.com %0b>> %3cmailto:lersek@redhat.com%3cmailto:lersek@redhat.com
>> %3cmailto:lersek@redhat.com>>>>
>>>>> Contributed-under: TianoCore Contribution Agreement 1.0
>>>>> Signed-off-by: Leo Duran <leo.duran@amd.com
> <mailto:leo.duran@amd.com %0b>>>>> <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %0b>>>>> %3cmailto:leo.duran@amd.com
>> <mailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com %0b>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com %0b>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com>>>>
>>>>> ---
>>>>> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
>>>>> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18 ++++++++++--
>>>>> ------
>>>>> MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
>>>>> 3 files changed, 22 insertions(+), 9 deletions(-)
>>>>>
>>>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>>> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>>> index 2bc41be..d62bd9b 100644
>>>>> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>>> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>>> @@ -6,6 +6,8 @@
>>>>> # needed to run the DXE Foundation.
>>>>> #
>>>>> # Copyright (c) 2006 - 2016, Intel Corporation. All rights
>>>>> reserved.<BR>
>>>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>>>>> +#
>>>>> # This program and the accompanying materials # are licensed
>>>>> and made available under the terms and conditions of the BSD
>>>>> License # which accompanies this distribution. The full text of
>>>>> the license may be found at @@ -111,7 +113,8 @@ [FeaturePcd]
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ##
>>>>> CONSUMES
>>>>>
>>>>> [Pcd.IA32,Pcd.X64]
>>>>> - gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>>>> SOMETIMES_CONSUMES
>>>>> + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>>>> SOMETIMES_CONSUMES
>>>>> +
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>>>> ask ## CONSUMES
>>>>>
>>>>> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ##
>>>>> SOMETIMES_CONSUMES
>>>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>>> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>>> index 790f6ab..2c52389 100644
>>>>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>>> @@ -16,6 +16,8 @@
>>>>> 3) IA-32 Intel(R) Architecture Software Developer's Manual
>>>>> Volume 3:System Programmer's Guide, Intel
>>>>>
>>>>> Copyright (c) 2006 - 2016, Intel Corporation. All rights
>>>>> reserved.<BR>
>>>>> +Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>>>>> +
>>>>> This program and the accompanying materials are licensed and made
>>>>> available under the terms and conditions of the BSD License which
>>>>> accompanies this distribution. The full text of the license may be
>>>>> found at @@ -71,14 +73,14 @@ Split2MPageTo4K (
>>>>> //
>>>>> // Fill in 2M page entry.
>>>>> //
>>>>> - *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P |
>>>>> IA32_PG_RW;
>>>>> + *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64
>>>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>>>>
>>>>> PhysicalAddress4K = PhysicalAddress;
>>>>> for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512;
>>>>> IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=
>>>>> SIZE_4KB) {
>>>>> //
>>>>> // Fill in the Page Table entries
>>>>> //
>>>>> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
>>>>> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | PcdGet64
>>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageTableEntry->Bits.ReadWrite = 1;
>>>>> PageTableEntry->Bits.Present = 1;
>>>>> if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K <
>>>>> StackBase +
>>>>> StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M (
>>>>> //
>>>>> // Fill in 1G page entry.
>>>>> //
>>>>> - *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P |
>>>>> IA32_PG_RW;
>>>>> + *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64
>>>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>>>>
>>>>> PhysicalAddress2M = PhysicalAddress;
>>>>> for (IndexOfPageDirectoryEntries = 0;
>>>>> IndexOfPageDirectoryEntries < 512;
>>>>> IndexOfPageDirectoryEntries++, PageDirectoryEntry++,
>>>>> IndexOfPageDirectoryEntries++PhysicalAddress2M
>>>>> += SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M (
>>>>> //
>>>>> // Fill in the Page Directory entries
>>>>> //
>>>>> - PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
>>>>> + PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M |
>>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>>>> PageDirectoryEntry->Bits.Present = 1;
>>>>> PageDirectoryEntry->Bits.MustBe1 = 1; @@ -248,7 +250,7 @@
>>>>> CreateIdentityMappingPageTables (
>>>>> //
>>>>> // Make a PML4 Entry
>>>>> //
>>>>> - PageMapLevel4Entry->Uint64 =
>>>>> (UINT64)(UINTN)PageDirectoryPointerEntry;
>>>>> + PageMapLevel4Entry->Uint64 =
>>>>> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64
>>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageMapLevel4Entry->Bits.ReadWrite = 1;
>>>>> PageMapLevel4Entry->Bits.Present = 1;
>>>>>
>>>>> @@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
>>>>> //
>>>>> // Fill in the Page Directory entries
>>>>> //
>>>>> - PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
>>>>> + PageDirectory1GEntry->Uint64 = (UINT64)PageAddress |
>>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageDirectory1GEntry->Bits.ReadWrite = 1;
>>>>> PageDirectory1GEntry->Bits.Present = 1;
>>>>> PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -280,7 +282,7
>>>>> @@ CreateIdentityMappingPageTables (
>>>>> //
>>>>> // Fill in a Page Directory Pointer Entries
>>>>> //
>>>>> - PageDirectoryPointerEntry->Uint64 =
>>>>> (UINT64)(UINTN)PageDirectoryEntry;
>>>>> + PageDirectoryPointerEntry->Uint64 =
>>>>> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64
>>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageDirectoryPointerEntry->Bits.ReadWrite = 1;
>>>>> PageDirectoryPointerEntry->Bits.Present = 1;
>>>>>
>>>>> @@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
>>>>> //
>>>>> // Fill in the Page Directory entries
>>>>> //
>>>>> - PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
>>>>> + PageDirectoryEntry->Uint64 = (UINT64)PageAddress |
>>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>>>> PageDirectoryEntry->Bits.Present = 1;
>>>>> PageDirectoryEntry->Bits.MustBe1 = 1; diff --git
>>>>> a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
>>>>> index 273cd7e..207384f 100644
>>>>> --- a/MdeModulePkg/MdeModulePkg.dec
>>>>> +++ b/MdeModulePkg/MdeModulePkg.dec
>>>>> @@ -6,6 +6,8 @@
>>>>> # Copyright (c) 2007 - 2017, Intel Corporation. All rights
>>>>> reserved.<BR> # Copyright (c) 2016, Linaro Ltd. All rights
>>>>> reserved.<BR> # (C) Copyright 2016 Hewlett Packard Enterprise
>>>>> Development LP<BR>
>>>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
>>>>> # This program and the accompanying materials are licensed and
>>>>> made available under # the terms and conditions of the BSD License
>>>>> that accompanies this distribution.
>>>>> # The full text of the license may be found at @@ -1738,5 +1740,11
>>>>> @@ [PcdsDynamic, PcdsDynamicEx]
>>>>> # @Prompt If there is any test key used by the platform.
>>>>>
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x0
>>>>> 0030003
>>>>>
>>>>> + ## This dynamic PCD holds the address mask for page table
>>>>> + entries when memory encryption is # enabled on AMD processors
>>>>> + supporting the
>>>>> Secure Encrypted Virtualization (SEV) feature.
>>>>> + # This mask should be applied when creating 1:1 virtual to
>>>>> + physical
>>>>> mapping tables.
>>>>> + #
>>>>> +
>>>>> +
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>>>> ask|0x0
>>>>> + |UINT64|0x00030004
>>>>> +
>>>>> [UserExtensions.TianoCore."ExtraFiles"]
>>>>> MdeModulePkgExtra.uni
>>>>> --
>>>>> 1.9.1
>>>>>
>>>>> _______________________________________________
>>>>> edk2-devel mailing list
>>>>> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org
> <mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>
>> <mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>
>>> <mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>>
>>> <mailto:edk2-devel@lists.01.org>
>>>>> https://lists.01.org/mailman/listinfo/edk2-devel
>>>>
>>> _______________________________________________
>>> edk2-devel mailing list
>>> edk2-devel@lists.01.org <mailto:edk2-devel@lists.01.org>
>> <mailto:edk2-devel@lists.01.org> <mailto:edk2-devel@lists.01.org>
>>> https://lists.01.org/mailman/listinfo/edk2-devel
>>>
>>
>
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-09 5:26 ` Zeng, Star
@ 2017-02-09 9:13 ` Laszlo Ersek
2017-02-09 9:17 ` Zeng, Star
0 siblings, 1 reply; 33+ messages in thread
From: Laszlo Ersek @ 2017-02-09 9:13 UTC (permalink / raw)
To: Zeng, Star, Yao, Jiewen, Duran, Leo, edk2-devel@ml01.01.org
Cc: Tian, Feng, Singh, Brijesh, Justen, Jordan L
On 02/09/17 06:26, Zeng, Star wrote:
> Correct typo in below email.
>
> "about how to determine DXE is 32BITs or 64BITs" should be "about how
> to determine PEI is 32BITs or 64BITs".
>
> At that time, we were discussing if the code needs to allocate <4G
> ACPI table for PEI phase at S3 resume.
Indeed. Although OVMF X64 has a 64-bit PEI phase, that PEI phase can
access only <4G RAM. IIRC one suggestion was to introduce a new HOB for
this, so that PEI can advertise such a limitation to DXE.
Thanks
Laszlo
>
> Thanks,
> Star
> -----Original Message-----
> From: Zeng, Star
> Sent: Thursday, February 9, 2017 1:12 PM
> To: Laszlo Ersek <lersek@redhat.com>; Yao, Jiewen <jiewen.yao@intel.com>; Duran, Leo <leo.duran@amd.com>; edk2-devel@ml01.01.org
> Cc: Tian, Feng <feng.tian@intel.com>; Singh, Brijesh <brijesh.singh@amd.com>; Justen, Jordan L <jordan.l.justen@intel.com>; Zeng, Star <star.zeng@intel.com>
> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
>
> In fact, X64 DxeIplPeim does not refer PcdDxeIplSwitchToLongMode at all.
>
> DxeIpl.inf:
> [FeaturePcd.IA32]
> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode ## CONSUMES
>
> As I remember, I did a draft patch below before for the discussion about how to determine DXE is 32BITs or 64BITs in title "[edk2] [PATCH v3 2/4] IntelFrameworkModulePkg: BdsDxe: only allocate below 4 GB if needed", I can't find the archive link any more.
>
> ---
> MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c | 5 +++++
> MdeModulePkg/MdeModulePkg.dec | 4 +++-
> 2 files changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
> index 6488880..348e084 100644
> --- a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
> @@ -43,6 +43,11 @@ HandOffToDxeCore (
> EFI_PEI_VECTOR_HANDOFF_INFO_PPI *VectorHandoffInfoPpi;
>
> //
> + // It should be FALSE for both PEI and DXE are 64-bit.
> + //
> + ASSERT (PcdGetBool (PcdDxeIplSwitchToLongMode) == FALSE);
> +
> + //
> // Get Vector Hand-off Info PPI and build Guided HOB
> //
> Status = PeiServicesLocatePpi (
> diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index af7bcab..4a73f7b 100644
> --- a/MdeModulePkg/MdeModulePkg.dec
> +++ b/MdeModulePkg/MdeModulePkg.dec
> @@ -712,8 +712,10 @@
> ## Indicates if DxeIpl should switch to long mode to enter DXE phase.
> # It is assumed that 64-bit DxeCore is built in firmware if it is true; otherwise 32-bit DxeCore
> # is built in firmware.<BR><BR>
> + # And it should be FALSE for both PEI and DXE are 64-bit.
> # TRUE - DxeIpl will load a 64-bit DxeCore and switch to long mode to hand over to DxeCore.<BR>
> - # FALSE - DxeIpl will load a 32-bit DxeCore and perform stack switch to hand over to DxeCore.<BR>
> + # FALSE - DxeIpl will load a 32-bit DxeCore and perform stack switch to hand over to DxeCore,<BR>
> + # or both PEI and DXE are 64-bit.<BR>
> # @Prompt DxeIpl switch to long mode.
> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|TRUE|BOOLEAN|0x0001003b
>
> --
>
>
> Thanks,
> Star
> -----Original Message-----
> From: Laszlo Ersek [mailto:lersek@redhat.com]
> Sent: Thursday, February 9, 2017 3:48 AM
> To: Yao, Jiewen <jiewen.yao@intel.com>; Duran, Leo <leo.duran@amd.com>; Zeng, Star <star.zeng@intel.com>; edk2-devel@ml01.01.org
> Cc: Tian, Feng <feng.tian@intel.com>; Singh, Brijesh <brijesh.singh@amd.com>; Justen, Jordan L <jordan.l.justen@intel.com>
> Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
>
> On 02/08/17 19:20, Yao, Jiewen wrote:
>> Got it.
>>
>>
>>
>> If the means of PcdDxeIplSwitchtoLongMode is unclear, we may add more
>> description to make it clear.
>>
>>
>>
>> If we believe "PcdDxeIplSwitchtoLongMode == DXE is Long mode" as
>> final conclusion, can we treat that as a bug and fix OVMF X64?
>
> I don't know how to "fix" that. What is there to fix?
>
> Flipping the PCD to TRUE in OVMF X64 would break OVMF X64, and likely OVMF Ia32X64 too. For two reasons:
>
>
> (1) Toggling the PCD would alter the behavior of the DXE IPL PEIM and/or the DXE Core, and that behavior has never ever been tested with OVMF X64.
>
> The PcdDxeIplSwitchToLongMode=FALSE setting in the X64 DSC dates back to:
>
> commit 8fa729a8b1401f01c6fd8ddbcab45e4a4904fa9a
> Author: lgao4 <lgao4@6f19259b-4bc3-4df7-8a09-765794883524>
> Date: Mon Mar 15 01:40:59 2010 +0000
>
> Merge the same type PCD section.
>
> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10243 6f19259b-4bc3-4df7-8a09-765794883524
>
> and before that, to:
>
> commit 49ba9447c92d6fca214476381107a180d08e59d1
> Author: jljusten <jljusten@6f19259b-4bc3-4df7-8a09-765794883524>
> Date: Wed May 27 21:10:18 2009 +0000
>
> Add initial version of Open Virtual Machine Firmware (OVMF) platform.
>
> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@8398 6f19259b-4bc3-4df7-8a09-765794883524
>
> In other words, OVMF X64 has always worked like this, since its inception.
>
>
> (2) PEI code under OvmfPkg itself uses this PCD to identify a 32-bit DXE phase.
>
> //
> // If DXE is 32-bit, then we're done; PciBusDxe will degrade 64-bit MMIO
> // resources to 32-bit anyway. See DegradeResource() in
> // "PciResourceSupport.c".
> //
> #ifdef MDE_CPU_IA32
> if (!FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
> return FirstNonAddress;
> }
> #endif
>
> and
>
> //
> // If DXE is 32-bit, then just return the traditional 64 MB cap.
> //
> #ifdef MDE_CPU_IA32
> if (!FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
> return SIZE_64MB;
> }
> #endif
>
> Thanks
> Laszlo
>
>>
>>
>>
>> Thank you
>>
>> Yao Jiewen
>>
>>
>>
>>
>>
>> *From:*Laszlo Ersek [mailto:lersek@redhat.com]
>> *Sent:* Wednesday, February 8, 2017 9:52 AM
>> *To:* Yao, Jiewen <jiewen.yao@intel.com>; Duran, Leo
>> <leo.duran@amd.com>; Zeng, Star <star.zeng@intel.com>;
>> edk2-devel@ml01.01.org
>> *Cc:* Tian, Feng <feng.tian@intel.com>; Singh, Brijesh
>> <brijesh.singh@amd.com>; Justen, Jordan L <jordan.l.justen@intel.com>
>> *Subject:* Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>> PcdPteMemoryEncryptionAddressOrMask
>>
>>
>>
>> On 02/08/17 18:27, Yao, Jiewen wrote:
>>> I believe PcdDxeIplSwitchtoLongMode == DXE is Long mode.
>>>
>>>
>>>
>>> See DEC description:
>>>
>>> # It is assumed that 64-bit DxeCore is built in firmware if it is
>>> true; otherwise 32-bit DxeCore
>>>
>>> # is built in firmware.<BR><BR>
>>
>> Unfortunately, I have no historical context or background for this
>> PCD; all I can say is that the X64 OVMF platform does not set the PCD.
>>
>> It enters long mode, and sets up page tables for the first 4GB of RAM,
>> in SEC. Then SEC decompresses the flash contents to RAM, which covers
>> both PEIFV and DXEFV. PEI runs from RAM.
>>
>> This is possible because on QEMU/KVM, there's no need to initialize
>> RAM, thus only SEC runs from flash, in-place.
>>
>> Perhaps Jordan can provide more insight.
>>
>> If Brijesh and Leo would like to run the X64 OVMF platform as a SEV
>> guest too, then this should be considered, in my opinion.
>>
>> One more comment below:
>>
>>>
>>>
>>>
>>> And the code MdeModulePkg\Universal\Acpi\S3SaveStateDxe\AcpiS3ContextSave.c:
>>>
>>>
>>>
>>> BOOLEAN
>>>
>>> IsLongModeWakingVectorSupport (
>>>
>>> IN EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE*Facs
>>>
>>> )
>>>
>>> {
>>>
>>> if((Facs == NULL) ||
>>>
>>> (Facs->Signature !=
>>> EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_SIGNATURE) ) {
>>>
>>> //
>>>
>>> // Something wrong with FACS.
