From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com [40.107.92.77]) by mx.groups.io with SMTP id smtpd.web11.19369.1650121724327970587 for ; Sat, 16 Apr 2022 08:08:44 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=i8TZ07QU; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.92.77, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=E2D/jxgSX+bAtytNWz777OLJNTEDXcV5DPcUy9pC0Ti2KqGMdnWGl3VBSS1T/YCi/yt1WlShFxRuwNM2hwCYPkGpCXJCpFjrH8KcowsZ/FjG0okpVB8MlKTWk6GRpICtqcVZRubqvbFhSS2NsI8WwHN0/1NW4YrUzD4a/68/tWsAHl3z1T2ZdXFxXtalTvlZPp6FNYNoPcCU7vF40Gr57L6KAbU7zSH8UUjt1uSOpnG4iKiUqhAzeUDfQ8s5U5m7TWXPzMXxzITdH8NZGJBitR408qSDWgFoxEwMypgfg4TP/EGPb5ctleyZ/uUNM0eOmn0ypPvpvYK3yJkKS8Hobg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Y7DrGr9B5Us+wvSrYVsdTFk7Qixx7kS5kQ6x223lqTQ=; b=VXcLps5I1hcGpbEtfr/taxMzDmytYOZV+zjcGTBsHAX1dOP1jX7RtwXR98FpwrywjwZ6zq3lEEH0fQr3tlWa7bbDcWm2YmZFhsBqQyK79YJ0R6eKFujqrXApgua32MEphrQiIdHOetoUeIpN8Ec9QjydvhnMb/Se/14khUUVQGlCB05+whhVbfE8v3TgaKLV89nX+KLSnfA5+iFqoj6N1wtgAisotcJ0o4EMreMWjhk5mwo87FjS4DU6cBn2Gle3RI4aYkxpoFMYKN91/aWhGy/X3z7J5Hp163D/4CPPL+9eOEbsAIzYfqvx5U5g4cNXGRfgdzOaUhDSbwOwMzyd1A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Y7DrGr9B5Us+wvSrYVsdTFk7Qixx7kS5kQ6x223lqTQ=; b=i8TZ07QUFm6h34NptGe20z8ywbaFSm08X9mksppWOQW53QfIAggLOleiL5RG70qxSe/ixv1k57skMzXFpMz7Dm79sDELEb9h/NPBGEHyYUXzNnHmvH1xxpKlDUbO/OLjYMHx53NhadWAw6zn/6CQbEIna6y5bDOqjmKtUn1VcGI= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by DM6PR12MB3177.namprd12.prod.outlook.com (2603:10b6:5:187::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5144.29; Sat, 16 Apr 2022 15:08:40 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::781d:15d6:8f63:a4e7]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::781d:15d6:8f63:a4e7%5]) with mapi id 15.20.5164.020; Sat, 16 Apr 2022 15:08:38 +0000 Message-ID: <8310fb45-f3be-73c3-d914-7ae6ae89d0e1@amd.com> Date: Sat, 16 Apr 2022 10:08:35 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 To: "Xu, Min M" , "devel@edk2.groups.io" Cc: Ard Biesheuvel , "Justen, Jordan L" , Brijesh Singh , "Aktas, Erdem" , James Bottomley , "Yao, Jiewen" , Gerd Hoffmann References: <4c3aa6915fe7aac06940bea0f9bc5fdd3c539121.1648555175.git.min.m.xu@intel.com> <5832e647-63d5-6bbe-4daa-f2f5591a7324@amd.com> From: "Lendacky, Thomas" Subject: Re: [edk2-devel] [PATCH V12 42/47] OvmfPkg: Add TdxDxe driver In-Reply-To: X-ClientProxiedBy: SN4PR0501CA0049.namprd05.prod.outlook.com (2603:10b6:803:41::26) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: Thomas.Lendacky@amd.