From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by mx.groups.io with SMTP id smtpd.web09.4791.1648080751988371354 for ; Wed, 23 Mar 2022 17:12:35 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=WtuaQIj3; spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: min.m.xu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1648080754; x=1679616754; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Wdj9JdJbGWXIx0W24uaEMyOHg1WeyMxDS1cVsU+oHvM=; b=WtuaQIj3LPAIDeGSDTUN0Cqsfa6IZvGTK9/yrDte/MjU0SsQfO4J7Ms0 6OPniZ1nlv8dWCu7Q1Vrxpf/u2/CVx0q/rb4iEprMdDBM42yhtyHLMFSR gmHTISJ1/Jm3Ek8J6Nw0cFSQe1R7ZWxjtneoeeZbMgXZjIqdE4uhQa9am LIAT8r/ovocr7qVrC1UrdZad0vjTJZ7D5lEXkdlI0SioaZennK+oc/uvz e6uL8Oo7+guwS1/DcPbkI4nVZ+M98E6i1QF4zsBD2nnCjDfBkqIoi2APU IEMLfy0MqIEa8nK+3uX+hu7nXYORkx1fYYUsdCVWdKWH30Z0xbwWx2y5f g==; X-IronPort-AV: E=McAfee;i="6200,9189,10295"; a="258207768" X-IronPort-AV: E=Sophos;i="5.90,205,1643702400"; d="scan'208";a="258207768" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Mar 2022 17:12:34 -0700 X-IronPort-AV: E=Sophos;i="5.90,205,1643702400"; d="scan'208";a="649651522" Received: from mxu9-mobl1.ccr.corp.intel.com ([10.255.31.90]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Mar 2022 17:12:31 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Jian J Wang , Hao A Wu , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky , Gerd Hoffmann Subject: [PATCH V10 36/47] MdeModulePkg: Add PcdTdxSharedBitMask Date: Thu, 24 Mar 2022 08:10:22 +0800 Message-Id: <20220324001033.1169-37-min.m.xu@intel.com> X-Mailer: git-send-email 2.29.2.windows.2 In-Reply-To: <20220324001033.1169-1-min.m.xu@intel.com> References: <20220324001033.1169-1-min.m.xu@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429 Guest Physical Address (GPA) space in Td guest is divided into private and shared sub-spaces, determined by the SHARED bit of GPA. This PCD holds the shared bit mask. Its default value is 0 and it will be set in PlatformPei driver if it is of Td guest. Cc: Jian J Wang Cc: Hao A Wu Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Gerd Hoffmann Acked-by: Gerd Hoffmann Reviewed-by: Jian J Wang Signed-off-by: Min Xu --- MdeModulePkg/MdeModulePkg.dec | 4 ++++ OvmfPkg/AmdSev/AmdSevX64.dsc | 3 +++ OvmfPkg/Bhyve/BhyveX64.dsc | 3 +++ OvmfPkg/CloudHv/CloudHvX64.dsc | 3 +++ OvmfPkg/Microvm/MicrovmX64.dsc | 3 +++ OvmfPkg/OvmfPkgIa32.dsc | 3 +++ OvmfPkg/OvmfPkgIa32X64.dsc | 1 + OvmfPkg/OvmfPkgX64.dsc | 3 +++ OvmfPkg/OvmfXen.dsc | 3 +++ 9 files changed, 26 insertions(+) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 40601c95832b..cf79292ec877 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -2083,6 +2083,10 @@ # @Prompt Enable PCIe Resizable BAR Capability support. gEfiMdeModulePkgTokenSpaceGuid.PcdPcieResizableBarSupport|FALSE|BOOLEAN|0x10000024 + ## This PCD holds the shared bit mask for page table entries when Tdx is enabled. + # @Prompt The shared bit mask when Intel Tdx is enabled. + gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0|UINT64|0x10000025 + [PcdsPatchableInModule] ## Specify memory size with page number for PEI code when # Loading Module at Fixed Address feature is enabled. diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index c173a72134f4..dda98aa43bdb 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -558,6 +558,9 @@ # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + # Set Tdx shared bit mask + gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 + # Set SEV-ES defaults gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc index 656e407473bb..0daae82d6705 100644 --- a/OvmfPkg/Bhyve/BhyveX64.dsc +++ b/OvmfPkg/Bhyve/BhyveX64.dsc @@ -550,6 +550,9 @@ # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + # Set Tdx shared bit mask + gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 + gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 # MdeModulePkg resolution sets up the system display resolution diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc index c307f1cc7550..1732f281b435 100644 --- a/OvmfPkg/CloudHv/CloudHvX64.dsc +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc @@ -603,6 +603,9 @@ # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + # Set Tdx shared bit mask + gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 + # Set SEV-ES defaults gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc index 0eac0c02c630..cde90f523520 100644 --- a/OvmfPkg/Microvm/MicrovmX64.dsc +++ b/OvmfPkg/Microvm/MicrovmX64.dsc @@ -592,6 +592,9 @@ # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + # Set Tdx shared bit mask + gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 + # Set SEV-ES defaults gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 8f02dca63869..01a26c234a88 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -618,6 +618,9 @@ # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + # Set Tdx shared bit mask + gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 + # Set SEV-ES defaults gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 98a6748c62dd..bf08e893e053 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -631,6 +631,7 @@ # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 # Set SEV-ES defaults gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 2df5b2999610..3092036bb7f6 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -642,6 +642,9 @@ # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + # Set Tdx shared bit mask + gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 + # Set SEV-ES defaults gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc index aa27e2256ae9..470c8cfe4d23 100644 --- a/OvmfPkg/OvmfXen.dsc +++ b/OvmfPkg/OvmfXen.dsc @@ -495,6 +495,9 @@ # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + # Set Tdx shared bit mask + gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 + gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 ################################################################################ -- 2.29.2.windows.2