>>>
>>> //
>>>
>>> returnFALSE;
>>>
>>> }
>>>
>>> if((Facs->Version ==
>>> EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_VERSION) &&
>>>
>>> ((Facs->Flags & EFI_ACPI_4_0_64BIT_WAKE_SUPPORTED_F) != 0)) {
>>>
>>> //
>>>
>>> // BIOS supports 64bit waking vector.
>>>
>>> //
>>>
>>> if(FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
>>>
>>> returnTRUE;
>>>
>>> }
>>>
>>> }
>>>
>>> returnFALSE;
>>>
>>> }
>>
>> In practice, it's okay if the OVMF X64 platform is recognized as "not
>> supporting a 64-bit waking vector for S3 resume". All the 64-bit guest
>> OSes that I've tested with OVMF X64 (Linux, and the Windows 7 / 8 / 10
>> families, both client and server) use a real mode (16-bit) waking
>> vector, in practice.
>>
>> ... Actually, upon reviewing the above code more carefully, we don't
>> even reach the FeaturePcdGet() call: the FACS that QEMU generates (and
>> OVMF downloads and installs) corresponds to ACPI 1.0, that is,
>> EFI_ACPI_1_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_VERSION.
>>
>> Thanks
>> Laszlo
>>
>>
>>>
>>>
>>>
>>>
>>>
>>> Thank you
>>>
>>> Yao Jiewen
>>>
>>>
>>>
>>> *From:*edk2-devel [mailto:edk2-devel-bounces@lists.01.org] *On Behalf
>>> Of *Yao, Jiewen
>>> *Sent:* Wednesday, February 8, 2017 9:18 AM
>>> *To:* Laszlo Ersek <lersek@redhat.com
>> <mailto:lersek@redhat.com>>; Duran, Leo <leo.duran@amd.com
>> <mailto:leo.duran@amd.com>>;
>>> Zeng, Star <star.zeng@intel.com
>> <mailto:star.zeng@intel.com>>; edk2-devel@ml01.01.org
>> <mailto:edk2-devel@ml01.01.org>
>>> *Cc:* Tian, Feng <feng.tian@intel.com <mailto:feng.tian@intel.com>>;
>>> Singh, Brijesh <brijesh.singh@amd.com <mailto:brijesh.singh@amd.com>>
>>> *Subject:* Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>> PcdPteMemoryEncryptionAddressOrMask
>>>
>>>
>>>
>>> Good reminder. I take back my word.
>>>
>>> In this case, we need consume PcdPteMemoryEncryptionAddressOrMask in IA32 mode to build X64 paging.
>>>
>>> We need
>>>
>>> From: Laszlo Ersek [mailto:lersek@redhat.com]
>>> Sent: Wednesday, February 8, 2017 9:11 AM
>>> To: Yao, Jiewen <jiewen.yao@intel.com
>> <mailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com>>;
>> Duran, Leo <leo.duran@amd.com <mailto:leo.duran@amd.com%0b>>
>> <mailto:leo.duran@amd.com>>; Zeng, Star <star.zeng@intel.com
>> <mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com>>;
>> edk2-devel@ml01.01.org <mailto:edk2-devel@ml01.01.org>
>>> <mailto:edk2-devel@ml01.01.org>
>>> Cc: Tian, Feng <feng.tian@intel.com
>> <mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com>>; Singh,
>> Brijesh <brijesh.singh@amd.com <mailto:brijesh.singh@amd.com%0b>>
>> <mailto:brijesh.singh@amd.com>>
>>> Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>> PcdPteMemoryEncryptionAddressOrMask
>>>
>>> On 02/08/17 18:05, Yao, Jiewen wrote:
>>>> HI Leo
>>>>
>>>> Thanks to clarify that.
>>>>
>>>>
>>>>
>>>> If that is the case, do you think it will be better to limit this
>>>> PCD to
>>>> X64 only in DEC file. Such as [PcdsDynamic.X64, PcdsDynamicEx.X64]
>>>
>>> Not sure if this is the best place to raise the following
>>> observation, but it should do:
>>>
>>> please everyone remember that PcdDxeIplSwitchToLongMode is only TRUE
>>> if PEI is 32-bit and DXE is 64-bit. It is FALSE in *two* cases:
>>> - both PEI and DXE are 32-bit, and
>>> - both PEI and DXE are 64-bit.
>>>
>>> This doesn't necessarily invalidate anything said thus fair in the
>>> thread, but the following statement from Leo:
>>>
>>> The SEV feature requires 64-bit LongMode, so the
>>> PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time
>>>
>>> does not follow. The PCD is FALSE in OvmfPkgX64.dsc.
>>>
>>> Thanks,
>>> Laszlo
>>>
>>>>
>>>>
>>>>
>>>> Thank you
>>>>
>>>> Yao Jiewen
>>>>
>>>>
>>>>
>>>> *From:*Duran, Leo [mailto:leo.duran@amd.com]
>>>> *Sent:* Wednesday, February 8, 2017 9:00 AM
>>>> *To:* Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com
>> <mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com%0b>>
>> <mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com>>>;
>> edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org
>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>>>> *Cc:* Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com
>> <mailto:lersek@redhat.com%3cmailto:lersek@redhat.com%0b>>
>> <mailto:lersek@redhat.com%3cmailto:lersek@redhat.com>>>; Tian, Feng
>>>> <feng.tian@intel.com<mailto:feng.tian@intel.com
>> <mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com%0b>>
>> <mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com>>>; Singh,
>> Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com
>> <mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com%0b>>
>> <mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com>>>; Yao,
>>>> Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com
>> <mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com%0b>>
>> <mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com>>>
>>>> *Subject:* RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>
>>>>
>>>>
>>>> Pease see reply below.
>>>> Leo
>>>>
>>>>> -----Original Message-----
>>>>> From: Zeng, Star [mailto:star.zeng@intel.com]
>>>>> Sent: Tuesday, February 07, 2017 8:27 PM
>>>>> To: Duran, Leo <leo.duran@amd.com
>>>>> <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com
>>>>> %3cmailto:leo.duran@amd.com
>> <mailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com>>>>;
>> edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org
>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>>>> <mailto:edk2-devel@ml01.01.org>
>>>>> Cc: Laszlo Ersek <lersek@redhat.com
>> <mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%0b
>> <mailto:lersek@redhat.com%0b%0b>>
>> <mailto:lersek@redhat.com%0b%3cmailto:lersek@redhat.com%0b>>>
>> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
>> <mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com%0b
>> <mailto:feng.tian@intel.com%0b%0b>>
>> <mailto:feng.tian@intel.com%0b%3cmailto:feng.tian@intel.com%0b>>>
>> <mailto:feng.tian@intel.com>>;
>>>>> Singh, Brijesh <brijesh.singh@amd.com
>> <mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%0b
>> <mailto:brijesh.singh@amd.com%0b%0b>>
>> <mailto:brijesh.singh@amd.com%0b%3cmailto:brijesh.singh@amd.com%0b>>>
>> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
>> <mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com%0b
>> <mailto:star.zeng@intel.com%0b%0b>>
>> <mailto:star.zeng@intel.com%0b%3cmailto:star.zeng@intel.com%0b>>>
>> <mailto:star.zeng@intel.com>>;
>>>>> Yao, Jiewen <jiewen.yao@intel.com
>>>>> <mailto:jiewen.yao@intel.com<mailto:jiewen.yao@intel.com
>>>>> %3cmailto:jiewen.yao@intel.com
>> <mailto:jiewen.yao@intel.com
>> %3cmailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com
>> %3cmailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com
>> %3cmailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com
>> %3cmailto:jiewen.yao@intel.com>>>>
>>>>> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>>
>>>>> Does Create4GPageTablesIa32Pae() also need to be updated?
>>>>>
>>>>> Thanks,
>>>>> Star
>>>> [Duran, Leo]
>>>> Hi Star,
>>>> No, I do not think Create4GPageTablesIa32Pae() is in the execution path.
>>>>
>>>> The SEV feature requires 64-bit LongMode, so the
>>>> PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time, in which case Create4GPageTablesIa32Pae() would *not* be called by HandOffToDxeCore().
>>>>
>>>>> -----Original Message-----
>>>>> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf
>>>>> Of Leo Duran
>>>>> Sent: Wednesday, February 8, 2017 3:54 AM
>>>>> To: edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org
>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>>> <mailto:edk2-devel@ml01.01.org>
>>>>> Cc: Laszlo Ersek <lersek@redhat.com
>> <mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%0b
>> <mailto:lersek@redhat.com%0b%0b>>
>> <mailto:lersek@redhat.com%0b%3cmailto:lersek@redhat.com%0b>>>
>> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
>> <mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com%0b
>> <mailto:feng.tian@intel.com%0b%0b>>
>> <mailto:feng.tian@intel.com%0b%3cmailto:feng.tian@intel.com%0b>>>
>> <mailto:feng.tian@intel.com>>;
>>>>> Brijesh Singh <brijesh.singh@amd.com
>> <mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%0b
>> <mailto:brijesh.singh@amd.com%0b%0b>>
>> <mailto:brijesh.singh@amd.com%0b%3cmailto:brijesh.singh@amd.com%0b>>>
>> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
>> <mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com%0b
>> <mailto:star.zeng@intel.com%0b%0b>>
>> <mailto:star.zeng@intel.com%0b%3cmailto:star.zeng@intel.com%0b>>>
>> <mailto:star.zeng@intel.com>>;
>>>>> Leo Duran <leo.duran@amd.com
>>>>> <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com
>>>>> %3cmailto:leo.duran@amd.com
>> <mailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com>>>>
>>>>> Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>>
>>>>> From: Brijesh Singh <brijesh.singh@amd.com
>>>>> <mailto:brijesh.singh@amd.com<mailto:brijesh.singh@amd.com
>>>>> %3cmailto:brijesh.singh@amd.com
>> <mailto:brijesh.singh@amd.com
>> %3cmailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com
>> %3cmailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com
>> %3cmailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com
>> %3cmailto:brijesh.singh@amd.com>>>>
>>>>>
>>>>> This dynamic PCD holds the address mask for page table entries when
>>>>> memory encryption is enabled on AMD processors supporting the
>>>>> Secure Encrypted Virtualization (SEV) feature.
>>>>>
>>>>> Cc: Feng Tian <feng.tian@intel.com
>>>>> <mailto:feng.tian@intel.com<mailto:feng.tian@intel.com
>>>>> %3cmailto:feng.tian@intel.com
>> <mailto:feng.tian@intel.com
>> %3cmailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com
>> %3cmailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com
>> %3cmailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com
>> %3cmailto:feng.tian@intel.com>>>>
>>>>> Cc: Star Zeng <star.zeng@intel.com
>>>>> <mailto:star.zeng@intel.com<mailto:star.zeng@intel.com
>>>>> %3cmailto:star.zeng@intel.com
>> <mailto:star.zeng@intel.com
>> %3cmailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com
>> %3cmailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com
>> %3cmailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com
>> %3cmailto:star.zeng@intel.com>>>>
>>>>> Cc: Laszlo Ersek <lersek@redhat.com
>>>>> <mailto:lersek@redhat.com<mailto:lersek@redhat.com
>>>>> %3cmailto:lersek@redhat.com
>> <mailto:lersek@redhat.com
>> %3cmailto:lersek@redhat.com%3cmailto:lersek@redhat.com
>> %3cmailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com
>> %3cmailto:lersek@redhat.com%3cmailto:lersek@redhat.com
>> %3cmailto:lersek@redhat.com>>>>
>>>>> Contributed-under: TianoCore Contribution Agreement 1.0
>>>>> Signed-off-by: Leo Duran <leo.duran@amd.com
>>>>> <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com
>>>>> %3cmailto:leo.duran@amd.com
>> <mailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com>>>>
>>>>> ---
>>>>> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
>>>>> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18 ++++++++++--
>>>>> ------
>>>>> MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
>>>>> 3 files changed, 22 insertions(+), 9 deletions(-)
>>>>>
>>>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>>> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>>> index 2bc41be..d62bd9b 100644
>>>>> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>>> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>>> @@ -6,6 +6,8 @@
>>>>> # needed to run the DXE Foundation.
>>>>> #
>>>>> # Copyright (c) 2006 - 2016, Intel Corporation. All rights
>>>>> reserved.<BR>
>>>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>>>>> +#
>>>>> # This program and the accompanying materials # are licensed
>>>>> and made available under the terms and conditions of the BSD
>>>>> License # which accompanies this distribution. The full text of
>>>>> the license may be found at @@ -111,7 +113,8 @@ [FeaturePcd]
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ##
>>>>> CONSUMES
>>>>>
>>>>> [Pcd.IA32,Pcd.X64]
>>>>> - gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>>>> SOMETIMES_CONSUMES
>>>>> + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>>>> SOMETIMES_CONSUMES
>>>>> +
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>>>> ask ## CONSUMES
>>>>>
>>>>> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ##
>>>>> SOMETIMES_CONSUMES
>>>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>>> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>>> index 790f6ab..2c52389 100644
>>>>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>>> @@ -16,6 +16,8 @@
>>>>> 3) IA-32 Intel(R) Architecture Software Developer's Manual
>>>>> Volume 3:System Programmer's Guide, Intel
>>>>>
>>>>> Copyright (c) 2006 - 2016, Intel Corporation. All rights
>>>>> reserved.<BR>
>>>>> +Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>>>>> +
>>>>> This program and the accompanying materials are licensed and made
>>>>> available under the terms and conditions of the BSD License which
>>>>> accompanies this distribution. The full text of the license may be
>>>>> found at @@ -71,14 +73,14 @@ Split2MPageTo4K (
>>>>> //
>>>>> // Fill in 2M page entry.
>>>>> //
>>>>> - *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P |
>>>>> IA32_PG_RW;
>>>>> + *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64
>>>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>>>>
>>>>> PhysicalAddress4K = PhysicalAddress;
>>>>> for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512;
>>>>> IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=
>>>>> SIZE_4KB) {
>>>>> //
>>>>> // Fill in the Page Table entries
>>>>> //
>>>>> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
>>>>> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | PcdGet64
>>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageTableEntry->Bits.ReadWrite = 1;
>>>>> PageTableEntry->Bits.Present = 1;
>>>>> if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K <
>>>>> StackBase +
>>>>> StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M (
>>>>> //
>>>>> // Fill in 1G page entry.
>>>>> //
>>>>> - *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P |
>>>>> IA32_PG_RW;
>>>>> + *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64
>>>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>>>>
>>>>> PhysicalAddress2M = PhysicalAddress;
>>>>> for (IndexOfPageDirectoryEntries = 0;
>>>>> IndexOfPageDirectoryEntries < 512;
>>>>> IndexOfPageDirectoryEntries++, PageDirectoryEntry++,
>>>>> IndexOfPageDirectoryEntries++PhysicalAddress2M
>>>>> += SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M (
>>>>> //
>>>>> // Fill in the Page Directory entries
>>>>> //
>>>>> - PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
>>>>> + PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M |
>>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>>>> PageDirectoryEntry->Bits.Present = 1;
>>>>> PageDirectoryEntry->Bits.MustBe1 = 1; @@ -248,7 +250,7 @@
>>>>> CreateIdentityMappingPageTables (
>>>>> //
>>>>> // Make a PML4 Entry
>>>>> //
>>>>> - PageMapLevel4Entry->Uint64 =
>>>>> (UINT64)(UINTN)PageDirectoryPointerEntry;
>>>>> + PageMapLevel4Entry->Uint64 =
>>>>> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64
>>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageMapLevel4Entry->Bits.ReadWrite = 1;
>>>>> PageMapLevel4Entry->Bits.Present = 1;
>>>>>
>>>>> @@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
>>>>> //
>>>>> // Fill in the Page Directory entries
>>>>> //
>>>>> - PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
>>>>> + PageDirectory1GEntry->Uint64 = (UINT64)PageAddress |
>>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageDirectory1GEntry->Bits.ReadWrite = 1;
>>>>> PageDirectory1GEntry->Bits.Present = 1;
>>>>> PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -280,7 +282,7
>>>>> @@ CreateIdentityMappingPageTables (
>>>>> //
>>>>> // Fill in a Page Directory Pointer Entries
>>>>> //
>>>>> - PageDirectoryPointerEntry->Uint64 =
>>>>> (UINT64)(UINTN)PageDirectoryEntry;
>>>>> + PageDirectoryPointerEntry->Uint64 =
>>>>> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64
>>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageDirectoryPointerEntry->Bits.ReadWrite = 1;
>>>>> PageDirectoryPointerEntry->Bits.Present = 1;
>>>>>
>>>>> @@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
>>>>> //
>>>>> // Fill in the Page Directory entries
>>>>> //
>>>>> - PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
>>>>> + PageDirectoryEntry->Uint64 = (UINT64)PageAddress |
>>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>>>> PageDirectoryEntry->Bits.Present = 1;
>>>>> PageDirectoryEntry->Bits.MustBe1 = 1; diff --git
>>>>> a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
>>>>> index 273cd7e..207384f 100644
>>>>> --- a/MdeModulePkg/MdeModulePkg.dec
>>>>> +++ b/MdeModulePkg/MdeModulePkg.dec
>>>>> @@ -6,6 +6,8 @@
>>>>> # Copyright (c) 2007 - 2017, Intel Corporation. All rights
>>>>> reserved.<BR> # Copyright (c) 2016, Linaro Ltd. All rights
>>>>> reserved.<BR> # (C) Copyright 2016 Hewlett Packard Enterprise
>>>>> Development LP<BR>
>>>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> #
>>>>> # This program and the accompanying materials are licensed and
>>>>> made available under # the terms and conditions of the BSD License
>>>>> that accompanies this distribution.