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b2d1de37-d9a2-4b3b-114d-08da1fbafc05 X-MS-TrafficTypeDiagnostic: DM6PR12MB3177:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: mO7XzPwKh4IoarMwyHy7Lo8zAw0vBgVI4nYdMRm29lqOmlGqpX7QkfSG85jw3o6BHbjWE7eqpfXKFgq8262o7PLAHfz7qzbBSLeo3VIn7r16KPG2PwT4gvG8EXgjG4rlzAtI8AZK0lIpZvVYJkkJ7bsF1htcgvTInd7wUwBVTXJxQJ4k/pEFhyxVpD+CsiawDPBmPXPGTg8gIqI3bTok/5xhsamDyYnKVz7LwPKN0WOLUuAC6Dpu6UUIjtcKnryB3BCSKviubRnvU1PCO6WuPdizkuwPOF99EhcSUirQq8KseiNzhuR1m2oID69TonEUVg7kXh+B/W/pygDt/NONfEwIkp3KHHB6vC2I1lspeD9loIHZHzHE0VJRr9rB9TWto9vMN7RzktZU3HV+cP5ORhs0zOqXGBtKEe29/1RGZaoabsvtKT4zBjKEsXSHcaS6hC6+s3tnHO7TDZNzBXEswH1ABDdh5wuX/3jJyA3H+7glWXa/n9qHHLBar1Vf2HY+aMembSGd2vEkteYApHz/f6MhSZiWF0ESLPP1IEiry9FMrjYlELextGm1YERxznIWyNg4gx3nL4NSYBB4u7hjnVCJJCbO2u2uApNTCGLrFglAldt+pLBhhIHAraid/eIkzcqDSSXvO8tpZs3xmU7uxyNdFFNEidNOqQRyCkRqh5MFjGRMnmm9xxRpCBt6d+PqLZw5L/caCqwpjoDajWTwNKPlufMmu6BTz3bQbcOYm0o= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(4636009)(366004)(84040400005)(5660300002)(6506007)(38100700002)(6486002)(508600001)(4326008)(66946007)(8676002)(66476007)(66556008)(2906002)(53546011)(31696002)(186003)(26005)(86362001)(2616005)(6666004)(6512007)(36756003)(316002)(54906003)(8936002)(110136005)(31686004)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?TktMcWNQNG16TDJ3czFJT2Q2Wko2Y2Y1NnZlcmtMOFB5WFRzQkM4TmRZaWxK?= =?utf-8?B?eUIzeDJWOG9hOVhKRENkbUxiQUM2T3REUmtVOG1FMExlY1hBNXRZeHZ2ME13?= =?utf-8?B?bnJtakJhZDRoQ1B2aU0wZGJSNVZuQ3Vpd1BVVzBGcXRiV3BrSEh2dmhtWGNJ?= =?utf-8?B?TlhQalVSYkQ0NVl2U3B4SWdNNVZwa0s1NjZ2NXpZV0NubjJTOTlaYnFnNTkv?= =?utf-8?B?YWwwUEdDNW81S3BBT09KNVdRWi9YTFFmWnh5a2FKU1hlUlk0Ump1K1haNGtt?= =?utf-8?B?SEZ2eFM4ZCtnNFhUOVJoalYwWTJMTllZeEZ4cVFseHNzekJZYjVKSkxDcitu?= =?utf-8?B?Tkk5dzlqWHdqQlhTejdKL3VMNk4zUzFpQ0dFQVgxdzBwNFZlWk9WaEdhYXhY?= =?utf-8?B?RUQ1UVovZHlBdUIrYlhNSkh2dUd0YWpCMTU2M0dyMjF3N2ltVVh4MUI2Y1lm?= =?utf-8?B?T1dPV3RtamczcUcvbzZsYzlqdjdUVVBjK0VaQjg4dkFQZUwvVFREOTBZOE9a?= =?utf-8?B?blhlVSt4ZUlaeDR1VXRFQ0hoaUQ0Rkhaa2hjbThmZU5WSEcxVjVZOFM1bVhv?= =?utf-8?B?a1E4QTdVbXNtNDk3UUR6SnIrdkNyWmZuaU9aU2pHbHJNeEg1WkF0VDE1Q2Yx?= =?utf-8?B?bEdYdHQrZ0Z0djRJdVdHRmVvSGdiaG9RSm9LK1c1OVpuRmQyYk5tQnFkVm13?= =?utf-8?B?LzRtNmx1d0FKOFZlMVZpTE8zbGFUYTl1bWs4a0QyNXdGRGRRZ0FUMC9IREV6?= =?utf-8?B?d0E0blg0cmpCTDgxNlNGVS9sQkhwaVV3NXdBaDlmTS94S1IzOXRqRkFBRUdQ?= =?utf-8?B?UTVjc1VHUmMyMjIrQUxySVZPb216aXlDTS9Id2xPc0I4UzV4TjB6bmtrZHQr?= =?utf-8?B?azR4dEJhTGpJeVhueGRrYXBqOUk1dHdDczJRdVRyNFNLeVc1eXI3MGFTYjRH?= =?utf-8?B?SjJTOTMvR3A3WGlqNTBNTDM3TGRnMjdEdFJhMU9UcXBGd1E4R0lHckdGaStr?= =?utf-8?B?MjJzaVp6U2t0K2J0bzZhTkdROHpxTFVQZ1U2WnlOVDQ5NHVhaWNvV0JLNVY5?= =?utf-8?B?MmllcVlycmFCMVMxQ0MyMnlhbWc3a0xiTmZhbDh0aUFsVFA1WE0wU3VDUFc2?= =?utf-8?B?djN1YzdNRTJTOGVaMWhwK0NPbThLWHJvNVRLUjJ5aU1PMUpXbGNZUFZBMGp5?= =?utf-8?B?MHBZbW9MT1dHdUtKWFFJOGdRUjdHQ1lNTXNmeHNxd0FIUnNCdkVZam1jeEhX?= =?utf-8?B?OEZQb0lNbDBsZVphSmozai9VRER0VXJwOWJFbDFsTXhzVXk1aXZIUlBRN1Iv?= =?utf-8?B?Rk9jdk0xWlk5UGtaWTE0ZG90T0d5dmY4ZXJ5MjAwRlFldTh0NkwrVVFKUlJm?= =?utf-8?B?N3EzWC9pOStrNE14UDlrRDlpSWVtVTZ3RHhQTGNkcUV2TVdJbjdoVG44ZnN6?= =?utf-8?B?ZnJUTENSbmJKNHQ1S0J0eHlFUXRaNUg5VktPYkNOVXMxcVZreGlybmFEL0s3?= =?utf-8?B?aitqU01qaGQxc1J1RWU3QjhpYVVwME9TQ0JkUmJiUHA1M3ZNcW0rcjNWUnF5?= =?utf-8?B?QW1XaGVhRExGT2VJZTZTeGJIeUVTWVFuUmdlNzh5YUlUb2JQTjR0MkJ0RG9m?= =?utf-8?B?K2syb0FuV0ExYmVvMUJBK1MxRUZ0SGliNTZMblIwNlJWQTFnenFUUGFpd2Q2?