From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.51]) by mx.groups.io with SMTP id smtpd.web09.2981.1632540089219194278 for ; Fri, 24 Sep 2021 20:21:29 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=1MDJZ8iU; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.223.51, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=U8T0HTHrgE0Hav47cW7tvkjbwxZGR8S57+J06p6OO5afGUf5NmzGofB5Pl/Gt/JW4klI/4F3WlO8LC3m0WcvaV16JsSXbfRx7+dpEPZdz4RWlIHPhZssb8hscbC5U+a4HW1tYUVdalp3CZNl3riFkBPS2rJAJHOpqSAMJHx7LRnhJXXpIjuvsIM7G1Q8BnQLh5dF9oGnLcDTcj/OTVU1e38ylzUt3zeAWybfOBymocoZiQj9OTzzw83r6ZnBWLDTJPYPC8yzTdYQzyrDIo5XQ3VmTAgn02gQxlI4O2/lG2Uc1/hAg9pPasvNhvOawxW0A67G9I8n19AnJfakGX6OBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=8s/EWOlxYAqRIIdYLbCwI5XlwWK1wnmZDpndnIYj+xo=; b=FgUv95KEI3KK4T0eQOLN0XxDpR4cjjahos7wEuuRQt6lep+0zQcm3rIUvkh1R9/YobhZ5Y8kZ2UGsQvHfwSKm+qnvbwfNlwGiEab2R5Jastr9D7qFE47FdGFdD6DJPS9v3r9lcrudO0Mn7OMJWd0kwPifCXJDiMiv6wk0DvdwfH3X0lGe5IcOqoh0e5IvC5Y100cGOIU9TBz4oVeTbqBO0KN/kURR9iB/JjAZctAwtu6jgWhT6ojJf8MKLAQCm4S+yPSUjMhDgRpqHcv+0mMKLhcORRLQWccycdSi8iZ5gr8HizDWJLbEHkeUUcIJT0MujyU5cqNRI0xzJerLygoPg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8s/EWOlxYAqRIIdYLbCwI5XlwWK1wnmZDpndnIYj+xo=; b=1MDJZ8iU9/rkK5a+uK03DHw5WFZpuSf/lOk6h8EyfusguA0ka5bgYREHkatxJ+wJ707V9aSwZQ8trZsp4snR118MDqVd7G7rZlMMJK46s/+RguoAKKjkoEFsPB+B5q8tlX7vHh9T2HUf9+P3j0lP/bJxaVIMERoDNSrActjQDms= Authentication-Results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4495.namprd12.prod.outlook.com (2603:10b6:806:70::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.13; Sat, 25 Sep 2021 03:21:24 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4544.018; Sat, 25 Sep 2021 03:21:24 +0000 Subject: Re: [PATCH V7 1/1] OvmfPkg: Enable TDX in ResetVector To: "Xu, Min M" , "devel@edk2.groups.io" CC: Ard Biesheuvel , "Justen, Jordan L" , Gerd Hoffmann , Erdem Aktas , James Bottomley , "Yao, Jiewen" , Tom Lendacky References: <12721dade1f2f9905cc34271d9abec24650442ff.1632214561.git.min.m.xu@intel.com> <753f43a1-98e2-2477-4708-6e118221207e@amd.com> From: "Brijesh Singh" Message-ID: <1fb11eee-9216-a560-bd4b-2fc72d158d97@amd.com> Date: Fri, 24 Sep 2021 22:21:22 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.14.0 In-Reply-To: X-ClientProxiedBy: SA0PR11CA0041.namprd11.prod.outlook.com (2603:10b6:806:d0::16) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 Received: from Brijeshs-MacBook-Pro.local (70.112.153.56) by SA0PR11CA0041.namprd11.prod.outlook.com (2603:10b6:806:d0::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.15 via Frontend Transport; Sat, 25 Sep 2021 03:21:23 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 13c11782-c712-4ee7-e279-08d97fd38dbc X-MS-TrafficTypeDiagnostic: