From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga17.intel.com (mga17.intel.com [192.55.52.151])
 by mx.groups.io with SMTP id smtpd.web09.17717.1645324415382497262
 for <devel@edk2.groups.io>;
 Sat, 19 Feb 2022 18:33:51 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=HBEEuwoQ;
 spf=pass (domain: intel.com, ip: 192.55.52.151, mailfrom: min.m.xu@intel.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1645324431; x=1676860431;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=kMw7hLv9jopQF75wVE37uxDZfu3LE8JK/95VwqZ37Lo=;
  b=HBEEuwoQQZ6P7uzu3bTh8IlS4mV3QhS0ZJu6PRLIdgH/n22V1f+zW4t6
   T/JBSKj9ydc2iaU0z6N2OkEQ3cxT+2HZH61be4ZVSvfk31Ociv7dkLZnU
   neBuV9Oq1QosPxsbovowzkWmJoXagidt1XST3QTtmyNNKBdBbA2JMSVMU
   GRvThz525ENzYynV+YxJ5t9wxg04VcmB0K+2z3pNVSN3K6GnZYHRIMVNw
   QtZyY0nneAdzri7VVd0bZyTCY/TekA61T3qzwOplfD8HJbp+WcROagZXo
   pyWw/vOqSvzxRKOWNri05egKY6hGWNRb7fzMB6QMFq3pUrMp8xzoaN2Ej
   Q==;
X-IronPort-AV: E=McAfee;i="6200,9189,10263"; a="231961745"
X-IronPort-AV: E=Sophos;i="5.88,382,1635231600"; 
   d="scan'208";a="231961745"
Received: from orsmga005.jf.intel.com ([10.7.209.41])
  by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Feb 2022 18:33:50 -0800
X-IronPort-AV: E=Sophos;i="5.88,382,1635231600"; 
   d="scan'208";a="705818751"
Received: from wangz1-mobl.ccr.corp.intel.com (HELO mxu9-mobl1.ccr.corp.intel.com) ([10.255.31.171])
  by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Feb 2022 18:33:47 -0800
From: "Min Xu" <min.m.xu@intel.com>
To: devel@edk2.groups.io
Cc: Min Xu <min.m.xu@intel.com>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	Brijesh Singh <brijesh.singh@amd.com>,
	Erdem Aktas <erdemaktas@google.com>,
	James Bottomley <jejb@linux.ibm.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Gerd Hoffmann <kraxel@redhat.com>
Subject: [PATCH V3 6/8] OvmfPkg: Update TdxDxe to set TDX PCDs
Date: Sun, 20 Feb 2022 10:33:17 +0800
Message-Id: <20220220023319.1495-7-min.m.xu@intel.com>
X-Mailer: git-send-email 2.29.2.windows.2
In-Reply-To: <20220220023319.1495-1-min.m.xu@intel.com>
References: <20220220023319.1495-1-min.m.xu@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

TDX_PEI_LESS_BOOT indicates the boot without PEI phase. In this case
settings in EFI_HOB_PLATFORM_INFO should be set to its according PCDs.
TdxDxe driver is workable for both Legacy guest and Tdx guest. It is
because for Legacy guest (in PEI-less boot) there should be a place
to set the PCDs based on EFI_HOB_PLATFORM_INFO hob. TdxDxe driver is
the right place to do this work.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 OvmfPkg/TdxDxe/TdxDxe.c   | 71 +++++++++++++++++++++++++++++++++++++--
 OvmfPkg/TdxDxe/TdxDxe.inf |  5 +++
 2 files changed, 74 insertions(+), 2 deletions(-)

diff --git a/OvmfPkg/TdxDxe/TdxDxe.c b/OvmfPkg/TdxDxe/TdxDxe.c
index 8f484a36fda9..a5f0c0c49d3e 100644
--- a/OvmfPkg/TdxDxe/TdxDxe.c
+++ b/OvmfPkg/TdxDxe/TdxDxe.c
@@ -24,12 +24,70 @@
 #include <Library/HobLib.h>
 #include <Protocol/Cpu.h>
 #include <Library/UefiBootServicesTableLib.h>
+#include <ConfidentialComputingGuestAttr.h>
 #include <IndustryStandard/Tdx.h>
 #include <Library/PlatformInitLib.h>
 #include <Library/TdxLib.h>
 #include <TdxAcpiTable.h>
 #include <Library/MemEncryptTdxLib.h>
 