= =?utf-8?B?RElzZmh1TzU5N0o4VytTMG80YUZPTmNuUDAwZlJ1cHNhU2hPUUdhOU9NdWI1?= =?utf-8?B?MXNYY25oelgrVmNENk5JYml6UGRzQ0NsY0hMZzVkd1hjcVRXalQvMTByWXdO?= =?utf-8?B?Q21VMXJGSFMrWEp5dVd6bXc3T1RqK3pVemQvMHBtOGRLemJLcUt6ZEFpZVQy?= =?utf-8?B?VEJVWHJBKzdEeVZCN1FvTkpNdGZ4UGVPY3BCQW5HeVU4RzFIWHZHR1RvRjFS?= =?utf-8?B?c2thbUwyRVQ3VTVtd2g0ZDNEOWZWK0doci9lSUNQUTcrN2NWZDNyMExDQlhL?= =?utf-8?B?Qndmbm5vcHE0VEVNUWpPaThCMjkvUzlwZE9laUNZMHBwcEhDMStTWTIxbFBi?= =?utf-8?B?V0VaYjFZWE15MGp5QWxXNGVuMkN3Q3VKY1ArcHJpaHRoUXdFLzJBQ1JUYmY4?= =?utf-8?B?bmh2VUc5QjdYbFdGemZRVXBJWDFqY215ang2YmxYS1Jxdkw1WkRhMVZ0djhv?= =?utf-8?B?Rk9uZFJJRFhqUnkxd3FZMnRDNkNDdXF6dTBxeitRVDZCNW16SmFNenNVb1o1?= =?utf-8?B?cWlSa1RMZ0RDMldZbU4vTlNaVGV1aG9BaWFHbVpIQzg5cTZLV1YwSk1vZ3l3?= =?utf-8?B?VjR1UU96ZTRvaS9leHZ5SDRINnZPVzZ4bTFUNERKRHlBV1JFTnFMdz09?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: b2d1de37-d9a2-4b3b-114d-08da1fbafc05 X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Apr 2022 15:08:37.9696 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 7MP2Fr6XEeLmbZ5v0KszIjGWbCkPIsP/6YuUQpGLiBldJd8a7iiRxN2pwJPsTbt5wQKOKoMLV5Mp9SUn5yok2A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3177 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 4/15/22 20:57, Xu, Min M wrote: > On April 16, 2022 4:52 AM, Lendacky, Thomas wrote: >> >> Unfortunately, this driver also breaks SEV-ES. I bypassed the TDX code in the >> SEC library, but then hit an issue because this driver is loaded before the >> AmdSevDxe driver. The AmdSevDxe driver performs a >> MemEncryptSevClearMmioPageEncMask() call against the >> PcdPciExpressBaseAddress range to mark it shared/unencrypted. However, >> the TdxDxe driver is loaded before the AmdSevDxe driver, and it appears the >> dependencies result in an MMIO being performed to an address in the >> PcdPciExpressBaseAddress range. Since the range has not been marked >> shared/unencrypted, the #VC handler terminates the guest for trying to do >> MMIO to an encrypted region. >> > I carefully check the code TdxDxeEntryPoint@TdxDxe.c. > If the working guest is NOT td guest, before it returns, it just does below: > 1. check if the GuidHob exists > 2. Set PcdOvmfHostBridgePciDevId with the information in the GuidHob > > SetMmioSharedBit() is called if the working guest is Td guest. So if it is sev guest, SetMmioSharedBit will not be called. > > I don't have a SEV-ES in hand. Can you help to add some debug information in TdxDxe to see what the last code before the exception is triggered? I don't think it is anything in your code, I think it is another library that is being loaded based on dependencies. I put a DEBUG statement at the start of TdxDxeEntryPoint() and never see the output before the crash. > > BTW, have you tried to load AmdSev.inf before TdxDxe.inf? I tried it in my TDX guest and it works fine. Yes, moving AmdSevDxe.inf ahead of TdxDxe.inf does fix this issue. Do you want to submit the patch or do you want me to? Thanks, Tom > > Thanks > Min