SA0PR12MB4495: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: UjSrcsjdrAAI4FsNQbYerT5wgatju/16sOTdmDzGz+OPq7qeSEbrG4u088UsSTJHGSOjk0V3Z7ZFHlapGaVpF44JByN3HiINSwkbVQMPNqkV+eA8N5k069Y+3ADWQLCPJzx3g7CA5IiPClfgxMj8E1OqvwA6hJFQgasIkYnEgdmrF23kbvbSjBc11CnKJ+7t1HL743c0R/UlDj/0nviHQFqmic3QC7gd213+rSTcxD+gW1Y2VrVZ3psR3ITYAV01JML65wwPDaXjJhfWIJAvHx+PLjWO4WGGoNo+wXJM8Ob6O47ONCrGfKLjQDMHms4WQJALbpjYOKD1YRgWhepMJQijoUJBTWg3MJpAus0/n4vTqPDYZKVuSkhgGM7ZuiLaO6GNySI3zf95z9oJRBbAVxhC5jDFaF3GQQ8dOchCrBVZL974naiQrpGWEajKKqYqjggT5QQ6rlYtCP15ljrMr1ucxi0d3hyaNVeygtHslRk5h7W0PStdGuvr2RJySAW7CbjUjYoOW92wIyUoEzCw9QOcSjEybhnFWtyo53diD0bdic88RWsqTezJ4t/eVxed0xlGI3FzEXRpem+VXvA7oRjppwoavBjMH/K5f0w672lB0gtOmM1QnDn6DkfeAyEpHlWkieJh/g50dZtpaz3hBAxqUSIYsnTkXeGkQnHsiexfmEmff6+onT2hWnpA1e0sHtCMiYTKGa30QoAEOvFmpCvcECR/3/ypr3hPRirYk1WaotMWWc5sBmC9trGqEPpxCaRnBx6mlmuV/xfjTzZUxQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(6486002)(4326008)(19627235002)(5660300002)(2616005)(38100700002)(956004)(38350700002)(6512007)(31696002)(36756003)(31686004)(316002)(86362001)(44832011)(8936002)(52116002)(66946007)(186003)(26005)(83380400001)(66476007)(6506007)(110136005)(53546011)(2906002)(66556008)(8676002)(54906003)(508600001)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?I3qgatnt/vxQ6gwRtfe9Tq/dpHUXHL+//XIb7vsq2vOmxZDjmmOt8qHmmJYc?= =?us-ascii?Q?W8X+kGEAKSXCRB4Pb5uw9LMKNP0HJVmya+P4F6cd0A2SZB5bseCz6aJeTdDB?= =?us-ascii?Q?Wh0FdKL3gxMmV/vfUXE1rrY03z7zvfUcFzjpGJOGkiGjB7ZGs1Wu/yWZo5+w?= =?us-ascii?Q?Br1hXIbfz1udaHGLQVsprEIrL+emMKDr4JXjNco52mPs8Jb39cJ0vhjke7aW?= =?us-ascii?Q?+HW8EAXC49xbyCi9E6mG0Ck8RwAw6TYsDZtxT0YKZBBwrJNppOhoSx+IEJew?= =?us-ascii?Q?QE7SNIH9Vn165ZR5BiocXZh1jTbk83K6LsL+hBde/X5M4oXCynfsG1TjOm0Z?= =?us-ascii?Q?ZTf0V+RYQwwNNYvMnoXNGFftuZoV9hLHplQHON/Mnp2URJ0jM88Xnmt5l9/x?= =?us-ascii?Q?33Q2RG9Dn0WqEuuXCbsocbepP3/p65KAJc/Hlgf1J/gtM94TSHHgc+vpKkpj?= =?us-ascii?Q?NHsabCkklvnj7/IM+gKwePBlG2hbEuMAbIIxzytUhEnWnmvwKP5RwqIbeCbU?= =?us-ascii?Q?7/RSZ10TbFwKy+sD9Y+vd0WFUsTmUbh+/VZJ0fONjyOstea9+ews8eOZFMLy?= =?us-ascii?Q?ZUT9wTHpfmq0GEh2azwoF7jnEySpSxWY9ZTqM1n6wHeH9uTDO4h/qrqAGxW3?= =?us-ascii?Q?kL0yhaFA5Mw/f8Bs3zJVNSmoRIfxELUPsGP2NJWrM7tCFXNcqbGwDHZ6h04b?= =?us-ascii?Q?saAe9G7/8VRiEdJmARCZ8WisCZ8cJRe41iQSB9a08SPCJd0y09sSGogSA+yo?= =?us-ascii?Q?XxqRDKefNtKJQHsFNHKKaX65FwSXtToS8zCS87PjMKrDPIxILav4lhwe3cHF?= =?us-ascii?Q?goW6c5lzAy4t0m/4m2v9UiCQzknEX8LQd7pXyqtL/2iNWt83fzYbUxQOscWF?= =?us-ascii?Q?CqMe//w+f0gHV3pNhbVWfQqRJ9/LOhDV41RB2O7LP+uvBSw5tvv8F8Hy7t4/?= =?us-ascii?Q?lWfPTwtsxfVLBoMkUjmQEsReXM1eNzdzbXOZVXrOqggNM3Pa9k2LXKdtcylB?= =?us-ascii?Q?Raac12iHGUy1Pl7y2Thg8WUJoF8sfVioB47+e41Rk3KT7MVBSkaCee/Zd6fm?= =?us-ascii?Q?m0LQTw/OVw+3/vfpxCaZEwHKHb2wp4+/oZwJiHvoNqUSO0gxAuY81BiJqY08?= =?us-ascii?Q?X8h4bntgS/3twnYxC8DMzUXpPutKkjUmN9DYOxYkYcI1QNk9gl5dJnFPVuIG?