From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web11.903.1647050145463002246 for ; Fri, 11 Mar 2022 17:56:11 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=gSNOJYWs; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: min.m.xu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1647050171; x=1678586171; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Jwgc2htxmtehBr6xGBvtcXGpP0bjum/wMYg3krDHabw=; b=gSNOJYWsEWdsZRGwDQVdRpZd1NRmg4+K+QGu7+mA8rXzf58HcrMuqnBY N2mAzfmlxvKmursD0QBDJgE86medxzhT0CzFTOMswz5oPSWEjL2ABYhH1 ad9ejgzQwuyeLyqU2iIy+FmQOX4QFHf/4qCiZcllfUnnu+juafun+sN5w K/8QiGrVs55ZlBXZRMgokw3hepLk2IAMexw3uaEfbpFy6L+xX+PjETs+j fT292fj0WpYvitQlhQnyNaQGkCH97XY2YdhNtrtGQLsD69HkTGPsZ3+BS 6tndSOv5+/d8VFPJ1JmCxHflGuCvDt8VhJaB0djrciufyX3bx9MNHI76P w==; X-IronPort-AV: E=McAfee;i="6200,9189,10283"; a="255895044" X-IronPort-AV: E=Sophos;i="5.90,175,1643702400"; d="scan'208";a="255895044" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Mar 2022 17:56:11 -0800 X-IronPort-AV: E=Sophos;i="5.90,175,1643702400"; d="scan'208";a="555565137" Received: from mxu9-mobl1.ccr.corp.intel.com ([10.255.29.254]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Mar 2022 17:56:08 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Ard Biesheuvel , Jordan Justen , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky , Gerd Hoffmann Subject: [PATCH V8 34/47] OvmfPkg: Check Tdx in QemuFwCfgPei to avoid DMA operation Date: Sat, 12 Mar 2022 09:53:59 +0800 Message-Id: <45746db4834711a1b4e229560472eca349953691.1647047482.git.min.m.xu@intel.com> X-Mailer: git-send-email 2.29.2.windows.2 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429 If TDX is enabled then we do not support DMA operation in PEI phase. This is mainly because DMA in TDX guest requires using bounce buffer (which need to allocate dynamic memory and allocating a PAGE size'd buffer can be challenge in PEI phase). Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Gerd Hoffmann Acked-by: Gerd Hoffmann Signed-off-by: Min Xu --- .../QemuFwCfgLib/QemuFwCfgLibInternal.h | 11 +++++++ OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c | 32 +++++++++++++++++++ .../Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf | 2 ++ 3 files changed, 45 insertions(+) diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLibInternal.h b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLibInternal.h index 0b77cad1c030..6f7beb6ac1c7 100644 --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLibInternal.h +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLibInternal.h @@ -59,4 +59,15 @@ InternalQemuFwCfgDmaBytes ( IN UINT32 Control ); +/** + Check if it is Tdx guest + + @retval TRUE It is Tdx guest + @retval FALSE It is not Tdx guest +**/ +BOOLEAN +QemuFwCfgIsTdxGuest ( + VOID + ); + #endif diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c index f696fb7cacaa..b8230613dcea 100644 --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c @@ -14,12 +14,30 @@ #include #include #include +#include #include "QemuFwCfgLibInternal.h" STATIC BOOLEAN mQemuFwCfgSupported = FALSE; STATIC BOOLEAN mQemuFwCfgDmaSupported; +/** + Check if it is Tdx guest + + @retval TRUE It is Tdx guest + @retval FALSE It is not Tdx guest +**/ +BOOLEAN +QemuFwCfgIsTdxGuest ( + VOID + ) +{ + CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER *CcWorkAreaHeader; + + CcWorkAreaHeader = (CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER *)FixedPcdGet32 (PcdOvmfWorkAreaBase); + return (CcWorkAreaHeader != NULL && CcWorkAreaHeader->GuestType == GUEST_TYPE_INTEL_TDX); +} + /** Returns a boolean indicating if the firmware configuration interface is available or not. @@ -81,6 +99,14 @@ QemuFwCfgInitialize ( // if (MemEncryptSevIsEnabled ()) { DEBUG ((DEBUG_INFO, "SEV: QemuFwCfg fallback to IO Port interface.\n")); + } else if (QemuFwCfgIsTdxGuest ()) { + // + // If TDX is enabled then we do not support DMA operations in PEI phase. + // This is mainly because DMA in TDX guest requires using bounce buffer + // (which need to allocate dynamic memory and allocating a PAGE size'd + // buffer can be challenge in PEI phase) + // + DEBUG ((DEBUG_INFO, "TDX: QemuFwCfg fallback to IO Port interface.\n")); } else { mQemuFwCfgDmaSupported = TRUE; DEBUG ((DEBUG_INFO, "QemuFwCfg interface (DMA) is supported.\n")); @@ -163,6 +189,12 @@ InternalQemuFwCfgDmaBytes ( // ASSERT (!MemEncryptSevIsEnabled ()); + // + // TDX does not support DMA operations in PEI stage, we should + // not have reached here. + // + ASSERT (!QemuFwCfgIsTdxGuest ()); + Access.Control = SwapBytes32 (Control); Access.Length = SwapBytes32 (Size); Access.Address = SwapBytes64 ((UINTN)Buffer); diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf index 9f9af7d03201..3910511880c9 100644 --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf @@ -43,3 +43,5 @@ MemoryAllocationLib MemEncryptSevLib +[Pcd] + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase -- 2.29.2.windows.2