>>>>> # The full text of the license may be found at @@ -1738,5 +1740,11
>>>>> @@ [PcdsDynamic, PcdsDynamicEx]
>>>>> # @Prompt If there is any test key used by the platform.
>>>>>
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x0
>>>>> 0030003
>>>>>
>>>>> + ## This dynamic PCD holds the address mask for page table
>>>>> + entries when memory encryption is # enabled on AMD processors
>>>>> + supporting the
>>>>> Secure Encrypted Virtualization (SEV) feature.
>>>>> + # This mask should be applied when creating 1:1 virtual to
>>>>> + physical
>>>>> mapping tables.
>>>>> + #
>>>>> +
>>>>> +
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>>>> ask|0x0
>>>>> + |UINT64|0x00030004
>>>>> +
>>>>> [UserExtensions.TianoCore."ExtraFiles"]
>>>>> MdeModulePkgExtra.uni
>>>>> --
>>>>> 1.9.1
>>>>>
>>>>> _______________________________________________
>>>>> edk2-devel mailing list
>>>>> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org
>> <mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>
>>> <mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>>
>>> <mailto:edk2-devel@lists.01.org>
>>>>> https://lists.01.org/mailman/listinfo/edk2-devel
>>>>
>>> _______________________________________________
>>> edk2-devel mailing list
>>> edk2-devel@lists.01.org
>> <mailto:edk2-devel@lists.01.org> <mailto:edk2-devel@lists.01.org>
>>> https://lists.01.org/mailman/listinfo/edk2-devel
>>>
>>
>
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-09 9:13 ` Laszlo Ersek
@ 2017-02-09 9:17 ` Zeng, Star
2017-02-09 9:46 ` Laszlo Ersek
0 siblings, 1 reply; 33+ messages in thread
From: Zeng, Star @ 2017-02-09 9:17 UTC (permalink / raw)
To: Laszlo Ersek, Yao, Jiewen, Duran, Leo, edk2-devel@ml01.01.org
Cc: Tian, Feng, Singh, Brijesh, Justen, Jordan L, Zeng, Star
EFI_HOB_CPU?
Is there discussion in PIWG for it?
Thanks,
Star
-----Original Message-----
From: Laszlo Ersek [mailto:lersek@redhat.com]
Sent: Thursday, February 9, 2017 5:13 PM
To: Zeng, Star <star.zeng@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Duran, Leo <leo.duran@amd.com>; edk2-devel@ml01.01.org
Cc: Tian, Feng <feng.tian@intel.com>; Singh, Brijesh <brijesh.singh@amd.com>; Justen, Jordan L <jordan.l.justen@intel.com>
Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
On 02/09/17 06:26, Zeng, Star wrote:
> Correct typo in below email.
>
> "about how to determine DXE is 32BITs or 64BITs" should be "about how
> to determine PEI is 32BITs or 64BITs".
>
> At that time, we were discussing if the code needs to allocate <4G
> ACPI table for PEI phase at S3 resume.
Indeed. Although OVMF X64 has a 64-bit PEI phase, that PEI phase can access only <4G RAM. IIRC one suggestion was to introduce a new HOB for this, so that PEI can advertise such a limitation to DXE.
Thanks
Laszlo
>
> Thanks,
> Star
> -----Original Message-----
> From: Zeng, Star
> Sent: Thursday, February 9, 2017 1:12 PM
> To: Laszlo Ersek <lersek@redhat.com>; Yao, Jiewen
> <jiewen.yao@intel.com>; Duran, Leo <leo.duran@amd.com>;
> edk2-devel@ml01.01.org
> Cc: Tian, Feng <feng.tian@intel.com>; Singh, Brijesh
> <brijesh.singh@amd.com>; Justen, Jordan L <jordan.l.justen@intel.com>;
> Zeng, Star <star.zeng@intel.com>
> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
> In fact, X64 DxeIplPeim does not refer PcdDxeIplSwitchToLongMode at all.
>
> DxeIpl.inf:
> [FeaturePcd.IA32]
> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode ## CONSUMES
>
> As I remember, I did a draft patch below before for the discussion about how to determine DXE is 32BITs or 64BITs in title "[edk2] [PATCH v3 2/4] IntelFrameworkModulePkg: BdsDxe: only allocate below 4 GB if needed", I can't find the archive link any more.
>
> ---
> MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c | 5 +++++
> MdeModulePkg/MdeModulePkg.dec | 4 +++-
> 2 files changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
> b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
> index 6488880..348e084 100644
> --- a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
> @@ -43,6 +43,11 @@ HandOffToDxeCore (
> EFI_PEI_VECTOR_HANDOFF_INFO_PPI *VectorHandoffInfoPpi;
>
> //
> + // It should be FALSE for both PEI and DXE are 64-bit.
> + //
> + ASSERT (PcdGetBool (PcdDxeIplSwitchToLongMode) == FALSE);
> +
> + //
> // Get Vector Hand-off Info PPI and build Guided HOB
> //
> Status = PeiServicesLocatePpi (
> diff --git a/MdeModulePkg/MdeModulePkg.dec
> b/MdeModulePkg/MdeModulePkg.dec index af7bcab..4a73f7b 100644
> --- a/MdeModulePkg/MdeModulePkg.dec
> +++ b/MdeModulePkg/MdeModulePkg.dec
> @@ -712,8 +712,10 @@
> ## Indicates if DxeIpl should switch to long mode to enter DXE phase.
> # It is assumed that 64-bit DxeCore is built in firmware if it is true; otherwise 32-bit DxeCore
> # is built in firmware.<BR><BR>
> + # And it should be FALSE for both PEI and DXE are 64-bit.
> # TRUE - DxeIpl will load a 64-bit DxeCore and switch to long mode to hand over to DxeCore.<BR>
> - # FALSE - DxeIpl will load a 32-bit DxeCore and perform stack switch to hand over to DxeCore.<BR>
> + # FALSE - DxeIpl will load a 32-bit DxeCore and perform stack switch to hand over to DxeCore,<BR>
> + # or both PEI and DXE are 64-bit.<BR>
> # @Prompt DxeIpl switch to long mode.
>
> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|TRUE|BOOLEAN|
> 0x0001003b
>
> --
>
>
> Thanks,
> Star
> -----Original Message-----
> From: Laszlo Ersek [mailto:lersek@redhat.com]
> Sent: Thursday, February 9, 2017 3:48 AM
> To: Yao, Jiewen <jiewen.yao@intel.com>; Duran, Leo
> <leo.duran@amd.com>; Zeng, Star <star.zeng@intel.com>;
> edk2-devel@ml01.01.org
> Cc: Tian, Feng <feng.tian@intel.com>; Singh, Brijesh
> <brijesh.singh@amd.com>; Justen, Jordan L <jordan.l.justen@intel.com>
> Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
> On 02/08/17 19:20, Yao, Jiewen wrote:
>> Got it.
>>
>>
>>
>> If the means of PcdDxeIplSwitchtoLongMode is unclear, we may add
>> more description to make it clear.
>>
>>
>>
>> If we believe "PcdDxeIplSwitchtoLongMode == DXE is Long mode" as
>> final conclusion, can we treat that as a bug and fix OVMF X64?
>
> I don't know how to "fix" that. What is there to fix?
>
> Flipping the PCD to TRUE in OVMF X64 would break OVMF X64, and likely OVMF Ia32X64 too. For two reasons:
>
>
> (1) Toggling the PCD would alter the behavior of the DXE IPL PEIM and/or the DXE Core, and that behavior has never ever been tested with OVMF X64.
>
> The PcdDxeIplSwitchToLongMode=FALSE setting in the X64 DSC dates back to:
>
> commit 8fa729a8b1401f01c6fd8ddbcab45e4a4904fa9a
> Author: lgao4 <lgao4@6f19259b-4bc3-4df7-8a09-765794883524>
> Date: Mon Mar 15 01:40:59 2010 +0000
>
> Merge the same type PCD section.
>
> git-svn-id:
> https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10243
> 6f19259b-4bc3-4df7-8a09-765794883524
>
> and before that, to:
>
> commit 49ba9447c92d6fca214476381107a180d08e59d1
> Author: jljusten <jljusten@6f19259b-4bc3-4df7-8a09-765794883524>
> Date: Wed May 27 21:10:18 2009 +0000
>
> Add initial version of Open Virtual Machine Firmware (OVMF) platform.
>
> git-svn-id:
> https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@8398
> 6f19259b-4bc3-4df7-8a09-765794883524
>
> In other words, OVMF X64 has always worked like this, since its inception.
>
>
> (2) PEI code under OvmfPkg itself uses this PCD to identify a 32-bit DXE phase.
>
> //
> // If DXE is 32-bit, then we're done; PciBusDxe will degrade 64-bit MMIO
> // resources to 32-bit anyway. See DegradeResource() in
> // "PciResourceSupport.c".
> //
> #ifdef MDE_CPU_IA32
> if (!FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
> return FirstNonAddress;
> }
> #endif
>
> and
>
> //
> // If DXE is 32-bit, then just return the traditional 64 MB cap.
> //
> #ifdef MDE_CPU_IA32
> if (!FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
> return SIZE_64MB;
> }
> #endif
>
> Thanks
> Laszlo
>
>>
>>
>>
>> Thank you
>>
>> Yao Jiewen
>>
>>
>>
>>
>>
>> *From:*Laszlo Ersek [mailto:lersek@redhat.com]
>> *Sent:* Wednesday, February 8, 2017 9:52 AM
>> *To:* Yao, Jiewen <jiewen.yao@intel.com>; Duran, Leo
>> <leo.duran@amd.com>; Zeng, Star <star.zeng@intel.com>;
>> edk2-devel@ml01.01.org
>> *Cc:* Tian, Feng <feng.tian@intel.com>; Singh, Brijesh
>> <brijesh.singh@amd.com>; Justen, Jordan L <jordan.l.justen@intel.com>
>> *Subject:* Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>> PcdPteMemoryEncryptionAddressOrMask
>>
>>
>>
>> On 02/08/17 18:27, Yao, Jiewen wrote:
>>> I believe PcdDxeIplSwitchtoLongMode == DXE is Long mode.
>>>
>>>
>>>
>>> See DEC description:
>>>
>>> # It is assumed that 64-bit DxeCore is built in firmware if it is
>>> true; otherwise 32-bit DxeCore
>>>
>>> # is built in firmware.<BR><BR>
>>
>> Unfortunately, I have no historical context or background for this
>> PCD; all I can say is that the X64 OVMF platform does not set the PCD.
>>
>> It enters long mode, and sets up page tables for the first 4GB of
>> RAM, in SEC. Then SEC decompresses the flash contents to RAM, which
>> covers both PEIFV and DXEFV. PEI runs from RAM.
>>
>> This is possible because on QEMU/KVM, there's no need to initialize
>> RAM, thus only SEC runs from flash, in-place.
>>
>> Perhaps Jordan can provide more insight.
>>
>> If Brijesh and Leo would like to run the X64 OVMF platform as a SEV
>> guest too, then this should be considered, in my opinion.
>>
>> One more comment below:
>>
>>>
>>>
>>>
>>> And the code MdeModulePkg\Universal\Acpi\S3SaveStateDxe\AcpiS3ContextSave.c:
>>>
>>>
>>>
>>> BOOLEAN
>>>
>>> IsLongModeWakingVectorSupport (
>>>
>>> IN EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE*Facs
>>>
>>> )
>>>
>>> {
>>>
>>> if((Facs == NULL) ||
>>>
>>> (Facs->Signature !=
>>> EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_SIGNATURE) ) {
>>>
>>> //
>>>
>>> // Something wrong with FACS.
>>>
>>> //
>>>
>>> returnFALSE;
>>>
>>> }
>>>
>>> if((Facs->Version ==
>>> EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_VERSION) &&
>>>
>>> ((Facs->Flags & EFI_ACPI_4_0_64BIT_WAKE_SUPPORTED_F) != 0)) {
>>>
>>> //
>>>
>>> // BIOS supports 64bit waking vector.
>>>
>>> //
>>>
>>> if(FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
>>>
>>> returnTRUE;
>>>
>>> }
>>>
>>> }
>>>
>>> returnFALSE;
>>>
>>> }
>>
>> In practice, it's okay if the OVMF X64 platform is recognized as "not
>> supporting a 64-bit waking vector for S3 resume". All the 64-bit
>> guest OSes that I've tested with OVMF X64 (Linux, and the Windows 7 /
>> 8 / 10 families, both client and server) use a real mode (16-bit)
>> waking vector, in practice.
>>
>> ... Actually, upon reviewing the above code more carefully, we don't
>> even reach the FeaturePcdGet() call: the FACS that QEMU generates
>> (and OVMF downloads and installs) corresponds to ACPI 1.0, that is,
>> EFI_ACPI_1_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_VERSION.
>>
>> Thanks
>> Laszlo
>>
>>
>>>
>>>
>>>
>>>
>>>
>>> Thank you
>>>
>>> Yao Jiewen
>>>
>>>
>>>
>>> *From:*edk2-devel [mailto:edk2-devel-bounces@lists.01.org] *On
>>> Behalf Of *Yao, Jiewen
>>> *Sent:* Wednesday, February 8, 2017 9:18 AM
>>> *To:* Laszlo Ersek <lersek@redhat.com
>> <mailto:lersek@redhat.com>>; Duran, Leo <leo.duran@amd.com
>> <mailto:leo.duran@amd.com>>;
>>> Zeng, Star <star.zeng@intel.com
>> <mailto:star.zeng@intel.com>>; edk2-devel@ml01.01.org
>> <mailto:edk2-devel@ml01.01.org>
>>> *Cc:* Tian, Feng <feng.tian@intel.com <mailto:feng.tian@intel.com>>;
>>> Singh, Brijesh <brijesh.singh@amd.com
>>> <mailto:brijesh.singh@amd.com>>
>>> *Subject:* Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>> PcdPteMemoryEncryptionAddressOrMask
>>>
>>>
>>>
>>> Good reminder. I take back my word.
>>>
>>> In this case, we need consume PcdPteMemoryEncryptionAddressOrMask in IA32 mode to build X64 paging.
>>>
>>> We need
>>>
>>> From: Laszlo Ersek [mailto:lersek@redhat.com]
>>> Sent: Wednesday, February 8, 2017 9:11 AM
>>> To: Yao, Jiewen <jiewen.yao@intel.com
>> <mailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com>>;
>> Duran, Leo <leo.duran@amd.com <mailto:leo.duran@amd.com%0b>>
>> <mailto:leo.duran@amd.com>>; Zeng, Star <star.zeng@intel.com
>> <mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com>>;
>> edk2-devel@ml01.01.org <mailto:edk2-devel@ml01.01.org>
>>> <mailto:edk2-devel@ml01.01.org>
>>> Cc: Tian, Feng <feng.tian@intel.com
>> <mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com>>;
>> Singh, Brijesh <brijesh.singh@amd.com
>> <mailto:brijesh.singh@amd.com%0b>>
>> <mailto:brijesh.singh@amd.com>>
>>> Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>> PcdPteMemoryEncryptionAddressOrMask
>>>
>>> On 02/08/17 18:05, Yao, Jiewen wrote:
>>>> HI Leo
>>>>
>>>> Thanks to clarify that.
>>>>
>>>>
>>>>
>>>> If that is the case, do you think it will be better to limit this
>>>> PCD to
>>>> X64 only in DEC file. Such as [PcdsDynamic.X64, PcdsDynamicEx.X64]
>>>
>>> Not sure if this is the best place to raise the following
>>> observation, but it should do:
>>>
>>> please everyone remember that PcdDxeIplSwitchToLongMode is only TRUE
>>> if PEI is 32-bit and DXE is 64-bit. It is FALSE in *two* cases:
>>> - both PEI and DXE are 32-bit, and
>>> - both PEI and DXE are 64-bit.
>>>
>>> This doesn't necessarily invalidate anything said thus fair in the
>>> thread, but the following statement from Leo:
>>>
>>> The SEV feature requires 64-bit LongMode, so the
>>> PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time
>>>
>>> does not follow. The PCD is FALSE in OvmfPkgX64.dsc.