= =?us-ascii?Q?ZoJjEfXi/CYv2k81Ik5SeYokkSDRKUoS8ZrgzPf9b6Vck4/elyiLE6V1MO6e?= =?us-ascii?Q?63Pq0csl8Zf66afQ9LvDDbkdrZNB4seJv6hUAaQXrWqhgYY77nsJF3fNpJ5d?= =?us-ascii?Q?K/KnjLKWdCJIXMZ/YsbCPdWe?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 13c11782-c712-4ee7-e279-08d97fd38dbc X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Sep 2021 03:21:24.4767 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: AgoNstfq61+peRn+c4O8rHksWYzu23IYHQu4vQeDwmM4FGRXiBzokhJXWdb59GVVPMRLm09BzzAmOWAUhL7sGA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4495 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Language: en-US Hi Min, On 9/24/21 7:03 PM, Xu, Min M wrote: > On September 24, 2021 6:58 PM, Brijesh Singh wrote: >> Hi Min, >> >> On 9/21/21 4:05 AM, Min Xu wrote: >>> ; >>> ; Modified: EAX, EBX, ECX, EDX >>> ; >>> SetCr3ForPageTables64: >>> - >>> - ; Clear the WorkArea header. The SEV probe routines will populate = the >>> - ; work area when detected. >>> - mov byte[WORK_AREA_GUEST_TYPE], 0 >> Why you are removing the above block ? The workarea hdr must be initiali= zed >> to zero, its not safe to assume that the guest memory is zero'ed in the = non- >> encrypted case. >> > Hi, Brijesh > Please see below explanation (It is in the commit message) > - In Main16 entry point, after TransitionFromReal16To32BitFlat, > WORK_AREA_GUEST_TYPE is cleared to 0. WORK_AREA_GUEST_TYPE was > previously cleared in SetCr3ForPageTables64 (see commit ab77b60). > This doesn't work after TDX is introduced in Ovmf. It is because all > TDX CPUs (BSP and APs) start to run from 0xfffffff0. In previous code > WORK_AREA_GUEST_TYPE will be cleared multi-times in TDX guest. So for > SEV and Legacy guest it is moved to Main16 entry point (after > TransitionFromReal16To32BitFlat). For TDX guest WORK_AREA_GUEST_TYPE > is cleared and set in InitTdxWorkarea thanks for clarifying it. This is very busy commit and making several changes at once, so some of important common code movement is getting lost. Maybe I recommend you to please break it into multiple. e,g=C2=A0 this particular change can be very easily broken into two commits 1) Since TDX support need the change in the boot flow, and you are no longer using the Main.asm from the UefiCpuPkg. This can be a pre-patch in which you copy UefiCpuPkg/ResetVector/Vtf0/main.asm -> OvmfPkg/ResetVector/Main.asm and document reason behind the move. 2) Remove clearing of workarea from SetCr3ForPageTables64 to Main.asm Now that we have override for the Main.asm, I think clearing of the workarea should be done for all architecture (Ia32, x64) to cover the cases where someone builds the OVMF for 32bit or IA32 and X64. thanks > Thanks! > Min