From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: jordan.l.justen@intel.com) Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by groups.io with SMTP; Wed, 21 Aug 2019 14:51:11 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Aug 2019 14:51:10 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,414,1559545200"; d="scan'208";a="203172337" Received: from smmullen-mobl.amr.corp.intel.com (HELO localhost) ([10.251.1.161]) by fmsmga004.fm.intel.com with ESMTP; 21 Aug 2019 14:51:08 -0700 MIME-Version: 1.0 In-Reply-To: <6d3442d5-46ab-2b99-6100-0e5c56477735@redhat.com> References: <6a37c84f4989304b21205d6263c6491f81da3233.1566250534.git.thomas.lendacky@amd.com> <6d3442d5-46ab-2b99-6100-0e5c56477735@redhat.com> To: Laszlo Ersek , devel@edk2.groups.io, thomas.lendacky@amd.com Cc: Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" , "Fang, Peter" , D Scott Phillips From: "Jordan Justen" Subject: Re: [edk2-devel] [RFC PATCH 01/28] OvmfPkg/Sec: Enable cache early to speed up booting Message-ID: <156642425970.26211.8321620974236559246@jljusten-skl> User-Agent: alot/0.8 Date: Wed, 21 Aug 2019 14:51:09 -0700 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On 2019-08-21 07:21:25, Laszlo Ersek wrote: > On 08/19/19 23:35, Lendacky, Thomas wrote: > > From: Tom Lendacky > >=20 > > Currently, the OVMF code relies on the hypervisor to enable the cache > > support on the processor in order to improve the boot speed. However, > > with SEV-ES, the hypervisor is not allowed to change the CR0 register > > to enable caching. > >=20 > > Update the OVMF Sec support to enable caching in order to improve the > > boot speed. > >=20 > > Signed-off-by: Tom Lendacky > > --- > > OvmfPkg/Sec/SecMain.c | 5 +++++ > > 1 file changed, 5 insertions(+) > >=20 > > diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c > > index 3914355cd17b..2448be0cd408 100644 > > --- a/OvmfPkg/Sec/SecMain.c > > +++ b/OvmfPkg/Sec/SecMain.c > > @@ -739,6 +739,11 @@ SecCoreStartupWithStack ( > > =20 > > ProcessLibraryConstructorList (NULL, NULL); > > =20 > > + // > > + // Enable caching > > + // > > + AsmEnableCache (); > > + > > DEBUG ((EFI_D_INFO, > > "SecCoreStartupWithStack(0x%x, 0x%x)\n", > > (UINT32)(UINTN)BootFv, > >=20 >=20 > This makes me uncomfortable. There used to be problems related to > caching when VFIO device assignment were used. My concern is admittedly > vague, but this is a very brittle area of OVMF-on-KVM. If you asked me > "well what could break here", I'd answer "you never know, and the burden > of proof is not on me". :) Can we make this change conditional on SEV-ES? This was also raised as an issue by Peter for the ACRN hypervisor and Scott for the bhyve hypervisor. I think it is rare for a platform to enable cache at this early of a stage, but it is also rare to decompress a firmware volume at this point. It appears that it could be helpful to figure out how to safely enable cache by default here, since it does seem to be impacting several hypervisors. -Jordan