[edk2-devel] [PATCH v2 00/10] OvmfPkg/ResetVector: cleanup and add 5-level paging support.

[edk2-devel] [PATCH v2 00/10] OvmfPkg/ResetVector: cleanup and add 5-level paging support.

[Gerd Hoffmann]

So I ran with the suggestion by Laszlo to move the page table setup into
macros and untangle the non-CoCo / TDX / SEV code paths.  The first five
patches of the series are doing that (without functional changes).

Support for 5-level paging is added by the following five patches.  This
way it is indeed easier to understand.  Additional bonus is that the
patches can be splitted into smaller pieces and 5-level paging for the
three cases (non-CoCo / TDX / SEC) can be enabled independently.

The SEV patches (#9 + #10) are included here for completeness, but it is
probably a good idea to merge them only after 5-level paging support was
added to BaseMemEncryptSevLib.  This way we can turn on 5-level paging
support without breaking SEV.

v2 changes:
 - remove SetCr3La57 label, use Enable5LevelPaging macro instead.
 - turn GetSevCBitMaskAbove31 into a macro.
 - comment fixes.

Gerd Hoffmann (10):
  OvmfPkg/ResetVector: improve page table flag names
  OvmfPkg/ResetVector: add ClearOvmfPageTables macro
  OvmfPkg/ResetVector: add CreatePageTables4Level macro
  OvmfPkg/ResetVector: split TDX BSP workflow
  OvmfPkg/ResetVector: split SEV and non-CoCo workflows
  OvmfPkg/ResetVector: add 5-level paging support
  OvmfPkg/ResetVector: print post codes for 4/5 level paging
  OvmfPkg/ResetVector: wire up 5-level paging for TDX
  OvmfPkg/ResetVector: leave SEV VC handler installed longer
  OvmfPkg/ResetVector: wire up 5-level paging for SEV

 OvmfPkg/ResetVector/ResetVector.inf       |   1 +
 OvmfPkg/ResetVector/Ia32/AmdSev.asm       |  40 ++-
 OvmfPkg/ResetVector/Ia32/IntelTdx.asm     |  17 +-
 OvmfPkg/ResetVector/Ia32/PageTables64.asm | 299 +++++++++++++++++-----
 OvmfPkg/ResetVector/Main.asm              |   4 +
 OvmfPkg/ResetVector/ResetVector.nasmb     |   5 +-
 6 files changed, 272 insertions(+), 94 deletions(-)

-- 
2.44.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116215): https://edk2.groups.io/g/devel/message/116215
Mute This Topic: https://groups.io/mt/104660109/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 01/10] OvmfPkg/ResetVector: improve page table flag names

[Gerd Hoffmann]

Add comments, rename some of the PAGE_* flags and combined attributes.
Specifically use "LARGEPAGE" instead of "2M" because that bit is used
for both 2M and 1G large pages.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
 OvmfPkg/ResetVector/Ia32/PageTables64.asm | 39 +++++++++++++----------
 1 file changed, 22 insertions(+), 17 deletions(-)

diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
index 317cad430f29..6fec6f2beeea 100644
--- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
+++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
@@ -10,6 +10,7 @@
 
 BITS    32
 
+; common for all levels
 %define PAGE_PRESENT            0x01
 %define PAGE_READ_WRITE         0x02
 %define PAGE_USER_SUPERVISOR    0x04
@@ -17,25 +18,29 @@ BITS    32
 %define PAGE_CACHE_DISABLE     0x010
 %define PAGE_ACCESSED          0x020
 %define PAGE_DIRTY             0x040
-%define PAGE_PAT               0x080
 %define PAGE_GLOBAL           0x0100
-%define PAGE_2M_MBO            0x080
-%define PAGE_2M_PAT          0x01000
+
+; page table entries (level 1)
+%define PAGE_PTE_PAT           0x080
+
+; page directory entries (level 2+)
+%define PAGE_PDE_LARGEPAGE     0x080
+%define PAGE_PDE_PAT         0x01000
 
 %define PAGE_4K_PDE_ATTR (PAGE_ACCESSED + \
                           PAGE_DIRTY + \
                           PAGE_READ_WRITE + \
                           PAGE_PRESENT)
 
-%define PAGE_2M_PDE_ATTR (PAGE_2M_MBO + \
-                          PAGE_ACCESSED + \
-                          PAGE_DIRTY + \
-                          PAGE_READ_WRITE + \
-                          PAGE_PRESENT)
+%define PAGE_PDE_LARGEPAGE_ATTR (PAGE_PDE_LARGEPAGE + \
+                                 PAGE_ACCESSED + \
+                                 PAGE_DIRTY + \
+                                 PAGE_READ_WRITE + \
+                                 PAGE_PRESENT)
 
-%define PAGE_PDP_ATTR (PAGE_ACCESSED + \
-                       PAGE_READ_WRITE + \
-                       PAGE_PRESENT)
+%define PAGE_PDE_DIRECTORY_ATTR (PAGE_ACCESSED + \
+                                 PAGE_READ_WRITE + \
+                                 PAGE_PRESENT)
 
 %define TDX_BSP         1
 %define TDX_AP          2
@@ -84,19 +89,19 @@ clearPageTablesMemoryLoop:
     ;
     ; Top level Page Directory Pointers (1 * 512GB entry)
     ;
-    mov     dword[PT_ADDR (0)], PT_ADDR (0x1000) + PAGE_PDP_ATTR
+    mov     dword[PT_ADDR (0)], PT_ADDR (0x1000) + PAGE_PDE_DIRECTORY_ATTR
     mov     dword[PT_ADDR (4)], edx
 
