From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga04.intel.com (mga04.intel.com [192.55.52.120])
 by mx.groups.io with SMTP id smtpd.web11.4554.1642901975017978470
 for <devel@edk2.groups.io>;
 Sat, 22 Jan 2022 17:39:36 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=oDQUVJt0;
 spf=pass (domain: intel.com, ip: 192.55.52.120, mailfrom: min.m.xu@intel.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1642901976; x=1674437976;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=04V95kvTMXaQ9p3G5Dn09OWTw2XWby7OAHWSe5GSpyg=;
  b=oDQUVJt0KAQUJh6HciPuZWQWf7Y2UTAXjC2ScmvgnQEE4N2VroYGCIVC
   RZrQQZ6vKKOUs1KmM/D4BxwTz5drOuc/IHnBFCa552LUnml+MWKtyOgSX
   3W2biV9JUBAnFDwC7NDSbFcWytfP75kXxvYbvsAhejUOWyGD3FoBNyR7P
   vEzV9a0wWguS0OL92uy7cGPUaoF9gm1HxSbATMQToT7kkW+eknoYYArxF
   eJh8uAGih1emtJ59L6IMuSyFDz2xccazSyNAsRRnRI64aR4kDvDs18MTz
   jM6gD6cRw9MX3Lo/8EwqG0f9eu4axDlAYN0F2HJasTlfrsvi0pFvynC0h
   w==;
X-IronPort-AV: E=McAfee;i="6200,9189,10235"; a="244686096"
X-IronPort-AV: E=Sophos;i="5.88,309,1635231600"; 
   d="scan'208";a="244686096"
Received: from orsmga005.jf.intel.com ([10.7.209.41])
  by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jan 2022 17:39:24 -0800
X-IronPort-AV: E=Sophos;i="5.88,309,1635231600"; 
   d="scan'208";a="695033265"
Received: from mxu9-mobl1.ccr.corp.intel.com ([10.255.30.84])
  by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jan 2022 17:39:22 -0800
From: "Min Xu" <min.m.xu@intel.com>
To: devel@edk2.groups.io
Cc: Min Xu <min.m.xu@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Brijesh Singh <brijesh.singh@amd.com>,
	Erdem Aktas <erdemaktas@google.com>,
	James Bottomley <jejb@linux.ibm.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Gerd Hoffmann <kraxel@redhat.com>
Subject: [PATCH V5 24/33] OvmfPkg: Update PlatformInitLib to support Tdx guest
Date: Sun, 23 Jan 2022 09:36:55 +0800
Message-Id: <4df4c77b9d0e8665867fb77b9889a4bd9e8d619d.1642899774.git.min.m.xu@intel.com>
X-Mailer: git-send-email 2.29.2.windows.2
In-Reply-To: <cover.1642899774.git.min.m.xu@intel.com>
References: <cover.1642899774.git.min.m.xu@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

In Tdx guest, the system memory is passed in TdHob by host VMM. So
the major task of PlatformTdxPublishRamRegions is to walk thru the
TdHob list and transfer the ResourceDescriptorHob and MemoryAllocationHob
to the hobs in DXE phase.

MemoryAllocationHob should also be created for Mailbox and Ovmf work area.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 OvmfPkg/Include/Library/PlatformInitLib.h     |   6 +
 OvmfPkg/Library/PlatformInitLib/IntelTdx.c    | 112 ++++++++++++++++++
 .../PlatformInitLib/PlatformInitLib.inf       |   4 +
 3 files changed, 122 insertions(+)
 create mode 100644 OvmfPkg/Library/PlatformInitLib/IntelTdx.c

diff --git a/OvmfPkg/Include/Library/PlatformInitLib.h b/OvmfPkg/Include/Library/PlatformInitLib.h
index afab76e46623..b81f5d314d53 100644
--- a/OvmfPkg/Include/Library/PlatformInitLib.h
+++ b/OvmfPkg/Include/Library/PlatformInitLib.h
@@ -246,4 +246,10 @@ PlatformAddReservedMemoryBaseSizeHob (
   IN BOOLEAN               Cacheable
   );
 