>>>
>>> Thanks,
>>> Laszlo
>>>
>>>>
>>>>
>>>>
>>>> Thank you
>>>>
>>>> Yao Jiewen
>>>>
>>>>
>>>>
>>>> *From:*Duran, Leo [mailto:leo.duran@amd.com]
>>>> *Sent:* Wednesday, February 8, 2017 9:00 AM
>>>> *To:* Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com
>> <mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com%0b>>
>> <mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com>>>;
>> edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org
>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>>>> *Cc:* Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com
>> <mailto:lersek@redhat.com%3cmailto:lersek@redhat.com%0b>>
>> <mailto:lersek@redhat.com%3cmailto:lersek@redhat.com>>>; Tian, Feng
>>>> <feng.tian@intel.com<mailto:feng.tian@intel.com
>> <mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com%0b>>
>> <mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com>>>; Singh,
>> Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com
>> <mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com%0b>>
>> <mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com>>>; Yao,
>>>> Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com
>> <mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com%0b>>
>> <mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com>>>
>>>> *Subject:* RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>
>>>>
>>>>
>>>> Pease see reply below.
>>>> Leo
>>>>
>>>>> -----Original Message-----
>>>>> From: Zeng, Star [mailto:star.zeng@intel.com]
>>>>> Sent: Tuesday, February 07, 2017 8:27 PM
>>>>> To: Duran, Leo <leo.duran@amd.com
>>>>> <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com
>>>>> %3cmailto:leo.duran@amd.com
>> <mailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com>>>>;
>> edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org
>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>>>> <mailto:edk2-devel@ml01.01.org>
>>>>> Cc: Laszlo Ersek <lersek@redhat.com
>> <mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%0b
>> <mailto:lersek@redhat.com%0b%0b>>
>> <mailto:lersek@redhat.com%0b%3cmailto:lersek@redhat.com%0b>>>
>> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
>> <mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com%0b
>> <mailto:feng.tian@intel.com%0b%0b>>
>> <mailto:feng.tian@intel.com%0b%3cmailto:feng.tian@intel.com%0b>>>
>> <mailto:feng.tian@intel.com>>;
>>>>> Singh, Brijesh <brijesh.singh@amd.com
>> <mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%0b
>> <mailto:brijesh.singh@amd.com%0b%0b>>
>> <mailto:brijesh.singh@amd.com%0b%3cmailto:brijesh.singh@amd.com%0b>>>
>> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
>> <mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com%0b
>> <mailto:star.zeng@intel.com%0b%0b>>
>> <mailto:star.zeng@intel.com%0b%3cmailto:star.zeng@intel.com%0b>>>
>> <mailto:star.zeng@intel.com>>;
>>>>> Yao, Jiewen <jiewen.yao@intel.com
>>>>> <mailto:jiewen.yao@intel.com<mailto:jiewen.yao@intel.com
>>>>> %3cmailto:jiewen.yao@intel.com
>> <mailto:jiewen.yao@intel.com
>> %3cmailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com
>> %3cmailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com
>> %3cmailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com
>> %3cmailto:jiewen.yao@intel.com>>>>
>>>>> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>>
>>>>> Does Create4GPageTablesIa32Pae() also need to be updated?
>>>>>
>>>>> Thanks,
>>>>> Star
>>>> [Duran, Leo]
>>>> Hi Star,
>>>> No, I do not think Create4GPageTablesIa32Pae() is in the execution path.
>>>>
>>>> The SEV feature requires 64-bit LongMode, so the
>>>> PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time, in which case Create4GPageTablesIa32Pae() would *not* be called by HandOffToDxeCore().
>>>>
>>>>> -----Original Message-----
>>>>> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On
>>>>> Behalf Of Leo Duran
>>>>> Sent: Wednesday, February 8, 2017 3:54 AM
>>>>> To: edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org
>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>>> <mailto:edk2-devel@ml01.01.org>
>>>>> Cc: Laszlo Ersek <lersek@redhat.com
>> <mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%0b
>> <mailto:lersek@redhat.com%0b%0b>>
>> <mailto:lersek@redhat.com%0b%3cmailto:lersek@redhat.com%0b>>>
>> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
>> <mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com%0b
>> <mailto:feng.tian@intel.com%0b%0b>>
>> <mailto:feng.tian@intel.com%0b%3cmailto:feng.tian@intel.com%0b>>>
>> <mailto:feng.tian@intel.com>>;
>>>>> Brijesh Singh <brijesh.singh@amd.com
>> <mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%0b
>> <mailto:brijesh.singh@amd.com%0b%0b>>
>> <mailto:brijesh.singh@amd.com%0b%3cmailto:brijesh.singh@amd.com%0b>>>
>> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
>> <mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com%0b
>> <mailto:star.zeng@intel.com%0b%0b>>
>> <mailto:star.zeng@intel.com%0b%3cmailto:star.zeng@intel.com%0b>>>
>> <mailto:star.zeng@intel.com>>;
>>>>> Leo Duran <leo.duran@amd.com
>>>>> <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com
>>>>> %3cmailto:leo.duran@amd.com
>> <mailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com>>>>
>>>>> Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>>
>>>>> From: Brijesh Singh <brijesh.singh@amd.com
>>>>> <mailto:brijesh.singh@amd.com<mailto:brijesh.singh@amd.com
>>>>> %3cmailto:brijesh.singh@amd.com
>> <mailto:brijesh.singh@amd.com
>> %3cmailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com
>> %3cmailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com
>> %3cmailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com
>> %3cmailto:brijesh.singh@amd.com>>>>
>>>>>
>>>>> This dynamic PCD holds the address mask for page table entries
>>>>> when memory encryption is enabled on AMD processors supporting the
>>>>> Secure Encrypted Virtualization (SEV) feature.
>>>>>
>>>>> Cc: Feng Tian <feng.tian@intel.com
>>>>> <mailto:feng.tian@intel.com<mailto:feng.tian@intel.com
>>>>> %3cmailto:feng.tian@intel.com
>> <mailto:feng.tian@intel.com
>> %3cmailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com
>> %3cmailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com
>> %3cmailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com
>> %3cmailto:feng.tian@intel.com>>>>
>>>>> Cc: Star Zeng <star.zeng@intel.com
>>>>> <mailto:star.zeng@intel.com<mailto:star.zeng@intel.com
>>>>> %3cmailto:star.zeng@intel.com
>> <mailto:star.zeng@intel.com
>> %3cmailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com
>> %3cmailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com
>> %3cmailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com
>> %3cmailto:star.zeng@intel.com>>>>
>>>>> Cc: Laszlo Ersek <lersek@redhat.com
>>>>> <mailto:lersek@redhat.com<mailto:lersek@redhat.com
>>>>> %3cmailto:lersek@redhat.com
>> <mailto:lersek@redhat.com
>> %3cmailto:lersek@redhat.com%3cmailto:lersek@redhat.com
>> %3cmailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com
>> %3cmailto:lersek@redhat.com%3cmailto:lersek@redhat.com
>> %3cmailto:lersek@redhat.com>>>>
>>>>> Contributed-under: TianoCore Contribution Agreement 1.0
>>>>> Signed-off-by: Leo Duran <leo.duran@amd.com
>>>>> <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com
>>>>> %3cmailto:leo.duran@amd.com
>> <mailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com>>>>
>>>>> ---
>>>>> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
>>>>> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18
>>>>> ++++++++++--
>>>>> ------
>>>>> MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
>>>>> 3 files changed, 22 insertions(+), 9 deletions(-)
>>>>>
>>>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>>> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>>> index 2bc41be..d62bd9b 100644
>>>>> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>>> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>>> @@ -6,6 +6,8 @@
>>>>> # needed to run the DXE Foundation.
>>>>> #
>>>>> # Copyright (c) 2006 - 2016, Intel Corporation. All rights
>>>>> reserved.<BR>
>>>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>>>>> +#
>>>>> # This program and the accompanying materials # are licensed
>>>>> and made available under the terms and conditions of the BSD
>>>>> License # which accompanies this distribution. The full text of
>>>>> the license may be found at @@ -111,7 +113,8 @@ [FeaturePcd]
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress
>>>>> ## CONSUMES
>>>>>
>>>>> [Pcd.IA32,Pcd.X64]
>>>>> - gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>>>> SOMETIMES_CONSUMES
>>>>> + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>>>> SOMETIMES_CONSUMES
>>>>> +
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>>>> ask ## CONSUMES
>>>>>
>>>>> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ##
>>>>> SOMETIMES_CONSUMES
>>>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>>> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>>> index 790f6ab..2c52389 100644
>>>>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>>> @@ -16,6 +16,8 @@
>>>>> 3) IA-32 Intel(R) Architecture Software Developer's Manual
>>>>> Volume 3:System Programmer's Guide, Intel
>>>>>
>>>>> Copyright (c) 2006 - 2016, Intel Corporation. All rights
>>>>> reserved.<BR>
>>>>> +Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>>>>> +
>>>>> This program and the accompanying materials are licensed and
>>>>> made available under the terms and conditions of the BSD License
>>>>> which accompanies this distribution. The full text of the license
>>>>> may be found at @@ -71,14 +73,14 @@ Split2MPageTo4K (
>>>>> //
>>>>> // Fill in 2M page entry.
>>>>> //
>>>>> - *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P |
>>>>> IA32_PG_RW;
>>>>> + *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64
>>>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>>>>
>>>>> PhysicalAddress4K = PhysicalAddress;
>>>>> for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries <
>>>>> 512;
>>>>> IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=
>>>>> SIZE_4KB) {
>>>>> //
>>>>> // Fill in the Page Table entries
>>>>> //
>>>>> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
>>>>> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K |
>>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageTableEntry->Bits.ReadWrite = 1;
>>>>> PageTableEntry->Bits.Present = 1;
>>>>> if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K <
>>>>> StackBase +
>>>>> StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M (
>>>>> //
>>>>> // Fill in 1G page entry.
>>>>> //
>>>>> - *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P
>>>>> | IA32_PG_RW;
>>>>> + *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64
>>>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>>>>
>>>>> PhysicalAddress2M = PhysicalAddress;
>>>>> for (IndexOfPageDirectoryEntries = 0;
>>>>> IndexOfPageDirectoryEntries < 512;
>>>>> IndexOfPageDirectoryEntries++, PageDirectoryEntry++,
>>>>> IndexOfPageDirectoryEntries++PhysicalAddress2M
>>>>> += SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M (
>>>>> //
>>>>> // Fill in the Page Directory entries
>>>>> //
>>>>> - PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
>>>>> + PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M |
>>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>>>> PageDirectoryEntry->Bits.Present = 1;
>>>>> PageDirectoryEntry->Bits.MustBe1 = 1; @@ -248,7 +250,7 @@
>>>>> CreateIdentityMappingPageTables (
>>>>> //
>>>>> // Make a PML4 Entry
>>>>> //
>>>>> - PageMapLevel4Entry->Uint64 =
>>>>> (UINT64)(UINTN)PageDirectoryPointerEntry;
>>>>> + PageMapLevel4Entry->Uint64 =
>>>>> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64
>>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageMapLevel4Entry->Bits.ReadWrite = 1;
>>>>> PageMapLevel4Entry->Bits.Present = 1;
>>>>>
>>>>> @@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
>>>>> //
>>>>> // Fill in the Page Directory entries
>>>>> //
>>>>> - PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
>>>>> + PageDirectory1GEntry->Uint64 = (UINT64)PageAddress |
>>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageDirectory1GEntry->Bits.ReadWrite = 1;
>>>>> PageDirectory1GEntry->Bits.Present = 1;
>>>>> PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -280,7
>>>>> +282,7 @@ CreateIdentityMappingPageTables (
>>>>> //
>>>>> // Fill in a Page Directory Pointer Entries
>>>>> //
>>>>> - PageDirectoryPointerEntry->Uint64 =
>>>>> (UINT64)(UINTN)PageDirectoryEntry;
>>>>> + PageDirectoryPointerEntry->Uint64 =
>>>>> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64
>>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageDirectoryPointerEntry->Bits.ReadWrite = 1;
>>>>> PageDirectoryPointerEntry->Bits.Present = 1;
>>>>>
>>>>> @@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
>>>>> //
>>>>> // Fill in the Page Directory entries
>>>>> //
>>>>> - PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
>>>>> + PageDirectoryEntry->Uint64 = (UINT64)PageAddress |
>>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>>>> PageDirectoryEntry->Bits.Present = 1;
>>>>> PageDirectoryEntry->Bits.MustBe1 = 1; diff --git
>>>>> a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
>>>>> index 273cd7e..207384f 100644
>>>>> --- a/MdeModulePkg/MdeModulePkg.dec
>>>>> +++ b/MdeModulePkg/MdeModulePkg.dec
>>>>> @@ -6,6 +6,8 @@
>>>>> # Copyright (c) 2007 - 2017, Intel Corporation. All rights
>>>>> reserved.<BR> # Copyright (c) 2016, Linaro Ltd. All rights
>>>>> reserved.<BR> # (C) Copyright 2016 Hewlett Packard Enterprise
>>>>> Development LP<BR>
>>>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>>>>> +#
>>>>> # This program and the accompanying materials are licensed and
>>>>> made available under # the terms and conditions of the BSD
>>>>> License that accompanies this distribution.
>>>>> # The full text of the license may be found at @@ -1738,5
>>>>> +1740,11 @@ [PcdsDynamic, PcdsDynamicEx]
>>>>> # @Prompt If there is any test key used by the platform.
>>>>>
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x0
>>>>> 0030003
>>>>>
>>>>> + ## This dynamic PCD holds the address mask for page table
>>>>> + entries when memory encryption is # enabled on AMD processors
>>>>> + supporting the
>>>>> Secure Encrypted Virtualization (SEV) feature.
>>>>> + # This mask should be applied when creating 1:1 virtual to
>>>>> + physical
>>>>> mapping tables.
>>>>> + #
>>>>> +
>>>>> +
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>>>> ask|0x0
>>>>> + |UINT64|0x00030004
>>>>> +
>>>>> [UserExtensions.TianoCore."ExtraFiles"]
>>>>> MdeModulePkgExtra.uni
>>>>> --
>>>>> 1.9.1
>>>>>
>>>>> _______________________________________________
>>>>> edk2-devel mailing list
>>>>> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org
>> <mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>
>>> <mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>>
>>> <mailto:edk2-devel@lists.01.org>
>>>>> https://lists.01.org/mailman/listinfo/edk2-devel
>>>>
>>> _______________________________________________
>>> edk2-devel mailing list
>>> edk2-devel@lists.01.org
>> <mailto:edk2-devel@lists.01.org> <mailto:edk2-devel@lists.01.org>
>>> https://lists.01.org/mailman/listinfo/edk2-devel
>>>
>>
>
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-09 9:10 ` Laszlo Ersek
@ 2017-02-09 9:18 ` Zeng, Star
0 siblings, 0 replies; 33+ messages in thread
From: Zeng, Star @ 2017-02-09 9:18 UTC (permalink / raw)
To: Laszlo Ersek, Yao, Jiewen, Duran, Leo, edk2-devel@ml01.01.org
Cc: Tian, Feng, Singh, Brijesh, Justen, Jordan L, Zeng, Star
Seemingly not big problem since OVMF does not support 64BITs waking vector.
Thanks,
Star
-----Original Message-----
From: Laszlo Ersek [mailto:lersek@redhat.com]
Sent: Thursday, February 9, 2017 5:10 PM
To: Zeng, Star <star.zeng@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Duran, Leo <leo.duran@amd.com>; edk2-devel@ml01.01.org
Cc: Tian, Feng <feng.tian@intel.com>; Singh, Brijesh <brijesh.singh@amd.com>; Justen, Jordan L <jordan.l.justen@intel.com>
Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
On 02/09/17 06:56, Zeng, Star wrote:
> Stick to current comments and code, OvmfPkg X64 has bug? J
>
>
>
> PCD comments:
>
> #
> It is assumed that 64-bit DxeCore is built in firmware if it is true;
> otherwise 32-bit DxeCore
>
>
>
> Code pieces in S3ResumePei, S3SaveStateDxe, SmmLockBoxPeiLib, etc:
>
> // Both BIOS and OS wants 64bit vector
>
> if (FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
>
> return TRUE;
>
> }
>
>
>
> //
>
> // BIOS supports 64bit waking vector.
> //
>
> if(FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
> returnTRUE;
>
> }
>
>
>
> if ((sizeof(UINTN) == sizeof(UINT32)) && (FeaturePcdGet
> (PcdDxeIplSwitchToLongMode)) ) {
>
> //
>
> // 32 PEI + 64 DXE
>
> //
>
>
>
>
>
> According to above, the patch I drafted is wrong.
That's too bad, because I agreed with it. :(
I can't start working on this right now, but if you guys think it's a big problem, please file an OvmfPkg BZ, and we'll have to audit all uses of PcdDxeIplSwitchToLongMode, to see what might break if we flip it to TRUE for OVMF X64.
