From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by mx.groups.io with SMTP id smtpd.web11.37988.1639559162311014295
 for <devel@edk2.groups.io>;
 Wed, 15 Dec 2021 01:06:02 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Cz6w6zrc;
 spf=pass (domain: redhat.com, ip: 170.10.129.124, mailfrom: kraxel@redhat.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1639559161;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=NBfnmP/2Bu8ixWC/PPYMxFw+5tlCem7rb2vrURVT5k8=;
	b=Cz6w6zrcC1moLswKL/9E5WL0pqJJR6ppeqzIyV8PqsWes+0uym3DUVr6WT9dnkI+XDrtyv
	WbS199UrQQzgjqd4iPGteEkNyK4GxaW242kvSQYrryvGZluCjkA09dZp+n+BvUSxYWONsv
	KwuhSH39eXbEkhmGYBxBXQwiHoNBSNA=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-241-0KUZS_-hPGyhGkRET53EKA-1; Wed, 15 Dec 2021 04:05:55 -0500
X-MC-Unique: 0KUZS_-hPGyhGkRET53EKA-1
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 130EB1006AA2;
	Wed, 15 Dec 2021 09:05:54 +0000 (UTC)
Received: from sirius.home.kraxel.org (unknown [10.39.192.14])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id A51D17E91A;
	Wed, 15 Dec 2021 09:05:53 +0000 (UTC)
Received: by sirius.home.kraxel.org (Postfix, from userid 1000)
	id EFB1C180039F; Wed, 15 Dec 2021 10:05:51 +0100 (CET)
Date: Wed, 15 Dec 2021 10:05:51 +0100
From: "Gerd Hoffmann" <kraxel@redhat.com>
To: Min Xu <min.m.xu@intel.com>
Cc: devel@edk2.groups.io, Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Brijesh Singh <brijesh.singh@amd.com>,
	Erdem Aktas <erdemaktas@google.com>,
	James Bottomley <jejb@linux.ibm.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>
Subject: Re: [PATCH V4 24/31] OvmfPkg: Add TdxDxe driver
Message-ID: <20211215090551.6en2gacrztvrkwxw@sirius.home.kraxel.org>
References: <cover.1639399598.git.min.m.xu@intel.com>
 <b62794152a423fa690dba0e7214de908ed63b8c5.1639399598.git.min.m.xu@intel.com>
MIME-Version: 1.0
In-Reply-To: <b62794152a423fa690dba0e7214de908ed63b8c5.1639399598.git.min.m.xu@intel.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=kraxel@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Mon, Dec 13, 2021 at 08:56:55PM +0800, Min Xu wrote:
> RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429
> 
> TdxDxe driver is dispatched early in DXE, due to being list in APRIORI.
> This module is responsible for below features:
>  - Sets max logical cpus based on TDINFO
>  - Sets PCI PCDs based on resource hobs
>  - Set shared bit in MMIO region
>  - Relocate Td mailbox and set its address in MADT table.
> 
> 1. Set shared bit in MMIO region
> 
> Qemu allows a ROM device to set to ROMD mode (default) or MMIO mode.
> When it is in ROMD mode, the device is mapped to guest memory and
> satisfies read access directly.
> 
> In EDK2 Option ROM is treated as MMIO region. So Tdx guest access
> Option ROM via TDVMCALL(MMIO). But as explained above, since Qemu set
> the Option ROM to ROMD mode, the call of TDVMCALL(MMIO) always return
> INVALID_OPERAND. Tdvf then falls back to direct access. This requires
> to set the shared bit to corresponding PageTable entry. Otherwise it
> triggers GP fault.
> 
> TdxDxe's entry point is the right place to set the shared bit in MMIO
> region because Option ROM has not been discoverd yet.
> 
> 2. Relocate Td mailbox and set the new address in MADT Mutiprocessor
> Wakeup Table.
> 
> In TDX the guest firmware is designed to publish a multiprocessor-wakeup
> structure to let the guest-bootstrap processor wake up guest-application
> processors with a mailbox. The mailbox is memory that the guest firmware
> can reserve so each guest virtual processor can have the guest OS send
> a message to them. The address of the mailbox is recorded in the MADT
> table. See [ACPI].
> 
> TdxDxe registers for protocol notification
> (gQemuAcpiTableNotifyProtocolGuid) to call the AlterAcpiTable(), in
> which MADT table is altered by the above Mailbox address. The protocol
> will be installed in AcpiPlatformDxe when the MADT table provided by
> Qemu is ready. This is to maintain the simplicity of the AcpiPlatformDxe.
> 
> AlterAcpiTable is the registered function which traverses the ACPI
> table list to find the original MADT from Qemu. After the new MADT is
> configured and installed, the original one will be uninstalled.
> 
> [ACPI] https://uefi.org/specs/ACPI/6.4/05_ACPI_Software_Programming_Model
> /ACPI_Software_Programming_Model.html#multiprocessor-wakeup-structure
> 
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Brijesh Singh <brijesh.singh@amd.com>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Signed-off-by: Min Xu <min.m.xu@intel.com>

Acked-by: Gerd Hoffmann <kraxel@redhat.com>

take care,
  Gerd