     ;
     ; Next level Page Directory Pointers (4 * 1GB entries => 4GB)
     ;
-    mov     dword[PT_ADDR (0x1000)], PT_ADDR (0x2000) + PAGE_PDP_ATTR
+    mov     dword[PT_ADDR (0x1000)], PT_ADDR (0x2000) + PAGE_PDE_DIRECTORY_ATTR
     mov     dword[PT_ADDR (0x1004)], edx
-    mov     dword[PT_ADDR (0x1008)], PT_ADDR (0x3000) + PAGE_PDP_ATTR
+    mov     dword[PT_ADDR (0x1008)], PT_ADDR (0x3000) + PAGE_PDE_DIRECTORY_ATTR
     mov     dword[PT_ADDR (0x100C)], edx
-    mov     dword[PT_ADDR (0x1010)], PT_ADDR (0x4000) + PAGE_PDP_ATTR
+    mov     dword[PT_ADDR (0x1010)], PT_ADDR (0x4000) + PAGE_PDE_DIRECTORY_ATTR
     mov     dword[PT_ADDR (0x1014)], edx
-    mov     dword[PT_ADDR (0x1018)], PT_ADDR (0x5000) + PAGE_PDP_ATTR
+    mov     dword[PT_ADDR (0x1018)], PT_ADDR (0x5000) + PAGE_PDE_DIRECTORY_ATTR
     mov     dword[PT_ADDR (0x101C)], edx
 
     ;
@@ -107,7 +112,7 @@ pageTableEntriesLoop:
     mov     eax, ecx
     dec     eax
     shl     eax, 21
-    add     eax, PAGE_2M_PDE_ATTR
+    add     eax, PAGE_PDE_LARGEPAGE_ATTR
     mov     [ecx * 8 + PT_ADDR (0x2000 - 8)], eax
     mov     [(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], edx
     loop    pageTableEntriesLoop
-- 
2.44.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116213): https://edk2.groups.io/g/devel/message/116213
Mute This Topic: https://groups.io/mt/104660107/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 02/10] OvmfPkg/ResetVector: add ClearOvmfPageTables macro

[Gerd Hoffmann]

Move code to clear the page tables to a nasm macro.
No functional change.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
 OvmfPkg/ResetVector/Ia32/PageTables64.asm | 35 ++++++++++++-----------
 1 file changed, 19 insertions(+), 16 deletions(-)

diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
index 6fec6f2beeea..378ba2feeb4f 100644
--- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
+++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
@@ -45,6 +45,24 @@ BITS    32
 %define TDX_BSP         1
 %define TDX_AP          2
 
+;
+; For OVMF, build some initial page tables at
+; PcdOvmfSecPageTablesBase - (PcdOvmfSecPageTablesBase + 0x6000).
+;
+; This range should match with PcdOvmfSecPageTablesSize which is
+; declared in the FDF files.
+;
+; At the end of PEI, the pages tables will be rebuilt into a
+; more permanent location by DxeIpl.
+;
+%macro ClearOvmfPageTables 0
+    mov     ecx, 6 * 0x1000 / 4
+    xor     eax, eax
+.clearPageTablesMemoryLoop:
+    mov     dword[ecx * 4 + PT_ADDR (0) - 4], eax
+    loop    .clearPageTablesMemoryLoop
+%endmacro
+
 ;
 ; Modified:  EAX, EBX, ECX, EDX
 ;
@@ -69,22 +87,7 @@ SetCr3ForPageTables64:
     OneTimeCall   GetSevCBitMaskAbove31
 
 ClearOvmfPageTables:
-    ;
-    ; For OVMF, build some initial page tables at
-    ; PcdOvmfSecPageTablesBase - (PcdOvmfSecPageTablesBase + 0x6000).
-    ;
-    ; This range should match with PcdOvmfSecPageTablesSize which is
-    ; declared in the FDF files.
-    ;
-    ; At the end of PEI, the pages tables will be rebuilt into a
-    ; more permanent location by DxeIpl.
-    ;
-
-    mov     ecx, 6 * 0x1000 / 4
-    xor     eax, eax
-clearPageTablesMemoryLoop:
-    mov     dword[ecx * 4 + PT_ADDR (0) - 4], eax
-    loop    clearPageTablesMemoryLoop
+    ClearOvmfPageTables
 
     ;
     ; Top level Page Directory Pointers (1 * 512GB entry)
-- 
2.44.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116216): https://edk2.groups.io/g/devel/message/116216
Mute This Topic: https://groups.io/mt/104660110/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 03/10] OvmfPkg/ResetVector: add CreatePageTables4Level macro

[Gerd Hoffmann]

Move code to create 4-level page tables to a nasm macro.
No functional change.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
 OvmfPkg/ResetVector/Ia32/PageTables64.asm | 70 +++++++++++++----------
 1 file changed, 39 insertions(+), 31 deletions(-)

diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
index 378ba2feeb4f..14cc2c33aa3d 100644
--- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
+++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
@@ -63,6 +63,44 @@ BITS    32
     loop    .clearPageTablesMemoryLoop
 %endmacro
 