+VOID
+SetPcdSettings (
+  EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
+  )
+{
+  RETURN_STATUS  PcdStatus;
+
+  PcdStatus = PcdSet16S (PcdOvmfHostBridgePciDevId, PlatformInfoHob->HostBridgePciDevId);
+  ASSERT_RETURN_ERROR (PcdStatus);
+  PcdStatus = PcdSet64S (PcdConfidentialComputingGuestAttr, PlatformInfoHob->PcdConfidentialComputingGuestAttr);
+  ASSERT_RETURN_ERROR (PcdStatus);
+  PcdStatus = PcdSetBoolS (PcdSetNxForStack, PlatformInfoHob->PcdSetNxForStack);
+  ASSERT_RETURN_ERROR (PcdStatus);
+  PcdStatus = PcdSetBoolS (PcdIa32EferChangeAllowed, PlatformInfoHob->PcdIa32EferChangeAllowed);
+  ASSERT_RETURN_ERROR (PcdStatus);
+
+  DEBUG ((
+    DEBUG_INFO,
+    "HostBridgeDevId=0x%x, CCAttr=0x%x, SetNxForStack=%x, Ia32EferChangeAllowed=%x\n",
+    PlatformInfoHob->HostBridgePciDevId,
+    PlatformInfoHob->PcdConfidentialComputingGuestAttr,
+    PlatformInfoHob->PcdSetNxForStack,
+    PlatformInfoHob->PcdIa32EferChangeAllowed
+    ));
+
+  PcdStatus = PcdSet32S (PcdCpuBootLogicalProcessorNumber, PlatformInfoHob->PcdCpuBootLogicalProcessorNumber);
+  ASSERT_RETURN_ERROR (PcdStatus);
+  PcdStatus = PcdSet32S (PcdCpuMaxLogicalProcessorNumber, PlatformInfoHob->PcdCpuMaxLogicalProcessorNumber);
+
+  ASSERT_RETURN_ERROR (PcdStatus);
+  DEBUG ((
+    DEBUG_INFO,
+    "MaxCpuCount=0x%x, BootCpuCount=0x%x\n",
+    PlatformInfoHob->PcdCpuMaxLogicalProcessorNumber,
+    PlatformInfoHob->PcdCpuBootLogicalProcessorNumber
+    ));
+
+  if (TdIsEnabled ()) {
+    PcdStatus = PcdSet64S (PcdTdxSharedBitMask, TdSharedPageMask ());
+    ASSERT_RETURN_ERROR (PcdStatus);
+    DEBUG ((DEBUG_INFO, "TdxSharedBitMask=0x%llx\n", PcdGet64 (PcdTdxSharedBitMask)));
+  } else {
+    PcdStatus = PcdSet64S (PcdPciMmio64Base, PlatformInfoHob->PcdPciMmio64Base);
+    ASSERT_RETURN_ERROR (PcdStatus);
+    PcdStatus = PcdSet64S (PcdPciMmio64Size, PlatformInfoHob->PcdPciMmio64Size);
+    ASSERT_RETURN_ERROR (PcdStatus);
+    PcdStatus = PcdSet64S (PcdPciMmio32Base, PlatformInfoHob->PcdPciMmio32Base);
+    ASSERT_RETURN_ERROR (PcdStatus);
+    PcdStatus = PcdSet64S (PcdPciMmio32Size, PlatformInfoHob->PcdPciMmio32Size);
+    ASSERT_RETURN_ERROR (PcdStatus);
+    PcdStatus = PcdSet64S (PcdPciIoBase, PlatformInfoHob->PcdPciIoBase);
+    ASSERT_RETURN_ERROR (PcdStatus);
+    PcdStatus = PcdSet64S (PcdPciIoSize, PlatformInfoHob->PcdPciIoSize);
+    ASSERT_RETURN_ERROR (PcdStatus);
+  }
+}
+
 /**
   Location of resource hob matching type and starting address
 
@@ -179,10 +237,19 @@ TdxDxeEntryPoint (
     return EFI_UNSUPPORTED;
   }
 
-  SetMmioSharedBit ();
-
   PlatformInfo = (EFI_HOB_PLATFORM_INFO *)GET_GUID_HOB_DATA (GuidHob);
 
+ #ifdef TDX_PEI_LESS_BOOT
+  SetPcdSettings (PlatformInfo);
+
+  if (!TdIsEnabled ()) {
+    return EFI_SUCCESS;
+  }
+
+ #endif
+
+  SetMmioSharedBit ();
+
   //
   // Call TDINFO to get actual number of cpus in domain
   //
diff --git a/OvmfPkg/TdxDxe/TdxDxe.inf b/OvmfPkg/TdxDxe/TdxDxe.inf
index 077769bcf70c..ca51122664fa 100644
--- a/OvmfPkg/TdxDxe/TdxDxe.inf
+++ b/OvmfPkg/TdxDxe/TdxDxe.inf
@@ -60,5 +60,10 @@
   gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio64Size
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId
   gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber
+  gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber
   gUefiCpuPkgTokenSpaceGuid.PcdCpuLocalApicBaseAddress
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFdBaseAddress
+  gEfiMdeModulePkgTokenSpaceGuid.PcdIa32EferChangeAllowed
+  gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
+  gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask
+  gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack
-- 
2.29.2.windows.2