Thanks
Laszlo
>
>
>
> Thanks,
>
> Star
>
> *From:*Yao, Jiewen
> *Sent:* Thursday, February 9, 2017 1:23 PM
> *To:* Zeng, Star <star.zeng@intel.com>; Laszlo Ersek
> <lersek@redhat.com>; Duran, Leo <leo.duran@amd.com>;
> edk2-devel@ml01.01.org
> *Cc:* Tian, Feng <feng.tian@intel.com>; Singh, Brijesh
> <brijesh.singh@amd.com>; Justen, Jordan L <jordan.l.justen@intel.com>
> *Subject:* RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
>
>
> I suggest we evaluate **all** usages of
> PcdDxeIplSwitchToLongModebecause this is an incompatible change.
>
>
>
> #
> It is assumed that 64-bit DxeCore is built in firmware if it is true;
> otherwise 32-bit DxeCore
>
>
>
> Thank you
>
> Yao Jiewen
>
>
>
> *From:*Zeng, Star
> *Sent:* Wednesday, February 8, 2017 9:12 PM
> *To:* Laszlo Ersek <lersek@redhat.com <mailto:lersek@redhat.com>>;
> Yao, Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com>>;
> Duran, Leo <leo.duran@amd.com <mailto:leo.duran@amd.com>>;
> edk2-devel@ml01.01.org <mailto:edk2-devel@ml01.01.org>
> *Cc:* Tian, Feng <feng.tian@intel.com <mailto:feng.tian@intel.com>>;
> Singh, Brijesh <brijesh.singh@amd.com <mailto:brijesh.singh@amd.com>>;
> Justen, Jordan L <jordan.l.justen@intel.com
> <mailto:jordan.l.justen@intel.com>>; Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com>>
> *Subject:* RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
>
>
> In fact, X64 DxeIplPeim does not refer PcdDxeIplSwitchToLongMode at all.
>
> DxeIpl.inf:
> [FeaturePcd.IA32]
> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode ## CONSUMES
>
> As I remember, I did a draft patch below before for the discussion about how to determine *PEI* is 32BITs or 64BITs in title "[edk2] [PATCH v3 2/4] IntelFrameworkModulePkg: BdsDxe: only allocate below 4 GB if needed", I can't find the archive link any more.
>
> ---
> MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c | 5 +++++
> MdeModulePkg/MdeModulePkg.dec | 4 +++-
> 2 files changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
> b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
> index 6488880..348e084 100644
> --- a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
> @@ -43,6 +43,11 @@ HandOffToDxeCore (
> EFI_PEI_VECTOR_HANDOFF_INFO_PPI *VectorHandoffInfoPpi;
>
> //
> + // It should be FALSE for both PEI and DXE are 64-bit.
> + //
> + ASSERT (PcdGetBool (PcdDxeIplSwitchToLongMode) == FALSE);
> +
> + //
> // Get Vector Hand-off Info PPI and build Guided HOB
> //
> Status = PeiServicesLocatePpi (
> diff --git a/MdeModulePkg/MdeModulePkg.dec
> b/MdeModulePkg/MdeModulePkg.dec index af7bcab..4a73f7b 100644
> --- a/MdeModulePkg/MdeModulePkg.dec
> +++ b/MdeModulePkg/MdeModulePkg.dec
> @@ -712,8 +712,10 @@
> ## Indicates if DxeIpl should switch to long mode to enter DXE phase.
> # It is assumed that 64-bit DxeCore is built in firmware if it is true; otherwise 32-bit DxeCore
> # is built in firmware.<BR><BR>
> + # And it should be FALSE for both PEI and DXE are 64-bit.
> # TRUE - DxeIpl will load a 64-bit DxeCore and switch to long mode to hand over to DxeCore.<BR>
> - # FALSE - DxeIpl will load a 32-bit DxeCore and perform stack switch to hand over to DxeCore.<BR>
> + # FALSE - DxeIpl will load a 32-bit DxeCore and perform stack switch to hand over to DxeCore,<BR>
> + # or both PEI and DXE are 64-bit.<BR>
> # @Prompt DxeIpl switch to long mode.
>
> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|TRUE|BOOLEAN|
> 0x0001003b
>
> --
>
>
> Thanks,
> Star
> -----Original Message-----
> From: Laszlo Ersek [mailto:lersek@redhat.com]
> Sent: Thursday, February 9, 2017 3:48 AM
> To: Yao, Jiewen <jiewen.yao@intel.com
> <mailto:jiewen.yao@intel.com>>; Duran, Leo <leo.duran@amd.com
> <mailto:leo.duran@amd.com>>; Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com>>; edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org>
> Cc: Tian, Feng <feng.tian@intel.com
> <mailto:feng.tian@intel.com>>; Singh, Brijesh <brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com>>; Justen, Jordan L
> <jordan.l.justen@intel.com <mailto:jordan.l.justen@intel.com>>
> Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
> PcdPteMemoryEncryptionAddressOrMask
>
> On 02/08/17 19:20, Yao, Jiewen wrote:
>> Got it.
>>
>>
>>
>> If the means of PcdDxeIplSwitchtoLongMode is unclear, we may add
>> more description to make it clear.
>>
>>
>>
>> If we believe "PcdDxeIplSwitchtoLongMode == DXE is Long mode" as
>> final conclusion, can we treat that as a bug and fix OVMF X64?
>
> I don't know how to "fix" that. What is there to fix?
>
> Flipping the PCD to TRUE in OVMF X64 would break OVMF X64, and likely OVMF Ia32X64 too. For two reasons:
>
>
> (1) Toggling the PCD would alter the behavior of the DXE IPL PEIM and/or the DXE Core, and that behavior has never ever been tested with OVMF X64.
>
> The PcdDxeIplSwitchToLongMode=FALSE setting in the X64 DSC dates back to:
>
> commit 8fa729a8b1401f01c6fd8ddbcab45e4a4904fa9a
> Author: lgao4 <lgao4@6f19259b-4bc3-4df7-8a09-765794883524>
> Date: Mon Mar 15 01:40:59 2010 +0000
>
> Merge the same type PCD section.
>
> git-svn-id:
> https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10243
> 6f19259b-4bc3-4df7-8a09-765794883524
>
> and before that, to:
>
> commit 49ba9447c92d6fca214476381107a180d08e59d1
> Author: jljusten <jljusten@6f19259b-4bc3-4df7-8a09-765794883524>
> Date: Wed May 27 21:10:18 2009 +0000
>
> Add initial version of Open Virtual Machine Firmware (OVMF) platform.
>
> git-svn-id:
> https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@8398
> 6f19259b-4bc3-4df7-8a09-765794883524
>
> In other words, OVMF X64 has always worked like this, since its inception.
>
>
> (2) PEI code under OvmfPkg itself uses this PCD to identify a 32-bit DXE phase.
>
> //
> // If DXE is 32-bit, then we're done; PciBusDxe will degrade 64-bit MMIO
> // resources to 32-bit anyway. See DegradeResource() in
> // "PciResourceSupport.c".
> //
> #ifdef MDE_CPU_IA32
> if (!FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
> return FirstNonAddress;
> }
> #endif
>
> and
>
> //
> // If DXE is 32-bit, then just return the traditional 64 MB cap.
> //
> #ifdef MDE_CPU_IA32
> if (!FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
> return SIZE_64MB;
> }
> #endif
>
> Thanks
> Laszlo
>
>>
>>
>>
>> Thank you
>>
>> Yao Jiewen
>>
>>
>>
>>
>>
>> *From:*Laszlo Ersek [mailto:lersek@redhat.com]
>> *Sent:* Wednesday, February 8, 2017 9:52 AM
>> *To:* Yao, Jiewen <jiewen.yao@intel.com
>> <mailto:jiewen.yao@intel.com>>; Duran, Leo <leo.duran@amd.com
> <mailto:leo.duran@amd.com>>; Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com>>;
>> edk2-devel@ml01.01.org <mailto:edk2-devel@ml01.01.org>
>> *Cc:* Tian, Feng <feng.tian@intel.com <mailto:feng.tian@intel.com>>;
>> Singh, Brijesh <brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com>>; Justen, Jordan L
> <jordan.l.justen@intel.com <mailto:jordan.l.justen@intel.com>>
>> *Subject:* Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>> PcdPteMemoryEncryptionAddressOrMask
>>
>>
>>
>> On 02/08/17 18:27, Yao, Jiewen wrote:
>>> I believe PcdDxeIplSwitchtoLongMode == DXE is Long mode.
>>>
>>>
>>>
>>> See DEC description:
>>>
>>> # It is assumed that 64-bit DxeCore is built in firmware if it is
>>> true; otherwise 32-bit DxeCore
>>>
>>> # is built in firmware.<BR><BR>
>>
>> Unfortunately, I have no historical context or background for this
>> PCD; all I can say is that the X64 OVMF platform does not set the PCD.
>>
>> It enters long mode, and sets up page tables for the first 4GB of
>> RAM, in SEC. Then SEC decompresses the flash contents to RAM, which
>> covers both PEIFV and DXEFV. PEI runs from RAM.
>>
>> This is possible because on QEMU/KVM, there's no need to initialize
>> RAM, thus only SEC runs from flash, in-place.
>>
>> Perhaps Jordan can provide more insight.
>>
>> If Brijesh and Leo would like to run the X64 OVMF platform as a SEV
>> guest too, then this should be considered, in my opinion.
>>
>> One more comment below:
>>
>>>
>>>
>>>
>>> And the code MdeModulePkg\Universal\Acpi\S3SaveStateDxe\AcpiS3ContextSave.c:
>>>
>>>
>>>
>>> BOOLEAN
>>>
>>> IsLongModeWakingVectorSupport (
>>>
>>> IN EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE*Facs
>>>
>>> )
>>>
>>> {
>>>
>>> if((Facs == NULL) ||
>>>
>>> (Facs->Signature !=
>>> EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_SIGNATURE) ) {
>>>
>>> //
>>>
>>> // Something wrong with FACS.
>>>
>>> //
>>>
>>> returnFALSE;
>>>
>>> }
>>>
>>> if((Facs->Version ==
>>> EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_VERSION) &&
>>>
>>> ((Facs->Flags & EFI_ACPI_4_0_64BIT_WAKE_SUPPORTED_F) != 0)) {
>>>
>>> //
>>>
>>> // BIOS supports 64bit waking vector.
>>>
>>> //
>>>
>>> if(FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
>>>
>>> returnTRUE;
>>>
>>> }
>>>
>>> }
>>>
>>> returnFALSE;
>>>
>>> }
>>
>> In practice, it's okay if the OVMF X64 platform is recognized as "not
>> supporting a 64-bit waking vector for S3 resume". All the 64-bit
>> guest OSes that I've tested with OVMF X64 (Linux, and the Windows 7 /
>> 8 / 10 families, both client and server) use a real mode (16-bit)
>> waking vector, in practice.
>>
>> ... Actually, upon reviewing the above code more carefully, we don't
>> even reach the FeaturePcdGet() call: the FACS that QEMU generates
>> (and OVMF downloads and installs) corresponds to ACPI 1.0, that is,
>> EFI_ACPI_1_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_VERSION.
>>
>> Thanks
>> Laszlo
>>
>>
>>>
>>>
>>>
>>>
>>>
>>> Thank you
>>>
>>> Yao Jiewen
>>>
>>>
>>>
>>> *From:*edk2-devel [mailto:edk2-devel-bounces@lists.01.org] *On
>>> Behalf Of *Yao, Jiewen
>>> *Sent:* Wednesday, February 8, 2017 9:18 AM
>>> *To:* Laszlo Ersek <lersek@redhat.com
> <mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com>>; Duran, Leo
> <leo.duran@amd.com <mailto:leo.duran@amd.com %0b>>
> <mailto:leo.duran@amd.com>>;
>>> Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com>>;
> edk2-devel@ml01.01.org <mailto:edk2-devel@ml01.01.org>
>> <mailto:edk2-devel@ml01.01.org>
>>> *Cc:* Tian, Feng <feng.tian@intel.com <mailto:feng.tian@intel.com
> <mailto:feng.tian@intel.com %3cmailto:feng.tian@intel.com>>>;
>>> Singh, Brijesh <brijesh.singh@amd.com <mailto:brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com %3cmailto:brijesh.singh@amd.com>>>
>>> *Subject:* Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>> PcdPteMemoryEncryptionAddressOrMask
>>>
>>>
>>>
>>> Good reminder. I take back my word.
>>>
>>> In this case, we need consume PcdPteMemoryEncryptionAddressOrMask in IA32 mode to build X64 paging.
>>>
>>> We need
>>>
>>> From: Laszlo Ersek [mailto:lersek@redhat.com]
>>> Sent: Wednesday, February 8, 2017 9:11 AM
>>> To: Yao, Jiewen <jiewen.yao@intel.com
> <mailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com%0b>>
> <mailto:jiewen.yao@intel.com>>;
>> Duran, Leo <leo.duran@amd.com <mailto:leo.duran@amd.com%0b
> <mailto:leo.duran@amd.com %3cmailto:leo.duran@amd.com%0b>>>
>> <mailto:leo.duran@amd.com>>; Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com %0b>> <mailto:star.zeng@intel.com%0b>>
> <mailto:star.zeng@intel.com>>;
>> edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org> <mailto:edk2-devel@ml01.01.org>
>>> <mailto:edk2-devel@ml01.01.org>
>>> Cc: Tian, Feng <feng.tian@intel.com
> <mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com%0b>>
> <mailto:feng.tian@intel.com>>; Singh,
>> Brijesh <brijesh.singh@amd.com <mailto:brijesh.singh@amd.com%0b
> <mailto:brijesh.singh@amd.com %3cmailto:brijesh.singh@amd.com%0b>>>
>> <mailto:brijesh.singh@amd.com>>
>>> Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>> PcdPteMemoryEncryptionAddressOrMask
>>>
>>> On 02/08/17 18:05, Yao, Jiewen wrote:
>>>> HI Leo
>>>>
>>>> Thanks to clarify that.
>>>>
>>>>
>>>>
>>>> If that is the case, do you think it will be better to limit this
>>>> PCD to
>>>> X64 only in DEC file. Such as [PcdsDynamic.X64, PcdsDynamicEx.X64]
>>>
>>> Not sure if this is the best place to raise the following
>>> observation, but it should do:
>>>
>>> please everyone remember that PcdDxeIplSwitchToLongMode is only TRUE
>>> if PEI is 32-bit and DXE is 64-bit. It is FALSE in *two* cases:
>>> - both PEI and DXE are 32-bit, and
>>> - both PEI and DXE are 64-bit.
>>>
>>> This doesn't necessarily invalidate anything said thus fair in the
>>> thread, but the following statement from Leo:
>>>
>>> The SEV feature requires 64-bit LongMode, so the
>>> PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time
>>>
>>> does not follow. The PCD is FALSE in OvmfPkgX64.dsc.
>>>
>>> Thanks,
>>> Laszlo
>>>
>>>>
>>>>
>>>>
>>>> Thank you
>>>>
>>>> Yao Jiewen
>>>>
>>>>
>>>>
>>>> *From:*Duran, Leo [mailto:leo.duran@amd.com]
>>>> *Sent:* Wednesday, February 8, 2017 9:00 AM
>>>> *To:* Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com
> <mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com%0b>>
> <mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com%0b>>
>> <mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com>>>;
>> edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>>>> *Cc:* Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com
> <mailto:lersek@redhat.com%3cmailto:lersek@redhat.com%0b>>
> <mailto:lersek@redhat.com%3cmailto:lersek@redhat.com%0b>>
>> <mailto:lersek@redhat.com%3cmailto:lersek@redhat.com>>>; Tian, Feng
>>>> <feng.tian@intel.com<mailto:feng.tian@intel.com
> <mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com%0b>>
> <mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com%0b>>
>> <mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com>>>; Singh,
>> Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com%0b>>
> <mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com%0b>>
>> <mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com>>>; Yao,
>>>> Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com
> <mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com%0b>>
> <mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com%0b>>
>> <mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com>>>
>>>> *Subject:* RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>
>>>>
>>>>
>>>> Pease see reply below.