+;
+; Create page tables for 4-level paging
+;
+; Argument: upper 32 bits of the page table entries
+;
+%macro CreatePageTables4Level 1
+    ;
+    ; Top level Page Directory Pointers (1 * 512GB entry)
+    ;
+    mov     dword[PT_ADDR (0)], PT_ADDR (0x1000) + PAGE_PDE_DIRECTORY_ATTR
+    mov     dword[PT_ADDR (4)], %1
+
+    ;
+    ; Next level Page Directory Pointers (4 * 1GB entries => 4GB)
+    ;
+    mov     dword[PT_ADDR (0x1000)], PT_ADDR (0x2000) + PAGE_PDE_DIRECTORY_ATTR
+    mov     dword[PT_ADDR (0x1004)], %1
+    mov     dword[PT_ADDR (0x1008)], PT_ADDR (0x3000) + PAGE_PDE_DIRECTORY_ATTR
+    mov     dword[PT_ADDR (0x100C)], %1
+    mov     dword[PT_ADDR (0x1010)], PT_ADDR (0x4000) + PAGE_PDE_DIRECTORY_ATTR
+    mov     dword[PT_ADDR (0x1014)], %1
+    mov     dword[PT_ADDR (0x1018)], PT_ADDR (0x5000) + PAGE_PDE_DIRECTORY_ATTR
+    mov     dword[PT_ADDR (0x101C)], %1
+
+    ;
+    ; Page Table Entries (2048 * 2MB entries => 4GB)
+    ;
+    mov     ecx, 0x800
+.pageTableEntriesLoop4Level:
+    mov     eax, ecx
+    dec     eax
+    shl     eax, 21
+    add     eax, PAGE_PDE_LARGEPAGE_ATTR
+    mov     dword[ecx * 8 + PT_ADDR (0x2000 - 8)], eax
+    mov     dword[(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], %1
+    loop    .pageTableEntriesLoop4Level
+%endmacro
+
 ;
 ; Modified:  EAX, EBX, ECX, EDX
 ;
@@ -88,37 +126,7 @@ SetCr3ForPageTables64:
 
 ClearOvmfPageTables:
     ClearOvmfPageTables
-
-    ;
-    ; Top level Page Directory Pointers (1 * 512GB entry)
-    ;
-    mov     dword[PT_ADDR (0)], PT_ADDR (0x1000) + PAGE_PDE_DIRECTORY_ATTR
-    mov     dword[PT_ADDR (4)], edx
-
-    ;
-    ; Next level Page Directory Pointers (4 * 1GB entries => 4GB)
-    ;
-    mov     dword[PT_ADDR (0x1000)], PT_ADDR (0x2000) + PAGE_PDE_DIRECTORY_ATTR
-    mov     dword[PT_ADDR (0x1004)], edx
-    mov     dword[PT_ADDR (0x1008)], PT_ADDR (0x3000) + PAGE_PDE_DIRECTORY_ATTR
-    mov     dword[PT_ADDR (0x100C)], edx
-    mov     dword[PT_ADDR (0x1010)], PT_ADDR (0x4000) + PAGE_PDE_DIRECTORY_ATTR
-    mov     dword[PT_ADDR (0x1014)], edx
-    mov     dword[PT_ADDR (0x1018)], PT_ADDR (0x5000) + PAGE_PDE_DIRECTORY_ATTR
-    mov     dword[PT_ADDR (0x101C)], edx
-
-    ;
-    ; Page Table Entries (2048 * 2MB entries => 4GB)
-    ;
-    mov     ecx, 0x800
-pageTableEntriesLoop:
-    mov     eax, ecx
-    dec     eax
-    shl     eax, 21
-    add     eax, PAGE_PDE_LARGEPAGE_ATTR
-    mov     [ecx * 8 + PT_ADDR (0x2000 - 8)], eax
-    mov     [(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], edx
-    loop    pageTableEntriesLoop
+    CreatePageTables4Level edx
 
     ; Clear the C-bit from the GHCB page if the SEV-ES is enabled.
     OneTimeCall   SevClearPageEncMaskForGhcbPage
-- 
2.44.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116214): https://edk2.groups.io/g/devel/message/116214
Mute This Topic: https://groups.io/mt/104660108/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 04/10] OvmfPkg/ResetVector: split TDX BSP workflow

[Gerd Hoffmann]

Create a separate control flow for TDX BSP.

TdxPostBuildPageTables will now only be called when running in TDX
mode, so the TDX check in that function is not needed any more.

No functional change.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
 OvmfPkg/ResetVector/Ia32/IntelTdx.asm     |  4 ----
 OvmfPkg/ResetVector/Ia32/PageTables64.asm | 15 ++++++++++-----
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/OvmfPkg/ResetVector/Ia32/IntelTdx.asm b/OvmfPkg/ResetVector/Ia32/IntelTdx.asm
index 06794baef81d..c6b86019dfb9 100644
--- a/OvmfPkg/ResetVector/Ia32/IntelTdx.asm
+++ b/OvmfPkg/ResetVector/Ia32/IntelTdx.asm
@@ -197,11 +197,7 @@ NotTdx:
 ; Set byte[TDX_WORK_AREA_PGTBL_READY] to 1
 ;
 TdxPostBuildPageTables:
-    cmp     byte[WORK_AREA_GUEST_TYPE], VM_GUEST_TDX
-    jne     ExitTdxPostBuildPageTables
     mov     byte[TDX_WORK_AREA_PGTBL_READY], 1
-
-ExitTdxPostBuildPageTables:
     OneTimeCallRet TdxPostBuildPageTables
 