+VOID
+EFIAPI
+PlatformTdxPublishRamRegions (
+  VOID
+  );
+
 #endif // PLATFORM_INIT_LIB_H_
diff --git a/OvmfPkg/Library/PlatformInitLib/IntelTdx.c b/OvmfPkg/Library/PlatformInitLib/IntelTdx.c
new file mode 100644
index 000000000000..00c89740f2f6
--- /dev/null
+++ b/OvmfPkg/Library/PlatformInitLib/IntelTdx.c
@@ -0,0 +1,112 @@
+/** @file
+  Initialize Intel TDX support.
+
+  Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/HobLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <IndustryStandard/Tdx.h>
+#include <IndustryStandard/IntelTdx.h>
+#include <IndustryStandard/QemuFwCfg.h>
+#include <Library/QemuFwCfgLib.h>
+#include <Library/PeiServicesLib.h>
+#include <Library/TdxLib.h>
+#include <WorkArea.h>
+#include <ConfidentialComputingGuestAttr.h>
+
+/**
+  Transfer the incoming HobList for the TD to the final HobList for Dxe.
+  The Hobs transferred in this function are ResourceDescriptor hob and
+  MemoryAllocation hob.
+
+  @param[in] VmmHobList    The Hoblist pass the firmware
+
+**/
+VOID
+EFIAPI
+TransferTdxHobList (
+  VOID
+  )
+{
+  EFI_PEI_HOB_POINTERS  Hob;
+
+  //
+  // PcdOvmfSecGhcbBase is used as the TD_HOB in Tdx guest.
+  //
+  Hob.Raw = (UINT8 *)(UINTN)FixedPcdGet32 (PcdOvmfSecGhcbBase);
+  while (!END_OF_HOB_LIST (Hob)) {
+    switch (Hob.Header->HobType) {
+      case EFI_HOB_TYPE_RESOURCE_DESCRIPTOR:
+        BuildResourceDescriptorHob (
+          Hob.ResourceDescriptor->ResourceType,
+          Hob.ResourceDescriptor->ResourceAttribute,
+          Hob.ResourceDescriptor->PhysicalStart,
+          Hob.ResourceDescriptor->ResourceLength
+          );
+        break;
+      case EFI_HOB_TYPE_MEMORY_ALLOCATION:
+        BuildMemoryAllocationHob (
+          Hob.MemoryAllocation->AllocDescriptor.MemoryBaseAddress,
+          Hob.MemoryAllocation->AllocDescriptor.MemoryLength,
+          Hob.MemoryAllocation->AllocDescriptor.MemoryType
+          );
+        break;
+    }
+
+    Hob.Raw = GET_NEXT_HOB (Hob);
+  }
+}
+
+/**
+
+  Publish memory regions in Intel TDX guest.
+
+**/
+VOID
+EFIAPI
+PlatformTdxPublishRamRegions (
+  VOID
+  )
+{
+  if (!TdIsEnabled ()) {
+    return;
+  }
+
+  TransferTdxHobList ();
+
+  //
+  // The memory region defined by PcdOvmfSecGhcbBackupBase is pre-allocated by
+  // host VMM and used as the td mailbox at the beginning of system boot.
+  //
+  BuildMemoryAllocationHob (
+    FixedPcdGet32 (PcdOvmfSecGhcbBackupBase),
+    FixedPcdGet32 (PcdOvmfSecGhcbBackupSize),
+    EfiACPIMemoryNVS
+    );
+
+  if (FixedPcdGet32 (PcdOvmfWorkAreaSize) != 0) {
+    //
+    // Reserve the work area.
+    //
+    // Since this memory range will be used by the Reset Vector on S3
+    // resume, it must be reserved as ACPI NVS.
+    //
+    // If S3 is unsupported, then various drivers might still write to the
+    // work area. We ought to prevent DXE from serving allocation requests
+    // such that they would overlap the work area.
+    //
+    BuildMemoryAllocationHob (
+      (EFI_PHYSICAL_ADDRESS)(UINTN)FixedPcdGet32 (PcdOvmfWorkAreaBase),
+      (UINT64)(UINTN)FixedPcdGet32 (PcdOvmfWorkAreaSize),
+      EfiBootServicesData
+      );
+  }
+}
diff --git a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf b/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
index 060ce0f54f2b..4a3a49cd38c8 100644
--- a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
+++ b/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
@@ -26,6 +26,7 @@
   Cmos.c
   MemDetect.c
   Platform.c
+  IntelTdx.c
 
 [Packages]
   EmbeddedPkg/EmbeddedPkg.dec
@@ -49,6 +50,9 @@
   MtrrLib
   PcdLib
 
+[LibraryClasses.X64]
+  TdxLib
+
 [FixedPcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidSize
-- 
2.29.2.windows.2