>>>> Leo
>>>>
>>>>> -----Original Message-----
>>>>> From: Zeng, Star [mailto:star.zeng@intel.com]
>>>>> Sent: Tuesday, February 07, 2017 8:27 PM
>>>>> To: Duran, Leo <leo.duran@amd.com
> <mailto:leo.duran@amd.com %0b>>>>>
> <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %0b>>>>>
> %3cmailto:leo.duran@amd.com
>> <mailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com %0b>>
> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com %0b>>
> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com>>>>;
>> edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>>>> <mailto:edk2-devel@ml01.01.org>
>>>>> Cc: Laszlo Ersek <lersek@redhat.com
> <mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%0b>>
> <mailto:lersek@redhat.com%0b <mailto:lersek@redhat.com%0b %0b>>
> <mailto:lersek@redhat.com%0b%0b>>
>> <mailto:lersek@redhat.com%0b%3cmailto:lersek@redhat.com%0b>>>
>> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
> <mailto:feng.tian@intel.com %0b>> <mailto:feng.tian@intel.com%0b>>
> <mailto:feng.tian@intel.com%0b <mailto:feng.tian@intel.com%0b %0b>>
> <mailto:feng.tian@intel.com%0b%0b>>
>> <mailto:feng.tian@intel.com%0b%3cmailto:feng.tian@intel.com%0b>>>
>> <mailto:feng.tian@intel.com>>;
>>>>> Singh, Brijesh <brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%0b>>
> <mailto:brijesh.singh@amd.com%0b <mailto:brijesh.singh@amd.com%0b
> %0b>> <mailto:brijesh.singh@amd.com%0b%0b>>
>> <mailto:brijesh.singh@amd.com%0b%3cmailto:brijesh.singh@amd.com%0b>>>
>> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com %0b>> <mailto:star.zeng@intel.com%0b>>
> <mailto:star.zeng@intel.com%0b <mailto:star.zeng@intel.com%0b %0b>>
> <mailto:star.zeng@intel.com%0b%0b>>
>> <mailto:star.zeng@intel.com%0b%3cmailto:star.zeng@intel.com%0b>>>
>> <mailto:star.zeng@intel.com>>;
>>>>> Yao, Jiewen <jiewen.yao@intel.com
> <mailto:jiewen.yao@intel.com %0b>>>>>
> <mailto:jiewen.yao@intel.com<mailto:jiewen.yao@intel.com
> <mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com %0b>>>>>
> %3cmailto:jiewen.yao@intel.com
>> <mailto:jiewen.yao@intel.com
> <mailto:jiewen.yao@intel.com %0b>>
> %3cmailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com
>> %3cmailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com
> <mailto:jiewen.yao@intel.com %0b>>
> %3cmailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com
>> %3cmailto:jiewen.yao@intel.com>>>>
>>>>> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>>
>>>>> Does Create4GPageTablesIa32Pae() also need to be updated?
>>>>>
>>>>> Thanks,
>>>>> Star
>>>> [Duran, Leo]
>>>> Hi Star,
>>>> No, I do not think Create4GPageTablesIa32Pae() is in the execution path.
>>>>
>>>> The SEV feature requires 64-bit LongMode, so the
>>>> PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time, in which case Create4GPageTablesIa32Pae() would *not* be called by HandOffToDxeCore().
>>>>
>>>>> -----Original Message-----
>>>>> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On
>>>>> Behalf Of Leo Duran
>>>>> Sent: Wednesday, February 8, 2017 3:54 AM
>>>>> To: edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org
> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>>> <mailto:edk2-devel@ml01.01.org>
>>>>> Cc: Laszlo Ersek <lersek@redhat.com
> <mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%0b>>
> <mailto:lersek@redhat.com%0b <mailto:lersek@redhat.com%0b %0b>>
> <mailto:lersek@redhat.com%0b%0b>>
>> <mailto:lersek@redhat.com%0b%3cmailto:lersek@redhat.com%0b>>>
>> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
> <mailto:feng.tian@intel.com %0b>> <mailto:feng.tian@intel.com%0b>>
> <mailto:feng.tian@intel.com%0b <mailto:feng.tian@intel.com%0b %0b>>
> <mailto:feng.tian@intel.com%0b%0b>>
>> <mailto:feng.tian@intel.com%0b%3cmailto:feng.tian@intel.com%0b>>>
>> <mailto:feng.tian@intel.com>>;
>>>>> Brijesh Singh <brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%0b>>
> <mailto:brijesh.singh@amd.com%0b <mailto:brijesh.singh@amd.com%0b
> %0b>> <mailto:brijesh.singh@amd.com%0b%0b>>
>> <mailto:brijesh.singh@amd.com%0b%3cmailto:brijesh.singh@amd.com%0b>>>
>> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
> <mailto:star.zeng@intel.com %0b>> <mailto:star.zeng@intel.com%0b>>
> <mailto:star.zeng@intel.com%0b <mailto:star.zeng@intel.com%0b %0b>>
> <mailto:star.zeng@intel.com%0b%0b>>
>> <mailto:star.zeng@intel.com%0b%3cmailto:star.zeng@intel.com%0b>>>
>> <mailto:star.zeng@intel.com>>;
>>>>> Leo Duran <leo.duran@amd.com
> <mailto:leo.duran@amd.com %0b>>>>>
> <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %0b>>>>>
> %3cmailto:leo.duran@amd.com
>> <mailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com %0b>>
> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com %0b>>
> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com>>>>
>>>>> Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>>
>>>>> From: Brijesh Singh <brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com %0b>>>>>
> <mailto:brijesh.singh@amd.com<mailto:brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com %0b>>>>>
> %3cmailto:brijesh.singh@amd.com
>> <mailto:brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com %0b>>
> %3cmailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com
>> %3cmailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com
> <mailto:brijesh.singh@amd.com %0b>>
> %3cmailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com
>> %3cmailto:brijesh.singh@amd.com>>>>
>>>>>
>>>>> This dynamic PCD holds the address mask for page table entries
>>>>> when memory encryption is enabled on AMD processors supporting the
>>>>> Secure Encrypted Virtualization (SEV) feature.
>>>>>
>>>>> Cc: Feng Tian <feng.tian@intel.com
> <mailto:feng.tian@intel.com %0b>>>>>
> <mailto:feng.tian@intel.com<mailto:feng.tian@intel.com
> <mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com %0b>>>>>
> %3cmailto:feng.tian@intel.com
>> <mailto:feng.tian@intel.com
> <mailto:feng.tian@intel.com %0b>>
> %3cmailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com
>> %3cmailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com
> <mailto:feng.tian@intel.com %0b>>
> %3cmailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com
>> %3cmailto:feng.tian@intel.com>>>>
>>>>> Cc: Star Zeng <star.zeng@intel.com
> <mailto:star.zeng@intel.com %0b>>>>>
> <mailto:star.zeng@intel.com<mailto:star.zeng@intel.com
> <mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com %0b>>>>>
> %3cmailto:star.zeng@intel.com
>> <mailto:star.zeng@intel.com
> <mailto:star.zeng@intel.com %0b>>
> %3cmailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com
>> %3cmailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com
> <mailto:star.zeng@intel.com %0b>>
> %3cmailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com
>> %3cmailto:star.zeng@intel.com>>>>
>>>>> Cc: Laszlo Ersek <lersek@redhat.com
> <mailto:lersek@redhat.com %0b>>>>>
> <mailto:lersek@redhat.com<mailto:lersek@redhat.com
> <mailto:lersek@redhat.com%3cmailto:lersek@redhat.com %0b>>>>>
> %3cmailto:lersek@redhat.com
>> <mailto:lersek@redhat.com
> <mailto:lersek@redhat.com %0b>>
> %3cmailto:lersek@redhat.com%3cmailto:lersek@redhat.com
>> %3cmailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com
> <mailto:lersek@redhat.com %0b>>
> %3cmailto:lersek@redhat.com%3cmailto:lersek@redhat.com
>> %3cmailto:lersek@redhat.com>>>>
>>>>> Contributed-under: TianoCore Contribution Agreement 1.0
>>>>> Signed-off-by: Leo Duran <leo.duran@amd.com
> <mailto:leo.duran@amd.com %0b>>>>>
> <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com %0b>>>>>
> %3cmailto:leo.duran@amd.com
>> <mailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com %0b>>
> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com
> <mailto:leo.duran@amd.com %0b>>
> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>> %3cmailto:leo.duran@amd.com>>>>
>>>>> ---
>>>>> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
>>>>> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18
>>>>> ++++++++++--
>>>>> ------
>>>>> MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
>>>>> 3 files changed, 22 insertions(+), 9 deletions(-)
>>>>>
>>>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>>> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>>> index 2bc41be..d62bd9b 100644
>>>>> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>>> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>>> @@ -6,6 +6,8 @@
>>>>> # needed to run the DXE Foundation.
>>>>> #
>>>>> # Copyright (c) 2006 - 2016, Intel Corporation. All rights
>>>>> reserved.<BR>
>>>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>>>>> +#
>>>>> # This program and the accompanying materials # are licensed
>>>>> and made available under the terms and conditions of the BSD
>>>>> License # which accompanies this distribution. The full text of
>>>>> the license may be found at @@ -111,7 +113,8 @@ [FeaturePcd]
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress
>>>>> ## CONSUMES
>>>>>
>>>>> [Pcd.IA32,Pcd.X64]
>>>>> - gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>>>> SOMETIMES_CONSUMES
>>>>> + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>>>> SOMETIMES_CONSUMES
>>>>> +
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>>>> ask ## CONSUMES
>>>>>
>>>>> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ##
>>>>> SOMETIMES_CONSUMES
>>>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>>> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>>> index 790f6ab..2c52389 100644
>>>>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>>> @@ -16,6 +16,8 @@
>>>>> 3) IA-32 Intel(R) Architecture Software Developer's Manual
>>>>> Volume 3:System Programmer's Guide, Intel
>>>>>
>>>>> Copyright (c) 2006 - 2016, Intel Corporation. All rights
>>>>> reserved.<BR>
>>>>> +Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>>>>> +
>>>>> This program and the accompanying materials are licensed and
>>>>> made available under the terms and conditions of the BSD License
>>>>> which accompanies this distribution. The full text of the license
>>>>> may be found at @@ -71,14 +73,14 @@ Split2MPageTo4K (
>>>>> //
>>>>> // Fill in 2M page entry.
>>>>> //
>>>>> - *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P |
>>>>> IA32_PG_RW;
>>>>> + *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64
>>>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>>>>
>>>>> PhysicalAddress4K = PhysicalAddress;
>>>>> for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries <
>>>>> 512;
>>>>> IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=
>>>>> SIZE_4KB) {
>>>>> //
>>>>> // Fill in the Page Table entries
>>>>> //
>>>>> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
>>>>> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K |
>>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageTableEntry->Bits.ReadWrite = 1;
>>>>> PageTableEntry->Bits.Present = 1;
>>>>> if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K <
>>>>> StackBase +
>>>>> StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M (
>>>>> //
>>>>> // Fill in 1G page entry.
>>>>> //
>>>>> - *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P
>>>>> | IA32_PG_RW;
>>>>> + *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64
>>>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>>>>
>>>>> PhysicalAddress2M = PhysicalAddress;
>>>>> for (IndexOfPageDirectoryEntries = 0;
>>>>> IndexOfPageDirectoryEntries < 512;
>>>>> IndexOfPageDirectoryEntries++, PageDirectoryEntry++,
>>>>> IndexOfPageDirectoryEntries++PhysicalAddress2M
>>>>> += SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M (
>>>>> //
>>>>> // Fill in the Page Directory entries
>>>>> //
>>>>> - PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
>>>>> + PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M |
>>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>>>> PageDirectoryEntry->Bits.Present = 1;
>>>>> PageDirectoryEntry->Bits.MustBe1 = 1; @@ -248,7 +250,7 @@
>>>>> CreateIdentityMappingPageTables (
>>>>> //
>>>>> // Make a PML4 Entry
>>>>> //
>>>>> - PageMapLevel4Entry->Uint64 =
>>>>> (UINT64)(UINTN)PageDirectoryPointerEntry;
>>>>> + PageMapLevel4Entry->Uint64 =
>>>>> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64
>>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageMapLevel4Entry->Bits.ReadWrite = 1;
>>>>> PageMapLevel4Entry->Bits.Present = 1;
>>>>>
>>>>> @@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
>>>>> //
>>>>> // Fill in the Page Directory entries
>>>>> //
>>>>> - PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
>>>>> + PageDirectory1GEntry->Uint64 = (UINT64)PageAddress |
>>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageDirectory1GEntry->Bits.ReadWrite = 1;
>>>>> PageDirectory1GEntry->Bits.Present = 1;
>>>>> PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -280,7
>>>>> +282,7 @@ CreateIdentityMappingPageTables (
>>>>> //
>>>>> // Fill in a Page Directory Pointer Entries
>>>>> //
>>>>> - PageDirectoryPointerEntry->Uint64 =
>>>>> (UINT64)(UINTN)PageDirectoryEntry;
>>>>> + PageDirectoryPointerEntry->Uint64 =
>>>>> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64
>>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageDirectoryPointerEntry->Bits.ReadWrite = 1;
>>>>> PageDirectoryPointerEntry->Bits.Present = 1;
>>>>>
>>>>> @@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
>>>>> //
>>>>> // Fill in the Page Directory entries
>>>>> //
>>>>> - PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
>>>>> + PageDirectoryEntry->Uint64 = (UINT64)PageAddress |
>>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>>>> PageDirectoryEntry->Bits.Present = 1;
>>>>> PageDirectoryEntry->Bits.MustBe1 = 1; diff --git
>>>>> a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
>>>>> index 273cd7e..207384f 100644
>>>>> --- a/MdeModulePkg/MdeModulePkg.dec
>>>>> +++ b/MdeModulePkg/MdeModulePkg.dec
>>>>> @@ -6,6 +6,8 @@
>>>>> # Copyright (c) 2007 - 2017, Intel Corporation. All rights
>>>>> reserved.<BR> # Copyright (c) 2016, Linaro Ltd. All rights
>>>>> reserved.<BR> # (C) Copyright 2016 Hewlett Packard Enterprise
>>>>> Development LP<BR>
>>>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>>>>> +#
>>>>> # This program and the accompanying materials are licensed and
>>>>> made available under # the terms and conditions of the BSD
>>>>> License that accompanies this distribution.
>>>>> # The full text of the license may be found at @@ -1738,5
>>>>> +1740,11 @@ [PcdsDynamic, PcdsDynamicEx]
>>>>> # @Prompt If there is any test key used by the platform.
>>>>>
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x0
>>>>> 0030003
>>>>>
>>>>> + ## This dynamic PCD holds the address mask for page table
>>>>> + entries when memory encryption is # enabled on AMD processors
>>>>> + supporting the
>>>>> Secure Encrypted Virtualization (SEV) feature.
>>>>> + # This mask should be applied when creating 1:1 virtual to
>>>>> + physical
>>>>> mapping tables.
>>>>> + #
>>>>> +
>>>>> +
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>>>> ask|0x0
>>>>> + |UINT64|0x00030004
>>>>> +
>>>>> [UserExtensions.TianoCore."ExtraFiles"]
>>>>> MdeModulePkgExtra.uni
>>>>> --
>>>>> 1.9.1
>>>>>
>>>>> _______________________________________________
>>>>> edk2-devel mailing list
>>>>> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org
> <mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>
>> <mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>
>>> <mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>>
>>> <mailto:edk2-devel@lists.01.org>
>>>>> https://lists.01.org/mailman/listinfo/edk2-devel
>>>>
>>> _______________________________________________
>>> edk2-devel mailing list
>>> edk2-devel@lists.01.org <mailto:edk2-devel@lists.01.org>
>> <mailto:edk2-devel@lists.01.org> <mailto:edk2-devel@lists.01.org>
>>> https://lists.01.org/mailman/listinfo/edk2-devel
>>>
>>
>
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
2017-02-09 9:17 ` Zeng, Star
@ 2017-02-09 9:46 ` Laszlo Ersek
0 siblings, 0 replies; 33+ messages in thread
From: Laszlo Ersek @ 2017-02-09 9:46 UTC (permalink / raw)
To: Zeng, Star, Yao, Jiewen, Duran, Leo, edk2-devel@ml01.01.org
Cc: Tian, Feng, Singh, Brijesh, Justen, Jordan L
On 02/09/17 10:17, Zeng, Star wrote:
> EFI_HOB_CPU?
> Is there discussion in PIWG for it?
None that I'm aware of.
Thanks
Laszlo
>
> Thanks,
> Star
> -----Original Message-----
> From: Laszlo Ersek [mailto:lersek@redhat.com]
> Sent: Thursday, February 9, 2017 5:13 PM
> To: Zeng, Star <star.zeng@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Duran, Leo <leo.duran@amd.com>; edk2-devel@ml01.01.org
> Cc: Tian, Feng <feng.tian@intel.com>; Singh, Brijesh <brijesh.singh@amd.com>; Justen, Jordan L <jordan.l.justen@intel.com>
> Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask
>
> On 02/09/17 06:26, Zeng, Star wrote:
>> Correct typo in below email.
>>
>> "about how to determine DXE is 32BITs or 64BITs" should be "about how
>> to determine PEI is 32BITs or 64BITs".
>>
>> At that time, we were discussing if the code needs to allocate <4G
>> ACPI table for PEI phase at S3 resume.
>
> Indeed. Although OVMF X64 has a 64-bit PEI phase, that PEI phase can access only <4G RAM. IIRC one suggestion was to introduce a new HOB for this, so that PEI can advertise such a limitation to DXE.
>
> Thanks
> Laszlo
>
>
>>
>> Thanks,
>> Star
>> -----Original Message-----
>> From: Zeng, Star
>> Sent: Thursday, February 9, 2017 1:12 PM
>> To: Laszlo Ersek <lersek@redhat.com>; Yao, Jiewen
>> <jiewen.yao@intel.com>; Duran, Leo <leo.duran@amd.com>;
>> edk2-devel@ml01.01.org
>> Cc: Tian, Feng <feng.tian@intel.com>; Singh, Brijesh
>> <brijesh.singh@amd.com>; Justen, Jordan L <jordan.l.justen@intel.com>;
>> Zeng, Star <star.zeng@intel.com>
>> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>> PcdPteMemoryEncryptionAddressOrMask
>>
>> In fact, X64 DxeIplPeim does not refer PcdDxeIplSwitchToLongMode at all.