 ;
diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
index 14cc2c33aa3d..166e80293c89 100644
--- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
+++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
@@ -112,7 +112,7 @@ SetCr3ForPageTables64:
     ; is set.
     OneTimeCall   CheckTdxFeaturesBeforeBuildPagetables
     cmp       eax, TDX_BSP
-    je        ClearOvmfPageTables
+    je        TdxBspInit
     cmp       eax, TDX_AP
     je        SetCr3
 
@@ -124,16 +124,21 @@ SetCr3ForPageTables64:
     ; the page table build below.
     OneTimeCall   GetSevCBitMaskAbove31
 
-ClearOvmfPageTables:
     ClearOvmfPageTables
     CreatePageTables4Level edx
 
     ; Clear the C-bit from the GHCB page if the SEV-ES is enabled.
     OneTimeCall   SevClearPageEncMaskForGhcbPage
+    jmp SetCr3
 
-    ; TDX will do some PostBuildPages task, such as setting
-    ; byte[TDX_WORK_AREA_PGTBL_READY].
-    OneTimeCall   TdxPostBuildPageTables
+TdxBspInit:
+    ;
+    ; TDX BSP workflow
+    ;
+    ClearOvmfPageTables
+    CreatePageTables4Level 0
+    OneTimeCall TdxPostBuildPageTables
+    jmp SetCr3
 
 SetCr3:
     ;
-- 
2.44.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116217): https://edk2.groups.io/g/devel/message/116217
Mute This Topic: https://groups.io/mt/104660111/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 05/10] OvmfPkg/ResetVector: split SEV and non-CoCo workflows

[Gerd Hoffmann]

Use separate control flows for SEV and non-CoCo cases.

SevClearPageEncMaskForGhcbPage and GetSevCBitMaskAbove31 will now only
be called when running in SEV mode, so the SEV check in these functions
is not needed any more.

No functional change.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
 OvmfPkg/ResetVector/Ia32/AmdSev.asm       | 14 +-------------
 OvmfPkg/ResetVector/Ia32/PageTables64.asm | 17 ++++++++++++++---
 2 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
index 043c88a7abbe..23e4c5ebbe92 100644
--- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
+++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
@@ -154,10 +154,6 @@ SevEsUnexpectedRespTerminate:
 
 ; If SEV-ES is enabled then initialize and make the GHCB page shared
 SevClearPageEncMaskForGhcbPage:
-    ; Check if SEV is enabled
-    cmp       byte[WORK_AREA_GUEST_TYPE], 1
-    jnz       SevClearPageEncMaskForGhcbPageExit
-
     ; Check if SEV-ES is enabled
     mov       ecx, 1
     bt        [SEV_ES_WORK_AREA_STATUS_MSR], ecx
@@ -195,20 +191,12 @@ pageTableEntries4kLoop:
 SevClearPageEncMaskForGhcbPageExit:
     OneTimeCallRet SevClearPageEncMaskForGhcbPage
 
-; Check if SEV is enabled, and get the C-bit mask above 31.
+; Get the C-bit mask above 31.
 ; Modified: EDX
 ;
 ; The value is returned in the EDX
 GetSevCBitMaskAbove31:
-    xor       edx, edx
-
-    ; Check if SEV is enabled
-    cmp       byte[WORK_AREA_GUEST_TYPE], 1
-    jnz       GetSevCBitMaskAbove31Exit
-
     mov       edx, dword[SEV_ES_WORK_AREA_ENC_MASK + 4]
-
-GetSevCBitMaskAbove31Exit:
     OneTimeCallRet GetSevCBitMaskAbove31
 
 %endif
diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
index 166e80293c89..84a7b4efc019 100644
--- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
+++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
@@ -118,15 +118,26 @@ SetCr3ForPageTables64:
 
     ; Check whether the SEV is active and populate the SevEsWorkArea
     OneTimeCall   CheckSevFeatures
+    cmp       byte[WORK_AREA_GUEST_TYPE], 1
+    jz        SevInit
 
+    ;
+    ; normal (non-CoCo) workflow
+    ;
+    ClearOvmfPageTables
+    CreatePageTables4Level 0
+    jmp SetCr3
+
+SevInit:
+    ;
+    ; SEV workflow
+    ;
+    ClearOvmfPageTables
     ; If SEV is enabled, the C-bit position is always above 31.
     ; The mask will be saved in the EDX and applied during the
     ; the page table build below.
     OneTimeCall   GetSevCBitMaskAbove31
-
-    ClearOvmfPageTables
     CreatePageTables4Level edx
-
     ; Clear the C-bit from the GHCB page if the SEV-ES is enabled.
     OneTimeCall   SevClearPageEncMaskForGhcbPage
     jmp SetCr3
-- 
2.44.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116218): https://edk2.groups.io/g/devel/message/116218
Mute This Topic: https://groups.io/mt/104660112/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 06/10] OvmfPkg/ResetVector: add 5-level paging support

[Gerd Hoffmann]

