From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web08.3858.1650328002343868729 for ; Mon, 18 Apr 2022 17:27:01 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=fyc5ys9n; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: min.m.xu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1650328021; x=1681864021; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Qs43ud3mtwbp/vRYqLVOKo04MzMimo40Cou0eyKWr6Q=; b=fyc5ys9ncV9fhsHuCU2mCbzUGLtkukxKS7h7DqaQevnaJwiFEI8LACxM zHpEinwBNEMrL2R+WUTkf+sNUoota3HsEswsDQM1FXUyHhuUNvY9bOapf NG4WCTin6S+90Jn0BzdqgCM84//pfLF9TpaSSkDFQuR8tgVDB2CkOeW/p b85ENA9nl8DO7ilfLYlAyPvCtpjW5rcOHiZMJN5A39QoKSDDWgLOODfs8 Yv9IWRQkIYlgrd1x+dyHR24gmoXLJ3ZN428gvDE1VfA6mFn86a76XBvFJ +2Q/MUHMHs3aiujFFDgT59qe3P0Rv0i6WMRclno4rK5vIewUQm4Ea9Cep Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10321"; a="326540418" X-IronPort-AV: E=Sophos;i="5.90,271,1643702400"; d="scan'208";a="326540418" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Apr 2022 17:27:00 -0700 X-IronPort-AV: E=Sophos;i="5.90,271,1643702400"; d="scan'208";a="529080087" Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.171.121]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Apr 2022 17:26:58 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , James Bottomley , Jiewen Yao , Gerd Hoffmann , Brijesh Singh , Erdem Aktas , Tom Lendacky Subject: [PATCH V4 7/7] OvmfPkg: Call CcProbe in SecMain.c instead of TsIsEnabled Date: Tue, 19 Apr 2022 08:26:28 +0800 Message-Id: <2a282aa9da70db364044b51fe90d1ad7f5d42437.1650326140.git.min.m.xu@intel.com> X-Mailer: git-send-email 2.29.2.windows.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3902 TdIsEnabled() uses the CPUID instruction. At this point, exception handling is not established and a CPUID instruction will generate a #VC and cause the booting guest to crash. CcProbe() checks Ovmf work area to return the guest type. So call of CcProbe() instead of TdIsEnabled() to fix the above issue. Cc: James Bottomley Cc: Jiewen Yao Cc: Gerd Hoffmann Cc: Brijesh Singh Cc: Erdem Aktas Cc: Tom Lendacky Reviewed-by: Jiewen Yao Reviewed-by: Tom Lendacky Signed-off-by: Min Xu --- OvmfPkg/IntelTdx/Sec/SecMain.c | 6 +++--- OvmfPkg/IntelTdx/Sec/SecMain.inf | 1 + OvmfPkg/Sec/SecMain.c | 5 +++-- OvmfPkg/Sec/SecMain.inf | 1 + 4 files changed, 8 insertions(+), 5 deletions(-) diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.c b/OvmfPkg/IntelTdx/Sec/SecMain.c index 26d56be335e1..ab01ec9ab19c 100644 --- a/OvmfPkg/IntelTdx/Sec/SecMain.c +++ b/OvmfPkg/IntelTdx/Sec/SecMain.c @@ -25,7 +25,7 @@ #include #include #include - +#include #include #define SEC_IDT_ENTRY_COUNT 34 @@ -61,7 +61,7 @@ SecCoreStartupWithStack ( UINT32 Index; volatile UINT8 *Table; - if (TdIsEnabled ()) { + if (CcProbe () == CcGuestTypeIntelTdx) { // // For Td guests, the memory map info is in TdHobLib. It should be processed // first so that the memory is accepted. Otherwise access to the unaccepted @@ -119,7 +119,7 @@ SecCoreStartupWithStack ( // AsmWriteIdtr (&IdtDescriptor); - if (TdIsEnabled ()) { + if (CcProbe () == CcGuestTypeIntelTdx) { // // InitializeCpuExceptionHandlers () should be called in Td guests so that // #VE exceptions can be handled correctly. diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.inf b/OvmfPkg/IntelTdx/Sec/SecMain.inf index df2e749c3505..9cf1249d02e5 100644 --- a/OvmfPkg/IntelTdx/Sec/SecMain.inf +++ b/OvmfPkg/IntelTdx/Sec/SecMain.inf @@ -49,6 +49,7 @@ CpuExceptionHandlerLib PeilessStartupLib PlatformInitLib + CcProbeLib [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c index ca9717a7b526..8949d1015708 100644 --- a/OvmfPkg/Sec/SecMain.c +++ b/OvmfPkg/Sec/SecMain.c @@ -28,6 +28,7 @@ #include #include #include +#include #include "AmdSev.h" #define SEC_IDT_ENTRY_COUNT 34 @@ -738,7 +739,7 @@ SecCoreStartupWithStack ( volatile UINT8 *Table; #if defined (TDX_GUEST_SUPPORTED) - if (TdIsEnabled ()) { + if (CcProbe () == CcGuestTypeIntelTdx) { // // For Td guests, the memory map info is in TdHobLib. It should be processed // first so that the memory is accepted. Otherwise access to the unaccepted @@ -828,7 +829,7 @@ SecCoreStartupWithStack ( } #if defined (TDX_GUEST_SUPPORTED) - if (TdIsEnabled ()) { + if (CcProbe () == CcGuestTypeIntelTdx) { // // InitializeCpuExceptionHandlers () should be called in Td guests so that // #VE exceptions can be handled correctly. diff --git a/OvmfPkg/Sec/SecMain.inf b/OvmfPkg/Sec/SecMain.inf index 4b5b089ccd69..27100595aeca 100644 --- a/OvmfPkg/Sec/SecMain.inf +++ b/OvmfPkg/Sec/SecMain.inf @@ -54,6 +54,7 @@ LocalApicLib MemEncryptSevLib CpuExceptionHandlerLib + CcProbeLib [Ppis] gEfiTemporaryRamSupportPpiGuid # PPI ALWAYS_PRODUCED -- 2.29.2.windows.2