>>
>> DxeIpl.inf:
>> [FeaturePcd.IA32]
>> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode ## CONSUMES
>>
>> As I remember, I did a draft patch below before for the discussion about how to determine DXE is 32BITs or 64BITs in title "[edk2] [PATCH v3 2/4] IntelFrameworkModulePkg: BdsDxe: only allocate below 4 GB if needed", I can't find the archive link any more.
>>
>> ---
>> MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c | 5 +++++
>> MdeModulePkg/MdeModulePkg.dec | 4 +++-
>> 2 files changed, 8 insertions(+), 1 deletion(-)
>>
>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
>> b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
>> index 6488880..348e084 100644
>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
>> @@ -43,6 +43,11 @@ HandOffToDxeCore (
>> EFI_PEI_VECTOR_HANDOFF_INFO_PPI *VectorHandoffInfoPpi;
>>
>> //
>> + // It should be FALSE for both PEI and DXE are 64-bit.
>> + //
>> + ASSERT (PcdGetBool (PcdDxeIplSwitchToLongMode) == FALSE);
>> +
>> + //
>> // Get Vector Hand-off Info PPI and build Guided HOB
>> //
>> Status = PeiServicesLocatePpi (
>> diff --git a/MdeModulePkg/MdeModulePkg.dec
>> b/MdeModulePkg/MdeModulePkg.dec index af7bcab..4a73f7b 100644
>> --- a/MdeModulePkg/MdeModulePkg.dec
>> +++ b/MdeModulePkg/MdeModulePkg.dec
>> @@ -712,8 +712,10 @@
>> ## Indicates if DxeIpl should switch to long mode to enter DXE phase.
>> # It is assumed that 64-bit DxeCore is built in firmware if it is true; otherwise 32-bit DxeCore
>> # is built in firmware.<BR><BR>
>> + # And it should be FALSE for both PEI and DXE are 64-bit.
>> # TRUE - DxeIpl will load a 64-bit DxeCore and switch to long mode to hand over to DxeCore.<BR>
>> - # FALSE - DxeIpl will load a 32-bit DxeCore and perform stack switch to hand over to DxeCore.<BR>
>> + # FALSE - DxeIpl will load a 32-bit DxeCore and perform stack switch to hand over to DxeCore,<BR>
>> + # or both PEI and DXE are 64-bit.<BR>
>> # @Prompt DxeIpl switch to long mode.
>>
>> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|TRUE|BOOLEAN|
>> 0x0001003b
>>
>> --
>>
>>
>> Thanks,
>> Star
>> -----Original Message-----
>> From: Laszlo Ersek [mailto:lersek@redhat.com]
>> Sent: Thursday, February 9, 2017 3:48 AM
>> To: Yao, Jiewen <jiewen.yao@intel.com>; Duran, Leo
>> <leo.duran@amd.com>; Zeng, Star <star.zeng@intel.com>;
>> edk2-devel@ml01.01.org
>> Cc: Tian, Feng <feng.tian@intel.com>; Singh, Brijesh
>> <brijesh.singh@amd.com>; Justen, Jordan L <jordan.l.justen@intel.com>
>> Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>> PcdPteMemoryEncryptionAddressOrMask
>>
>> On 02/08/17 19:20, Yao, Jiewen wrote:
>>> Got it.
>>>
>>>
>>>
>>> If the means of PcdDxeIplSwitchtoLongMode is unclear, we may add
>>> more description to make it clear.
>>>
>>>
>>>
>>> If we believe "PcdDxeIplSwitchtoLongMode == DXE is Long mode" as
>>> final conclusion, can we treat that as a bug and fix OVMF X64?
>>
>> I don't know how to "fix" that. What is there to fix?
>>
>> Flipping the PCD to TRUE in OVMF X64 would break OVMF X64, and likely OVMF Ia32X64 too. For two reasons:
>>
>>
>> (1) Toggling the PCD would alter the behavior of the DXE IPL PEIM and/or the DXE Core, and that behavior has never ever been tested with OVMF X64.
>>
>> The PcdDxeIplSwitchToLongMode=FALSE setting in the X64 DSC dates back to:
>>
>> commit 8fa729a8b1401f01c6fd8ddbcab45e4a4904fa9a
>> Author: lgao4 <lgao4@6f19259b-4bc3-4df7-8a09-765794883524>
>> Date: Mon Mar 15 01:40:59 2010 +0000
>>
>> Merge the same type PCD section.
>>
>> git-svn-id:
>> https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10243
>> 6f19259b-4bc3-4df7-8a09-765794883524
>>
>> and before that, to:
>>
>> commit 49ba9447c92d6fca214476381107a180d08e59d1
>> Author: jljusten <jljusten@6f19259b-4bc3-4df7-8a09-765794883524>
>> Date: Wed May 27 21:10:18 2009 +0000
>>
>> Add initial version of Open Virtual Machine Firmware (OVMF) platform.
>>
>> git-svn-id:
>> https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@8398
>> 6f19259b-4bc3-4df7-8a09-765794883524
>>
>> In other words, OVMF X64 has always worked like this, since its inception.
>>
>>
>> (2) PEI code under OvmfPkg itself uses this PCD to identify a 32-bit DXE phase.
>>
>> //
>> // If DXE is 32-bit, then we're done; PciBusDxe will degrade 64-bit MMIO
>> // resources to 32-bit anyway. See DegradeResource() in
>> // "PciResourceSupport.c".
>> //
>> #ifdef MDE_CPU_IA32
>> if (!FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
>> return FirstNonAddress;
>> }
>> #endif
>>
>> and
>>
>> //
>> // If DXE is 32-bit, then just return the traditional 64 MB cap.
>> //
>> #ifdef MDE_CPU_IA32
>> if (!FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
>> return SIZE_64MB;
>> }
>> #endif
>>
>> Thanks
>> Laszlo
>>
>>>
>>>
>>>
>>> Thank you
>>>
>>> Yao Jiewen
>>>
>>>
>>>
>>>
>>>
>>> *From:*Laszlo Ersek [mailto:lersek@redhat.com]
>>> *Sent:* Wednesday, February 8, 2017 9:52 AM
>>> *To:* Yao, Jiewen <jiewen.yao@intel.com>; Duran, Leo
>>> <leo.duran@amd.com>; Zeng, Star <star.zeng@intel.com>;
>>> edk2-devel@ml01.01.org
>>> *Cc:* Tian, Feng <feng.tian@intel.com>; Singh, Brijesh
>>> <brijesh.singh@amd.com>; Justen, Jordan L <jordan.l.justen@intel.com>
>>> *Subject:* Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>> PcdPteMemoryEncryptionAddressOrMask
>>>
>>>
>>>
>>> On 02/08/17 18:27, Yao, Jiewen wrote:
>>>> I believe PcdDxeIplSwitchtoLongMode == DXE is Long mode.
>>>>
>>>>
>>>>
>>>> See DEC description:
>>>>
>>>> # It is assumed that 64-bit DxeCore is built in firmware if it is
>>>> true; otherwise 32-bit DxeCore
>>>>
>>>> # is built in firmware.<BR><BR>
>>>
>>> Unfortunately, I have no historical context or background for this
>>> PCD; all I can say is that the X64 OVMF platform does not set the PCD.
>>>
>>> It enters long mode, and sets up page tables for the first 4GB of
>>> RAM, in SEC. Then SEC decompresses the flash contents to RAM, which
>>> covers both PEIFV and DXEFV. PEI runs from RAM.
>>>
>>> This is possible because on QEMU/KVM, there's no need to initialize
>>> RAM, thus only SEC runs from flash, in-place.
>>>
>>> Perhaps Jordan can provide more insight.
>>>
>>> If Brijesh and Leo would like to run the X64 OVMF platform as a SEV
>>> guest too, then this should be considered, in my opinion.
>>>
>>> One more comment below:
>>>
>>>>
>>>>
>>>>
>>>> And the code MdeModulePkg\Universal\Acpi\S3SaveStateDxe\AcpiS3ContextSave.c:
>>>>
>>>>
>>>>
>>>> BOOLEAN
>>>>
>>>> IsLongModeWakingVectorSupport (
>>>>
>>>> IN EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE*Facs
>>>>
>>>> )
>>>>
>>>> {
>>>>
>>>> if((Facs == NULL) ||
>>>>
>>>> (Facs->Signature !=
>>>> EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_SIGNATURE) ) {
>>>>
>>>> //
>>>>
>>>> // Something wrong with FACS.
>>>>
>>>> //
>>>>
>>>> returnFALSE;
>>>>
>>>> }
>>>>
>>>> if((Facs->Version ==
>>>> EFI_ACPI_4_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_VERSION) &&
>>>>
>>>> ((Facs->Flags & EFI_ACPI_4_0_64BIT_WAKE_SUPPORTED_F) != 0)) {
>>>>
>>>> //
>>>>
>>>> // BIOS supports 64bit waking vector.
>>>>
>>>> //
>>>>
>>>> if(FeaturePcdGet (PcdDxeIplSwitchToLongMode)) {
>>>>
>>>> returnTRUE;
>>>>
>>>> }
>>>>
>>>> }
>>>>
>>>> returnFALSE;
>>>>
>>>> }
>>>
>>> In practice, it's okay if the OVMF X64 platform is recognized as "not
>>> supporting a 64-bit waking vector for S3 resume". All the 64-bit
>>> guest OSes that I've tested with OVMF X64 (Linux, and the Windows 7 /
>>> 8 / 10 families, both client and server) use a real mode (16-bit)
>>> waking vector, in practice.
>>>
>>> ... Actually, upon reviewing the above code more carefully, we don't
>>> even reach the FeaturePcdGet() call: the FACS that QEMU generates
>>> (and OVMF downloads and installs) corresponds to ACPI 1.0, that is,
>>> EFI_ACPI_1_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_VERSION.
>>>
>>> Thanks
>>> Laszlo
>>>
>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Thank you
>>>>
>>>> Yao Jiewen
>>>>
>>>>
>>>>
>>>> *From:*edk2-devel [mailto:edk2-devel-bounces@lists.01.org] *On
>>>> Behalf Of *Yao, Jiewen
>>>> *Sent:* Wednesday, February 8, 2017 9:18 AM
>>>> *To:* Laszlo Ersek <lersek@redhat.com
>>> <mailto:lersek@redhat.com>>; Duran, Leo <leo.duran@amd.com
>>> <mailto:leo.duran@amd.com>>;
>>>> Zeng, Star <star.zeng@intel.com
>>> <mailto:star.zeng@intel.com>>; edk2-devel@ml01.01.org
>>> <mailto:edk2-devel@ml01.01.org>
>>>> *Cc:* Tian, Feng <feng.tian@intel.com <mailto:feng.tian@intel.com>>;
>>>> Singh, Brijesh <brijesh.singh@amd.com
>>>> <mailto:brijesh.singh@amd.com>>
>>>> *Subject:* Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>
>>>>
>>>>
>>>> Good reminder. I take back my word.
>>>>
>>>> In this case, we need consume PcdPteMemoryEncryptionAddressOrMask in IA32 mode to build X64 paging.
>>>>
>>>> We need
>>>>
>>>> From: Laszlo Ersek [mailto:lersek@redhat.com]
>>>> Sent: Wednesday, February 8, 2017 9:11 AM
>>>> To: Yao, Jiewen <jiewen.yao@intel.com
>>> <mailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com>>;
>>> Duran, Leo <leo.duran@amd.com <mailto:leo.duran@amd.com%0b>>
>>> <mailto:leo.duran@amd.com>>; Zeng, Star <star.zeng@intel.com
>>> <mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com>>;
>>> edk2-devel@ml01.01.org <mailto:edk2-devel@ml01.01.org>
>>>> <mailto:edk2-devel@ml01.01.org>
>>>> Cc: Tian, Feng <feng.tian@intel.com
>>> <mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com>>;
>>> Singh, Brijesh <brijesh.singh@amd.com
>>> <mailto:brijesh.singh@amd.com%0b>>
>>> <mailto:brijesh.singh@amd.com>>
>>>> Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>
>>>> On 02/08/17 18:05, Yao, Jiewen wrote:
>>>>> HI Leo
>>>>>
>>>>> Thanks to clarify that.
>>>>>
>>>>>
>>>>>
>>>>> If that is the case, do you think it will be better to limit this
>>>>> PCD to
>>>>> X64 only in DEC file. Such as [PcdsDynamic.X64, PcdsDynamicEx.X64]
>>>>
>>>> Not sure if this is the best place to raise the following
>>>> observation, but it should do:
>>>>
>>>> please everyone remember that PcdDxeIplSwitchToLongMode is only TRUE
>>>> if PEI is 32-bit and DXE is 64-bit. It is FALSE in *two* cases:
>>>> - both PEI and DXE are 32-bit, and
>>>> - both PEI and DXE are 64-bit.
>>>>
>>>> This doesn't necessarily invalidate anything said thus fair in the
>>>> thread, but the following statement from Leo:
>>>>
>>>> The SEV feature requires 64-bit LongMode, so the
>>>> PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time
>>>>
>>>> does not follow. The PCD is FALSE in OvmfPkgX64.dsc.
>>>>
>>>> Thanks,
>>>> Laszlo
>>>>
>>>>>
>>>>>
>>>>>
>>>>> Thank you
>>>>>
>>>>> Yao Jiewen
>>>>>
>>>>>
>>>>>
>>>>> *From:*Duran, Leo [mailto:leo.duran@amd.com]
>>>>> *Sent:* Wednesday, February 8, 2017 9:00 AM
>>>>> *To:* Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com
>>> <mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com%0b>>
>>> <mailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com>>>;
>>> edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org
>>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>>>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>>>>> *Cc:* Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com
>>> <mailto:lersek@redhat.com%3cmailto:lersek@redhat.com%0b>>
>>> <mailto:lersek@redhat.com%3cmailto:lersek@redhat.com>>>; Tian, Feng
>>>>> <feng.tian@intel.com<mailto:feng.tian@intel.com
>>> <mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com%0b>>
>>> <mailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com>>>; Singh,
>>> Brijesh <brijesh.singh@amd.com<mailto:brijesh.singh@amd.com
>>> <mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com%0b>>
>>> <mailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com>>>; Yao,
>>>>> Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com
>>> <mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com%0b>>
>>> <mailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com>>>
>>>>> *Subject:* RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>>
>>>>>
>>>>>
>>>>> Pease see reply below.
>>>>> Leo
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Zeng, Star [mailto:star.zeng@intel.com]
>>>>>> Sent: Tuesday, February 07, 2017 8:27 PM
>>>>>> To: Duran, Leo <leo.duran@amd.com
>>>>>> <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com
>>>>>> %3cmailto:leo.duran@amd.com
>>> <mailto:leo.duran@amd.com
>>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>>> %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com
>>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>>> %3cmailto:leo.duran@amd.com>>>>;
>>> edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org
>>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>>>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>>>>> <mailto:edk2-devel@ml01.01.org>
>>>>>> Cc: Laszlo Ersek <lersek@redhat.com
>>> <mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%0b
>>> <mailto:lersek@redhat.com%0b%0b>>
>>> <mailto:lersek@redhat.com%0b%3cmailto:lersek@redhat.com%0b>>>
>>> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
>>> <mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com%0b
>>> <mailto:feng.tian@intel.com%0b%0b>>
>>> <mailto:feng.tian@intel.com%0b%3cmailto:feng.tian@intel.com%0b>>>
>>> <mailto:feng.tian@intel.com>>;
>>>>>> Singh, Brijesh <brijesh.singh@amd.com
>>> <mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%0b
>>> <mailto:brijesh.singh@amd.com%0b%0b>>
>>> <mailto:brijesh.singh@amd.com%0b%3cmailto:brijesh.singh@amd.com%0b>>>
>>> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
>>> <mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com%0b
>>> <mailto:star.zeng@intel.com%0b%0b>>
>>> <mailto:star.zeng@intel.com%0b%3cmailto:star.zeng@intel.com%0b>>>
>>> <mailto:star.zeng@intel.com>>;
>>>>>> Yao, Jiewen <jiewen.yao@intel.com
>>>>>> <mailto:jiewen.yao@intel.com<mailto:jiewen.yao@intel.com
>>>>>> %3cmailto:jiewen.yao@intel.com
>>> <mailto:jiewen.yao@intel.com
>>> %3cmailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com
>>> %3cmailto:jiewen.yao@intel.com%0b>> <mailto:jiewen.yao@intel.com
>>> %3cmailto:jiewen.yao@intel.com%3cmailto:jiewen.yao@intel.com
>>> %3cmailto:jiewen.yao@intel.com>>>>
>>>>>> Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>>>
>>>>>> Does Create4GPageTablesIa32Pae() also need to be updated?
