From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by mx.groups.io with SMTP id smtpd.web08.4733.1650333522393990844 for ; Mon, 18 Apr 2022 18:58:43 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=YtS4FWiJ; spf=pass (domain: intel.com, ip: 192.55.52.120, mailfrom: min.m.xu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1650333522; x=1681869522; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=R5VlbmCZa30Pr0RAsAahVNQZxuTVKZ8sfvbl97Wku/o=; b=YtS4FWiJ74HvyfkkNB3Ns/NT4jYmy7lO/K1OmNJJtg5AFGREvwGdfoNR TCQStnS193w6dMe3+imNRwBhdwXWKFoMmiNSZ01LKnOECqPEv3iwAX8h/ RM82OwXZO3b9DF9HWislZzq+sfG4jocPb8NxhyG+49bgUg53CuuXVt8l0 HrcgvG4PeCN5jr6jPFscWJR82QYxLxE/ruBJFrpy6xulWIY0utMZrrAgP Tz2oI9GCPslTgm/6k1P4rZ6nxP5bfI1C423+2IFI5pdu5bp/OXteQfe5I uUFl6epgYZwsl63vByfaYii/kt9rrC1CtpApMsjwnfBfDvpu1oBfDXQIR A==; X-IronPort-AV: E=McAfee;i="6400,9594,10321"; a="262512362" X-IronPort-AV: E=Sophos;i="5.90,271,1643702400"; d="scan'208";a="262512362" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Apr 2022 18:58:41 -0700 X-IronPort-AV: E=Sophos;i="5.90,271,1643702400"; d="scan'208";a="554492396" Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.171.121]) by orsmga007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Apr 2022 18:58:39 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky Subject: [PATCH] OvmfPkg: Set PciLib for TdxDxe driver Date: Tue, 19 Apr 2022 09:58:28 +0800 Message-Id: <20220419015828.899-1-min.m.xu@intel.com> X-Mailer: git-send-email 2.29.2.windows.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3904 TdxDxe driver is introduced for Intel TDX feature. Unfortunately, this driver also breaks boot process in SEV-ES guest. The root cause is in the PciLib which is imported by TdxDxe driver. In a SEV-ES guest the AmdSevDxe driver performs a MemEncryptSevClearMmioPageEncMask() call against the PcdPciExpressBaseAddress range to mark it shared/unencrypted. However, the TdxDxe driver is loaded before the AmdSevDxe driver, and the PciLib in TdxDxe is DxePciLibI440FxQ35 which will access the PcdPciExpressBaseAddress range. Since the range has not been marked shared/unencrypted, the #VC handler terminates the guest for trying to do MMIO to an encrypted region. To fix the issue TdxDxe driver set the PciLib to BasePciLibCf8.inf as AmdSevDxe driver does. Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky SEV-Tested-by: Tom Lendacky TDX-Tested-by: Min Xu Signed-off-by: Min Xu --- OvmfPkg/IntelTdx/IntelTdxX64.dsc | 5 ++++- OvmfPkg/OvmfPkgX64.dsc | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc index 245155d41b..f58f14a1d8 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -704,7 +704,10 @@ OvmfPkg/PlatformDxe/Platform.inf OvmfPkg/IoMmuDxe/IoMmuDxe.inf - OvmfPkg/TdxDxe/TdxDxe.inf + OvmfPkg/TdxDxe/TdxDxe.inf { + + PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf + } # # Variable driver stack (non-SMM) diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index fb2899f8a1..68e7d051d0 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -967,7 +967,10 @@ } OvmfPkg/IoMmuDxe/IoMmuDxe.inf - OvmfPkg/TdxDxe/TdxDxe.inf + OvmfPkg/TdxDxe/TdxDxe.inf { + + PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf + } !if $(SMM_REQUIRE) == TRUE OvmfPkg/SmmAccess/SmmAccess2Dxe.inf -- 2.29.2.windows.2