From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by groups.io with SMTP; Wed, 02 Oct 2019 05:31:06 -0700 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id AC38A2CE955; Wed, 2 Oct 2019 12:31:05 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-71.rdu2.redhat.com [10.10.120.71]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9B1D41001B22; Wed, 2 Oct 2019 12:31:03 +0000 (UTC) Subject: Re: [edk2-devel] [RFC PATCH v2 18/44] OvmfPkg/Sec: Enable cache early to speed up booting To: devel@edk2.groups.io, thomas.lendacky@amd.com Cc: Jordan Justen , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" References: <4d83b7925ad4f808774f442a2a969cc1daf377fe.1568922729.git.thomas.lendacky@amd.com> From: "Laszlo Ersek" Message-ID: <875a462c-fa9e-97d8-5391-59d586c0426b@redhat.com> Date: Wed, 2 Oct 2019 14:31:02 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <4d83b7925ad4f808774f442a2a969cc1daf377fe.1568922729.git.thomas.lendacky@amd.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Wed, 02 Oct 2019 12:31:05 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 09/19/19 21:52, Lendacky, Thomas wrote: > From: Tom Lendacky > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 > > Currently, the OVMF code relies on the hypervisor to enable the cache > support on the processor in order to improve the boot speed. However, > with SEV-ES, the hypervisor is not allowed to change the CR0 register > to enable caching. > > Update the OVMF Sec support to enable caching in order to improve the > boot speed when running as an SEV-ES guest. > > Cc: Jordan Justen > Cc: Laszlo Ersek > Cc: Ard Biesheuvel > Signed-off-by: Tom Lendacky > --- > OvmfPkg/Sec/SecMain.inf | 1 + > OvmfPkg/Sec/SecMain.c | 10 ++++++++++ > 2 files changed, 11 insertions(+) > > diff --git a/OvmfPkg/Sec/SecMain.inf b/OvmfPkg/Sec/SecMain.inf > index 7f53845f5436..fdf00e5d8be3 100644 > --- a/OvmfPkg/Sec/SecMain.inf > +++ b/OvmfPkg/Sec/SecMain.inf > @@ -51,6 +51,7 @@ [LibraryClasses] > ExtractGuidedSectionLib > LocalApicLib > CpuExceptionHandlerLib > + MemEncryptSevLib > > [Ppis] > gEfiTemporaryRamSupportPpiGuid # PPI ALWAYS_PRODUCED > diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c > index 7f1dfb2e57c1..20716d484ab0 100644 > --- a/OvmfPkg/Sec/SecMain.c > +++ b/OvmfPkg/Sec/SecMain.c > @@ -25,6 +25,7 @@ > #include > #include > #include > +#include > > #include > > @@ -755,6 +756,15 @@ SecCoreStartupWithStack ( > > ProcessLibraryConstructorList (NULL, NULL); > > + // > + // Under SEV-ES, the hypervisor can't modify CR0 and so can't enable > + // caching in order to speed up the boot. Enable caching early for > + // an SEV-ES guest. > + // > + if (MemEncryptSevEsIsEnabled()) { > + AsmEnableCache (); > + } > + > DEBUG ((EFI_D_INFO, > "SecCoreStartupWithStack(0x%x, 0x%x)\n", > (UINT32)(UINTN)BootFv, > Please see under patch#16; IMO, we should open-code the CPUID+RDMSR sequence here. Thanks, Laszlo