>>>>>>
>>>>>> Thanks,
>>>>>> Star
>>>>> [Duran, Leo]
>>>>> Hi Star,
>>>>> No, I do not think Create4GPageTablesIa32Pae() is in the execution path.
>>>>>
>>>>> The SEV feature requires 64-bit LongMode, so the
>>>>> PcdDxeIplSwitchtoLongMode *must* set to TRUE at build-time, in which case Create4GPageTablesIa32Pae() would *not* be called by HandOffToDxeCore().
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On
>>>>>> Behalf Of Leo Duran
>>>>>> Sent: Wednesday, February 8, 2017 3:54 AM
>>>>>> To: edk2-devel@ml01.01.org<mailto:edk2-devel@ml01.01.org
>>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>
>>>> <mailto:edk2-devel@ml01.01.org%3cmailto:edk2-devel@ml01.01.org>>
>>>> <mailto:edk2-devel@ml01.01.org>
>>>>>> Cc: Laszlo Ersek <lersek@redhat.com
>>> <mailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com%0b
>>> <mailto:lersek@redhat.com%0b%0b>>
>>> <mailto:lersek@redhat.com%0b%3cmailto:lersek@redhat.com%0b>>>
>>> <mailto:lersek@redhat.com>>; Tian, Feng <feng.tian@intel.com
>>> <mailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com%0b
>>> <mailto:feng.tian@intel.com%0b%0b>>
>>> <mailto:feng.tian@intel.com%0b%3cmailto:feng.tian@intel.com%0b>>>
>>> <mailto:feng.tian@intel.com>>;
>>>>>> Brijesh Singh <brijesh.singh@amd.com
>>> <mailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com%0b
>>> <mailto:brijesh.singh@amd.com%0b%0b>>
>>> <mailto:brijesh.singh@amd.com%0b%3cmailto:brijesh.singh@amd.com%0b>>>
>>> <mailto:brijesh.singh@amd.com>>; Zeng, Star <star.zeng@intel.com
>>> <mailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com%0b
>>> <mailto:star.zeng@intel.com%0b%0b>>
>>> <mailto:star.zeng@intel.com%0b%3cmailto:star.zeng@intel.com%0b>>>
>>> <mailto:star.zeng@intel.com>>;
>>>>>> Leo Duran <leo.duran@amd.com
>>>>>> <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com
>>>>>> %3cmailto:leo.duran@amd.com
>>> <mailto:leo.duran@amd.com
>>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>>> %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com
>>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>>> %3cmailto:leo.duran@amd.com>>>>
>>>>>> Subject: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD
>>>>>> PcdPteMemoryEncryptionAddressOrMask
>>>>>>
>>>>>> From: Brijesh Singh <brijesh.singh@amd.com
>>>>>> <mailto:brijesh.singh@amd.com<mailto:brijesh.singh@amd.com
>>>>>> %3cmailto:brijesh.singh@amd.com
>>> <mailto:brijesh.singh@amd.com
>>> %3cmailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com
>>> %3cmailto:brijesh.singh@amd.com%0b>> <mailto:brijesh.singh@amd.com
>>> %3cmailto:brijesh.singh@amd.com%3cmailto:brijesh.singh@amd.com
>>> %3cmailto:brijesh.singh@amd.com>>>>
>>>>>>
>>>>>> This dynamic PCD holds the address mask for page table entries
>>>>>> when memory encryption is enabled on AMD processors supporting the
>>>>>> Secure Encrypted Virtualization (SEV) feature.
>>>>>>
>>>>>> Cc: Feng Tian <feng.tian@intel.com
>>>>>> <mailto:feng.tian@intel.com<mailto:feng.tian@intel.com
>>>>>> %3cmailto:feng.tian@intel.com
>>> <mailto:feng.tian@intel.com
>>> %3cmailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com
>>> %3cmailto:feng.tian@intel.com%0b>> <mailto:feng.tian@intel.com
>>> %3cmailto:feng.tian@intel.com%3cmailto:feng.tian@intel.com
>>> %3cmailto:feng.tian@intel.com>>>>
>>>>>> Cc: Star Zeng <star.zeng@intel.com
>>>>>> <mailto:star.zeng@intel.com<mailto:star.zeng@intel.com
>>>>>> %3cmailto:star.zeng@intel.com
>>> <mailto:star.zeng@intel.com
>>> %3cmailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com
>>> %3cmailto:star.zeng@intel.com%0b>> <mailto:star.zeng@intel.com
>>> %3cmailto:star.zeng@intel.com%3cmailto:star.zeng@intel.com
>>> %3cmailto:star.zeng@intel.com>>>>
>>>>>> Cc: Laszlo Ersek <lersek@redhat.com
>>>>>> <mailto:lersek@redhat.com<mailto:lersek@redhat.com
>>>>>> %3cmailto:lersek@redhat.com
>>> <mailto:lersek@redhat.com
>>> %3cmailto:lersek@redhat.com%3cmailto:lersek@redhat.com
>>> %3cmailto:lersek@redhat.com%0b>> <mailto:lersek@redhat.com
>>> %3cmailto:lersek@redhat.com%3cmailto:lersek@redhat.com
>>> %3cmailto:lersek@redhat.com>>>>
>>>>>> Contributed-under: TianoCore Contribution Agreement 1.0
>>>>>> Signed-off-by: Leo Duran <leo.duran@amd.com
>>>>>> <mailto:leo.duran@amd.com<mailto:leo.duran@amd.com
>>>>>> %3cmailto:leo.duran@amd.com
>>> <mailto:leo.duran@amd.com
>>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>>> %3cmailto:leo.duran@amd.com%0b>> <mailto:leo.duran@amd.com
>>> %3cmailto:leo.duran@amd.com%3cmailto:leo.duran@amd.com
>>> %3cmailto:leo.duran@amd.com>>>>
>>>>>> ---
>>>>>> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
>>>>>> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 18
>>>>>> ++++++++++--
>>>>>> ------
>>>>>> MdeModulePkg/MdeModulePkg.dec | 8 ++++++++
>>>>>> 3 files changed, 22 insertions(+), 9 deletions(-)
>>>>>>
>>>>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>>>> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>>>> index 2bc41be..d62bd9b 100644
>>>>>> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>>>> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>>>>> @@ -6,6 +6,8 @@
>>>>>> # needed to run the DXE Foundation.
>>>>>> #
>>>>>> # Copyright (c) 2006 - 2016, Intel Corporation. All rights
>>>>>> reserved.<BR>
>>>>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>>>>>> +#
>>>>>> # This program and the accompanying materials # are licensed
>>>>>> and made available under the terms and conditions of the BSD
>>>>>> License # which accompanies this distribution. The full text of
>>>>>> the license may be found at @@ -111,7 +113,8 @@ [FeaturePcd]
>>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress
>>>>>> ## CONSUMES
>>>>>>
>>>>>> [Pcd.IA32,Pcd.X64]
>>>>>> - gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>>>>> SOMETIMES_CONSUMES
>>>>>> + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##
>>>>>> SOMETIMES_CONSUMES
>>>>>> +
>>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>>>>> ask ## CONSUMES
>>>>>>
>>>>>> [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
>>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ##
>>>>>> SOMETIMES_CONSUMES
>>>>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>>>> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>>>> index 790f6ab..2c52389 100644
>>>>>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>>>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>>>>> @@ -16,6 +16,8 @@
>>>>>> 3) IA-32 Intel(R) Architecture Software Developer's Manual
>>>>>> Volume 3:System Programmer's Guide, Intel
>>>>>>
>>>>>> Copyright (c) 2006 - 2016, Intel Corporation. All rights
>>>>>> reserved.<BR>
>>>>>> +Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>>>>>> +
>>>>>> This program and the accompanying materials are licensed and
>>>>>> made available under the terms and conditions of the BSD License
>>>>>> which accompanies this distribution. The full text of the license
>>>>>> may be found at @@ -71,14 +73,14 @@ Split2MPageTo4K (
>>>>>> //
>>>>>> // Fill in 2M page entry.
>>>>>> //
>>>>>> - *PageEntry2M = (UINT64) (UINTN) PageTableEntry | IA32_PG_P |
>>>>>> IA32_PG_RW;
>>>>>> + *PageEntry2M = (UINT64) (UINTN) PageTableEntry | PcdGet64
>>>>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>>>>>
>>>>>> PhysicalAddress4K = PhysicalAddress;
>>>>>> for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries <
>>>>>> 512;
>>>>>> IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=
>>>>>> SIZE_4KB) {
>>>>>> //
>>>>>> // Fill in the Page Table entries
>>>>>> //
>>>>>> - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K;
>>>>>> + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K |
>>>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>>>> PageTableEntry->Bits.ReadWrite = 1;
>>>>>> PageTableEntry->Bits.Present = 1;
>>>>>> if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K <
>>>>>> StackBase +
>>>>>> StackSize)) { @@ -116,7 +118,7 @@ Split1GPageTo2M (
>>>>>> //
>>>>>> // Fill in 1G page entry.
>>>>>> //
>>>>>> - *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P
>>>>>> | IA32_PG_RW;
>>>>>> + *PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | PcdGet64
>>>>>> + (PcdPteMemoryEncryptionAddressOrMask) | IA32_PG_P | IA32_PG_RW;
>>>>>>
>>>>>> PhysicalAddress2M = PhysicalAddress;
>>>>>> for (IndexOfPageDirectoryEntries = 0;
>>>>>> IndexOfPageDirectoryEntries < 512;
>>>>>> IndexOfPageDirectoryEntries++, PageDirectoryEntry++,
>>>>>> IndexOfPageDirectoryEntries++PhysicalAddress2M
>>>>>> += SIZE_2MB) { @@ -129,7 +131,7 @@ Split1GPageTo2M (
>>>>>> //
>>>>>> // Fill in the Page Directory entries
>>>>>> //
>>>>>> - PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M;
>>>>>> + PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M |
>>>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>>>>> PageDirectoryEntry->Bits.Present = 1;
>>>>>> PageDirectoryEntry->Bits.MustBe1 = 1; @@ -248,7 +250,7 @@
>>>>>> CreateIdentityMappingPageTables (
>>>>>> //
>>>>>> // Make a PML4 Entry
>>>>>> //
>>>>>> - PageMapLevel4Entry->Uint64 =
>>>>>> (UINT64)(UINTN)PageDirectoryPointerEntry;
>>>>>> + PageMapLevel4Entry->Uint64 =
>>>>>> + (UINT64)(UINTN)PageDirectoryPointerEntry | PcdGet64
>>>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>>>> PageMapLevel4Entry->Bits.ReadWrite = 1;
>>>>>> PageMapLevel4Entry->Bits.Present = 1;
>>>>>>
>>>>>> @@ -262,7 +264,7 @@ CreateIdentityMappingPageTables (
>>>>>> //
>>>>>> // Fill in the Page Directory entries
>>>>>> //
>>>>>> - PageDirectory1GEntry->Uint64 = (UINT64)PageAddress;
>>>>>> + PageDirectory1GEntry->Uint64 = (UINT64)PageAddress |
>>>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>>>> PageDirectory1GEntry->Bits.ReadWrite = 1;
>>>>>> PageDirectory1GEntry->Bits.Present = 1;
>>>>>> PageDirectory1GEntry->Bits.MustBe1 = 1; @@ -280,7
>>>>>> +282,7 @@ CreateIdentityMappingPageTables (
>>>>>> //
>>>>>> // Fill in a Page Directory Pointer Entries
>>>>>> //
>>>>>> - PageDirectoryPointerEntry->Uint64 =
>>>>>> (UINT64)(UINTN)PageDirectoryEntry;
>>>>>> + PageDirectoryPointerEntry->Uint64 =
>>>>>> + (UINT64)(UINTN)PageDirectoryEntry | PcdGet64
>>>>>> + (PcdPteMemoryEncryptionAddressOrMask);
>>>>>> PageDirectoryPointerEntry->Bits.ReadWrite = 1;
>>>>>> PageDirectoryPointerEntry->Bits.Present = 1;
>>>>>>
>>>>>> @@ -294,7 +296,7 @@ CreateIdentityMappingPageTables (
>>>>>> //
>>>>>> // Fill in the Page Directory entries
>>>>>> //
>>>>>> - PageDirectoryEntry->Uint64 = (UINT64)PageAddress;
>>>>>> + PageDirectoryEntry->Uint64 = (UINT64)PageAddress |
>>>>>> + PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
>>>>>> PageDirectoryEntry->Bits.ReadWrite = 1;
>>>>>> PageDirectoryEntry->Bits.Present = 1;
>>>>>> PageDirectoryEntry->Bits.MustBe1 = 1; diff --git
>>>>>> a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
>>>>>> index 273cd7e..207384f 100644
>>>>>> --- a/MdeModulePkg/MdeModulePkg.dec
>>>>>> +++ b/MdeModulePkg/MdeModulePkg.dec
>>>>>> @@ -6,6 +6,8 @@
>>>>>> # Copyright (c) 2007 - 2017, Intel Corporation. All rights
>>>>>> reserved.<BR> # Copyright (c) 2016, Linaro Ltd. All rights
>>>>>> reserved.<BR> # (C) Copyright 2016 Hewlett Packard Enterprise
>>>>>> Development LP<BR>
>>>>>> +# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
>>>>>> +#
>>>>>> # This program and the accompanying materials are licensed and
>>>>>> made available under # the terms and conditions of the BSD
>>>>>> License that accompanies this distribution.
>>>>>> # The full text of the license may be found at @@ -1738,5
>>>>>> +1740,11 @@ [PcdsDynamic, PcdsDynamicEx]
>>>>>> # @Prompt If there is any test key used by the platform.
>>>>>>
>>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x0
>>>>>> 0030003
>>>>>>
>>>>>> + ## This dynamic PCD holds the address mask for page table
>>>>>> + entries when memory encryption is # enabled on AMD processors
>>>>>> + supporting the
>>>>>> Secure Encrypted Virtualization (SEV) feature.
>>>>>> + # This mask should be applied when creating 1:1 virtual to
>>>>>> + physical
>>>>>> mapping tables.
>>>>>> + #
>>>>>> +
>>>>>> +
>>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrM
>>>>>> ask|0x0
>>>>>> + |UINT64|0x00030004
>>>>>> +
>>>>>> [UserExtensions.TianoCore."ExtraFiles"]
>>>>>> MdeModulePkgExtra.uni
>>>>>> --
>>>>>> 1.9.1
>>>>>>
>>>>>> _______________________________________________
>>>>>> edk2-devel mailing list
>>>>>> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org
>>> <mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>
>>>> <mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>>
>>>> <mailto:edk2-devel@lists.01.org>
>>>>>> https://lists.01.org/mailman/listinfo/edk2-devel
>>>>>
>>>> _______________________________________________
>>>> edk2-devel mailing list
>>>> edk2-devel@lists.01.org
>>> <mailto:edk2-devel@lists.01.org> <mailto:edk2-devel@lists.01.org>
>>>> https://lists.01.org/mailman/listinfo/edk2-devel
>>>>
>>>
>>
>
^ permalink raw reply [flat|nested] 33+ messages in thread
end of thread, other threads:[~2017-02-09 9:46 UTC | newest]
Thread overview: 33+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-02-07 19:53 [PATCH] MdeModulePkg: Add dynamic PCD Leo Duran
2017-02-07 19:53 ` [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask Leo Duran
2017-02-08 2:27 ` Zeng, Star
2017-02-08 16:59 ` Duran, Leo
2017-02-08 17:05 ` Yao, Jiewen
2017-02-08 17:10 ` Laszlo Ersek
2017-02-08 17:17 ` Yao, Jiewen
2017-02-08 17:27 ` Yao, Jiewen
2017-02-08 17:51 ` Laszlo Ersek
2017-02-08 18:20 ` Yao, Jiewen
2017-02-08 19:47 ` Laszlo Ersek
2017-02-09 5:12 ` Zeng, Star
2017-02-09 5:22 ` Yao, Jiewen
2017-02-09 5:56 ` Zeng, Star
2017-02-09 9:10 ` Laszlo Ersek
2017-02-09 9:18 ` Zeng, Star
2017-02-09 5:26 ` Zeng, Star
2017-02-09 9:13 ` Laszlo Ersek
2017-02-09 9:17 ` Zeng, Star
2017-02-09 9:46 ` Laszlo Ersek
2017-02-08 17:55 ` Duran, Leo
2017-02-08 17:28 ` Duran, Leo
2017-02-08 17:56 ` Laszlo Ersek
2017-02-08 18:13 ` Yao, Jiewen
2017-02-08 18:36 ` Laszlo Ersek
2017-02-08 17:52 ` Duran, Leo
2017-02-08 8:38 ` Laszlo Ersek
2017-02-08 15:12 ` Duran, Leo
2017-02-08 15:19 ` Gao, Liming
2017-02-08 17:11 ` Duran, Leo
2017-02-08 17:29 ` Yao, Jiewen
2017-02-08 18:30 ` Duran, Leo
2017-02-08 18:33 ` Yao, Jiewen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox