From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web08.5619.1645609750671964623 for ; Wed, 23 Feb 2022 01:49:10 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=AN3y5q9W; spf=pass (domain: redhat.com, ip: 170.10.133.124, mailfrom: kraxel@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1645609749; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=kXBZm7kx9NK74l5EPzwzWBF+S05YcvcM0qEnLBSOol8=; b=AN3y5q9Wg/nyy5Ei/8RW2umVd57n9eSQj1fxUIJczK+whalFdRe8I/grdhE6/n7qqxPIOq GIwFWdDodqoDc/A12AnJI60XJ2lNHGSrAEZNw3E+ynDqQFML2Ru3ehpEBuafSc8dJidPO/ ufMA1uVhn8aS7v+uBCXP1LOC9sH4caY= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-240-C5CiaiYxNgqjv3X08cMLwQ-1; Wed, 23 Feb 2022 04:49:06 -0500 X-MC-Unique: C5CiaiYxNgqjv3X08cMLwQ-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 132A21854E26; Wed, 23 Feb 2022 09:49:05 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.195.81]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B634B7FCE6; Wed, 23 Feb 2022 09:49:04 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 9ADDA18003BF; Wed, 23 Feb 2022 10:49:02 +0100 (CET) Date: Wed, 23 Feb 2022 10:49:02 +0100 From: "Gerd Hoffmann" To: Min Xu Cc: devel@edk2.groups.io, Ard Biesheuvel , Jordan Justen , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky Subject: Re: [PATCH V6 28/42] OvmfPkg: Update Sec to support Tdx Message-ID: <20220223094902.z3xhtgpyu6tfzoxu@sirius.home.kraxel.org> References: <3ce2959c95673098abcb87411fead83ea57ac362.1645261990.git.min.m.xu@intel.com> MIME-Version: 1.0 In-Reply-To: <3ce2959c95673098abcb87411fead83ea57ac362.1645261990.git.min.m.xu@intel.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=kraxel@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Sat, Feb 19, 2022 at 07:56:41PM +0800, Min Xu wrote: > RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429 > > There are below major changes in this commit. > > 1. SecEntry.nasm > In TDX BSP and APs goes to the same entry point in SecEntry.nasm. > > BSP initialize the temporary stack and then jumps to SecMain, just as > legacy Ovmf does. > > APs spin in a modified mailbox loop using initial mailbox structure. > Its structure defition is in OvmfPkg/Include/IndustryStandard/IntelTdx.h. > APs wait for command to see if the command is for me. If so execute the > command. > > 2. Sec/SecMain.c > When host VMM create the Td guest, the system memory informations are > stored in TdHob, which is a memory region described in Tdx metadata. > The system memory region in TdHob should be accepted before it can be > accessed. So the major task of this patch is to process the TdHobList > to accept the memory. After that TDVF follow the standard OVMF flow > and jump to PEI phase. > > PcdUse1GPageTable is set to FALSE by default in OvmfPkgX64.dsc. It gives > no chance for Intel TDX to support 1G page table. To support 1G page > table this PCD is set to TRUE in OvmfPkgX64.dsc. > > TDX only works on X64, so the code is only valid in X64 arch. Acked-by: Gerd Hoffmann take care, Gerd