Add macros to check for 5-level paging and gigabyte page support.
Enable 5-level paging for the non-confidential-computing case.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 OvmfPkg/ResetVector/ResetVector.inf       |   1 +
 OvmfPkg/ResetVector/Ia32/PageTables64.asm | 100 ++++++++++++++++++++++
 OvmfPkg/ResetVector/ResetVector.nasmb     |   1 +
 3 files changed, 102 insertions(+)

diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/ResetVector.inf
index a4154ca90c28..65f71b05a02e 100644
--- a/OvmfPkg/ResetVector/ResetVector.inf
+++ b/OvmfPkg/ResetVector/ResetVector.inf
@@ -64,3 +64,4 @@ [FixedPcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize
+  gEfiMdeModulePkgTokenSpaceGuid.PcdUse5LevelPageTable
diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
index 84a7b4efc019..2d7fd523e4b1 100644
--- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
+++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
@@ -101,6 +101,97 @@ BITS    32
     loop    .pageTableEntriesLoop4Level
 %endmacro
 
+;
+; Check whenever 5-level paging can be used
+;
+; Argument: jump label for 4-level paging
+;
+%macro Check5LevelPaging 1
+    ; check for cpuid leaf 0x07
+    mov     eax, 0x00
+    cpuid
+    cmp     eax, 0x07
+    jb      %1
+
+    ; check for la57 (aka 5-level paging)
+    mov     eax, 0x07
+    mov     ecx, 0x00
+    cpuid
+    bt      ecx, 16
+    jnc     %1
+
+    ; check for cpuid leaf 0x80000001
+    mov     eax, 0x80000000
+    cpuid
+    cmp     eax, 0x80000001
+    jb      %1
+
+    ; check for 1g pages
+    mov     eax, 0x80000001
+    cpuid
+    bt      edx, 26
+    jnc     %1
+%endmacro
+
+;
+; Create page tables for 5-level paging with gigabyte pages
+;
+; Argument: upper 32 bits of the page table entries
+;
+; We have 6 pages available for the early page tables,
+; we use four of them:
+;    PT_ADDR(0)      - level 5 directory
+;    PT_ADDR(0x1000) - level 4 directory
+;    PT_ADDR(0x2000) - level 2 directory (0 -> 1GB)
+;    PT_ADDR(0x3000) - level 3 directory
+;
+; The level 2 directory for the first gigabyte has the same
+; physical address in both 4-level and 5-level paging mode,
+; SevClearPageEncMaskForGhcbPage depends on this.
+;
+; The 1 GB -> 4 GB range is mapped using 1G pages in the
+; level 3 directory.
+;
+%macro CreatePageTables5Level 1
+    ; level 5
+    mov     dword[PT_ADDR (0)], PT_ADDR (0x1000) + PAGE_PDE_DIRECTORY_ATTR
+    mov     dword[PT_ADDR (4)], %1
+
+    ; level 4
+    mov     dword[PT_ADDR (0x1000)], PT_ADDR (0x3000) + PAGE_PDE_DIRECTORY_ATTR
+    mov     dword[PT_ADDR (0x1004)], %1
+
+    ; level 3 (1x -> level 2, 3x 1GB)
+    mov     dword[PT_ADDR (0x3000)], PT_ADDR (0x2000) + PAGE_PDE_DIRECTORY_ATTR
+    mov     dword[PT_ADDR (0x3004)], %1
+    mov     dword[PT_ADDR (0x3008)], (1 << 30) + PAGE_PDE_LARGEPAGE_ATTR
+    mov     dword[PT_ADDR (0x300c)], %1
+    mov     dword[PT_ADDR (0x3010)], (2 << 30) + PAGE_PDE_LARGEPAGE_ATTR
+    mov     dword[PT_ADDR (0x3014)], %1
+    mov     dword[PT_ADDR (0x3018)], (3 << 30) + PAGE_PDE_LARGEPAGE_ATTR
+    mov     dword[PT_ADDR (0x301c)], %1
+
+    ;
+    ; level 2 (512 * 2MB entries => 1GB)
+    ;
+    mov     ecx, 0x200
+.pageTableEntriesLoop5Level:
+    mov     eax, ecx
+    dec     eax
+    shl     eax, 21
+    add     eax, PAGE_PDE_LARGEPAGE_ATTR
+    mov     dword[ecx * 8 + PT_ADDR (0x2000 - 8)], eax
+    mov     dword[(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], %1
+    loop    .pageTableEntriesLoop5Level
+%endmacro
+
+%macro Enable5LevelPaging 0
+    ; set la57 bit in cr4
+    mov     eax, cr4
+    bts     eax, 12
+    mov     cr4, eax
+%endmacro
+
 ;
 ; Modified:  EAX, EBX, ECX, EDX
 ;
@@ -125,6 +216,13 @@ SetCr3ForPageTables64:
     ; normal (non-CoCo) workflow
     ;
     ClearOvmfPageTables
+%if PG_5_LEVEL
+    Check5LevelPaging Paging4Level
+    CreatePageTables5Level 0
+    Enable5LevelPaging
+    jmp SetCr3
+Paging4Level:
+%endif
     CreatePageTables4Level 0
     jmp SetCr3
 
@@ -152,6 +250,8 @@ TdxBspInit:
     jmp SetCr3
 
 SetCr3:
+    ;
+    ; common workflow
     ;
     ; Set CR3 now that the paging structures are available
     ;
diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/ResetVector.nasmb
index 366a70fb9992..2bd80149e58b 100644
--- a/OvmfPkg/ResetVector/ResetVector.nasmb
+++ b/OvmfPkg/ResetVector/ResetVector.nasmb
@@ -53,6 +53,7 @@
 
 %define WORK_AREA_GUEST_TYPE          (FixedPcdGet32 (PcdOvmfWorkAreaBase))
 %define PT_ADDR(Offset)               (FixedPcdGet32 (PcdOvmfSecPageTablesBase) + (Offset))
+%define PG_5_LEVEL                    (FixedPcdGetBool (PcdUse5LevelPageTable))
 
 %define GHCB_PT_ADDR                  (FixedPcdGet32 (PcdOvmfSecGhcbPageTableBase))
 %define GHCB_BASE                     (FixedPcdGet32 (PcdOvmfSecGhcbBase))
-- 
2.44.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116220): https://edk2.groups.io/g/devel/message/116220
Mute This Topic: https://groups.io/mt/104660114/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 07/10] OvmfPkg/ResetVector: print post codes for 4/5 level paging

[Gerd Hoffmann]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
 OvmfPkg/ResetVector/Ia32/PageTables64.asm | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
index 2d7fd523e4b1..e15945da0476 100644
--- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
+++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
@@ -69,6 +69,10 @@ BITS    32
 ; Argument: upper 32 bits of the page table entries
 ;
 %macro CreatePageTables4Level 1
+
+    ; indicate 4-level paging
+    debugShowPostCode 0x41
+
     ;
     ; Top level Page Directory Pointers (1 * 512GB entry)
     ;
@@ -153,6 +157,10 @@ BITS    32
 ; level 3 directory.
 ;
 %macro CreatePageTables5Level 1
+
+    ; indicate 5-level paging
+    debugShowPostCode 0x51
+
     ; level 5
     mov     dword[PT_ADDR (0)], PT_ADDR (0x1000) + PAGE_PDE_DIRECTORY_ATTR
     mov     dword[PT_ADDR (4)], %1
-- 
2.44.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116219): https://edk2.groups.io/g/devel/message/116219
Mute This Topic: https://groups.io/mt/104660113/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 08/10] OvmfPkg/ResetVector: wire up 5-level paging for TDX

[Gerd Hoffmann]

BSP workflow is quite simliar to the non-coco case.

TDX_WORK_AREA_PGTBL_READY is used to record the paging mode:
  1 == 4-level paging
  2 == 5-level paging

APs will look at TDX_WORK_AREA_PGTBL_READY to figure whenever
they should enable 5-level paging or not.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 OvmfPkg/ResetVector/Ia32/IntelTdx.asm     | 13 ++++++++++++-
 OvmfPkg/ResetVector/Ia32/PageTables64.asm | 16 ++++++++++++++++
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/ResetVector/Ia32/IntelTdx.asm b/OvmfPkg/ResetVector/Ia32/IntelTdx.asm
index c6b86019dfb9..7d775591a05b 100644
--- a/OvmfPkg/ResetVector/Ia32/IntelTdx.asm
+++ b/OvmfPkg/ResetVector/Ia32/IntelTdx.asm
@@ -179,7 +179,7 @@ InitTdx:
 ;
 ; Modified:  EAX, EDX
 ;
-; 0-NonTdx, 1-TdxBsp, 2-TdxAps
+; 0-NonTdx, 1-TdxBsp, 2-TdxAps, 3-TdxAps5Level
 ;
 CheckTdxFeaturesBeforeBuildPagetables:
     xor     eax, eax
@@ -200,6 +200,17 @@ TdxPostBuildPageTables:
     mov     byte[TDX_WORK_AREA_PGTBL_READY], 1
     OneTimeCallRet TdxPostBuildPageTables
 
+%if PG_5_LEVEL
+
+;
+; Set byte[TDX_WORK_AREA_PGTBL_READY] to 2
+;
+TdxPostBuildPageTables5Level:
+    mov     byte[TDX_WORK_AREA_PGTBL_READY], 2
+    OneTimeCallRet TdxPostBuildPageTables5Level
+
+%endif
+
 ;
 ; Check if TDX is enabled
 ;
diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
index e15945da0476..b922c845f297 100644
--- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
+++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
@@ -44,6 +44,7 @@ BITS    32
 
 %define TDX_BSP         1
 %define TDX_AP          2
+%define TDX_AP_5_LEVEL  3
 
 ;
 ; For OVMF, build some initial page tables at
@@ -214,7 +215,14 @@ SetCr3ForPageTables64:
     je        TdxBspInit
     cmp       eax, TDX_AP
     je        SetCr3
+%if PG_5_LEVEL
+    cmp       eax, TDX_AP_5_LEVEL
+    jne       CheckForSev
+    Enable5LevelPaging
+    jmp       SetCr3
+%endif
 
+CheckForSev:
     ; Check whether the SEV is active and populate the SevEsWorkArea
     OneTimeCall   CheckSevFeatures
     cmp       byte[WORK_AREA_GUEST_TYPE], 1
@@ -253,6 +261,14 @@ TdxBspInit:
     ; TDX BSP workflow
     ;
     ClearOvmfPageTables
+%if PG_5_LEVEL
+    Check5LevelPaging Tdx4Level
+    CreatePageTables5Level 0
+    OneTimeCall TdxPostBuildPageTables5Level
+    Enable5LevelPaging
+    jmp SetCr3
+Tdx4Level:
+%endif
     CreatePageTables4Level 0
     OneTimeCall TdxPostBuildPageTables
     jmp SetCr3
-- 
2.44.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116222): https://edk2.groups.io/g/devel/message/116222
Mute This Topic: https://groups.io/mt/104660117/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 09/10] OvmfPkg/ResetVector: leave SEV VC handler installed longer

[Gerd Hoffmann]

When running in SEV mode keep the VC handler installed.
Add a function to uninstall it later.

This allows using the cpuid instruction in SetCr3ForPageTables64,
which is needed to check for la57 & 1G page support.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 OvmfPkg/ResetVector/Ia32/AmdSev.asm       | 12 ++++++++++--
 OvmfPkg/ResetVector/Ia32/PageTables64.asm |  1 +
 OvmfPkg/ResetVector/Main.asm              |  4 ++++
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
index 23e4c5ebbe92..cbb86871636f 100644
--- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
+++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
@@ -320,9 +320,9 @@ NoSevEsVcHlt:
 NoSevPass:
     xor       eax, eax
 
-SevExit:
     ;
-    ; Clear exception handlers and stack
+    ; When NOT running in SEV mode: clear exception handlers and stack here.
+    ; Otherwise: SevClearVcHandlerAndStack must be called later.
     ;
     push      eax
     mov       eax, ADDR_OF(IdtrClear)
@@ -330,8 +330,16 @@ SevExit:
     pop       eax
     mov       esp, 0
 
+SevExit:
     OneTimeCallRet CheckSevFeatures
 
+SevClearVcHandlerAndStack:
+    ; Clear exception handlers and stack
+    mov       eax, ADDR_OF(IdtrClear)
+    lidt      [cs:eax]
+    mov       esp, 0
+    OneTimeCallRet SevClearVcHandlerAndStack
+
 ; Start of #VC exception handling routines
 ;
 
diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
index b922c845f297..29ce155eed8d 100644
--- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
+++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
@@ -254,6 +254,7 @@ SevInit:
     CreatePageTables4Level edx
     ; Clear the C-bit from the GHCB page if the SEV-ES is enabled.
     OneTimeCall   SevClearPageEncMaskForGhcbPage
+    OneTimeCall   SevClearVcHandlerAndStack
     jmp SetCr3
 
 TdxBspInit:
diff --git a/OvmfPkg/ResetVector/Main.asm b/OvmfPkg/ResetVector/Main.asm
index 46cfa87c4c0a..88b25db3bc9e 100644
--- a/OvmfPkg/ResetVector/Main.asm
+++ b/OvmfPkg/ResetVector/Main.asm
@@ -80,7 +80,11 @@ SearchBfv:
     ; Set the OVMF/SEV work area as appropriate.
     ;
     OneTimeCall CheckSevFeatures
+    cmp         byte[WORK_AREA_GUEST_TYPE], 1
+    jnz         NoSevIa32
+    OneTimeCall SevClearVcHandlerAndStack
 
+NoSevIa32:
     ;
     ; Restore initial EAX value into the EAX register
     ;
-- 
2.44.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116221): https://edk2.groups.io/g/devel/message/116221
Mute This Topic: https://groups.io/mt/104660115/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 10/10] OvmfPkg/ResetVector: wire up 5-level paging for SEV

[Gerd Hoffmann]

Turn the GetSevCBitMaskAbove31 OneTimeCall into a macro because we
need that twice (for 4-level and 5-level paging).  Change include
order to allow AmdSev.asm macros being used in PageTables64.asm.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 OvmfPkg/ResetVector/Ia32/AmdSev.asm       | 16 ++++++++--------
 OvmfPkg/ResetVector/Ia32/PageTables64.asm | 14 +++++++++++++-
 OvmfPkg/ResetVector/ResetVector.nasmb     |  4 ++--
 3 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
index cbb86871636f..c577f5572f04 100644
--- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
+++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
@@ -146,6 +146,14 @@ BITS    32
     jmp     %%TerminateHlt
 %endmacro
 
+; Get the C-bit mask above 31.
+; Modified: EDX
+;
+; The value is returned in the EDX
+%macro GetSevCBitMaskAbove31 0
+    mov edx, dword[SEV_ES_WORK_AREA_ENC_MASK + 4]
+%endmacro
+
 ; Terminate the guest due to unexpected response code.
 SevEsUnexpectedRespTerminate:
     TerminateVmgExit    TERM_UNEXPECTED_RESP_CODE
@@ -191,14 +199,6 @@ pageTableEntries4kLoop:
 SevClearPageEncMaskForGhcbPageExit:
     OneTimeCallRet SevClearPageEncMaskForGhcbPage
 
-; Get the C-bit mask above 31.
-; Modified: EDX
-;
-; The value is returned in the EDX
-GetSevCBitMaskAbove31:
-    mov       edx, dword[SEV_ES_WORK_AREA_ENC_MASK + 4]
-    OneTimeCallRet GetSevCBitMaskAbove31
-
 %endif
 
 ; Check if Secure Encrypted Virtualization (SEV) features are enabled.
diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
index 29ce155eed8d..92d134441abe 100644
--- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
+++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
@@ -247,11 +247,23 @@ SevInit:
     ; SEV workflow
     ;
     ClearOvmfPageTables
+%if PG_5_LEVEL
+    Check5LevelPaging Sev4Level
     ; If SEV is enabled, the C-bit position is always above 31.
     ; The mask will be saved in the EDX and applied during the
     ; the page table build below.
-    OneTimeCall   GetSevCBitMaskAbove31
+    GetSevCBitMaskAbove31
+    CreatePageTables5Level edx
+    Enable5LevelPaging
+    jmp SevCommon
+Sev4Level:
+%endif
+    ; If SEV is enabled, the C-bit position is always above 31.
+    ; The mask will be saved in the EDX and applied during the
+    ; the page table build below.
+    GetSevCBitMaskAbove31
     CreatePageTables4Level edx
+SevCommon:
     ; Clear the C-bit from the GHCB page if the SEV-ES is enabled.
     OneTimeCall   SevClearPageEncMaskForGhcbPage
     OneTimeCall   SevClearVcHandlerAndStack
diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/ResetVector.nasmb
index 2bd80149e58b..ba83bc7b3124 100644
--- a/OvmfPkg/ResetVector/ResetVector.nasmb
+++ b/OvmfPkg/ResetVector/ResetVector.nasmb
@@ -92,6 +92,8 @@
 %define SNP_SEC_MEM_BASE_DESC_3       (CPUID_BASE + CPUID_SIZE + SEV_SNP_KERNEL_HASHES_SIZE)
 %define SNP_SEC_MEM_SIZE_DESC_3       (FixedPcdGet32 (PcdOvmfPeiMemFvBase) - SNP_SEC_MEM_BASE_DESC_3)
 
+%include "Ia32/AmdSev.asm"
+
 %ifdef ARCH_X64
   #include <AutoGen.h>
 
@@ -144,8 +146,6 @@
   %include "X64/OvmfSevMetadata.asm"
 %endif
 
-%include "Ia32/AmdSev.asm"
-
 %include "Ia16/Real16ToFlat32.asm"
 %include "Ia16/Init16.asm"
 
-- 
2.44.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116223): https://edk2.groups.io/g/devel/message/116223
Mute This Topic: https://groups.io/mt/104660118/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 06/10] OvmfPkg/ResetVector: add 5-level paging support

[Laszlo Ersek]

On 3/1/24 08:43, Gerd Hoffmann wrote:
> Add macros to check for 5-level paging and gigabyte page support.
> Enable 5-level paging for the non-confidential-computing case.
> 
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> ---
>  OvmfPkg/ResetVector/ResetVector.inf       |   1 +
>  OvmfPkg/ResetVector/Ia32/PageTables64.asm | 100 ++++++++++++++++++++++
>  OvmfPkg/ResetVector/ResetVector.nasmb     |   1 +
>  3 files changed, 102 insertions(+)
> 
> diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/ResetVector.inf
> index a4154ca90c28..65f71b05a02e 100644
> --- a/OvmfPkg/ResetVector/ResetVector.inf
> +++ b/OvmfPkg/ResetVector/ResetVector.inf
> @@ -64,3 +64,4 @@ [FixedPcd]
>    gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize
>    gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase
>    gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdUse5LevelPageTable
> diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
> index 84a7b4efc019..2d7fd523e4b1 100644
> --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
> +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
> @@ -101,6 +101,97 @@ BITS    32
>      loop    .pageTableEntriesLoop4Level
>  %endmacro
>  
> +;
> +; Check whenever 5-level paging can be used
> +;
> +; Argument: jump label for 4-level paging
> +;
> +%macro Check5LevelPaging 1
> +    ; check for cpuid leaf 0x07
> +    mov     eax, 0x00
> +    cpuid
> +    cmp     eax, 0x07
> +    jb      %1
> +
> +    ; check for la57 (aka 5-level paging)
> +    mov     eax, 0x07
> +    mov     ecx, 0x00
> +    cpuid
> +    bt      ecx, 16
> +    jnc     %1
> +
> +    ; check for cpuid leaf 0x80000001
> +    mov     eax, 0x80000000
> +    cpuid
> +    cmp     eax, 0x80000001
> +    jb      %1
> +
> +    ; check for 1g pages
> +    mov     eax, 0x80000001
> +    cpuid
> +    bt      edx, 26
> +    jnc     %1
> +%endmacro
> +
> +;
> +; Create page tables for 5-level paging with gigabyte pages
> +;
> +; Argument: upper 32 bits of the page table entries
> +;
> +; We have 6 pages available for the early page tables,
> +; we use four of them:
> +;    PT_ADDR(0)      - level 5 directory
> +;    PT_ADDR(0x1000) - level 4 directory
> +;    PT_ADDR(0x2000) - level 2 directory (0 -> 1GB)
> +;    PT_ADDR(0x3000) - level 3 directory
> +;
> +; The level 2 directory for the first gigabyte has the same
> +; physical address in both 4-level and 5-level paging mode,
> +; SevClearPageEncMaskForGhcbPage depends on this.
> +;
> +; The 1 GB -> 4 GB range is mapped using 1G pages in the
> +; level 3 directory.
> +;
> +%macro CreatePageTables5Level 1
> +    ; level 5
> +    mov     dword[PT_ADDR (0)], PT_ADDR (0x1000) + PAGE_PDE_DIRECTORY_ATTR
> +    mov     dword[PT_ADDR (4)], %1
> +
> +    ; level 4
> +    mov     dword[PT_ADDR (0x1000)], PT_ADDR (0x3000) + PAGE_PDE_DIRECTORY_ATTR
> +    mov     dword[PT_ADDR (0x1004)], %1
> +
> +    ; level 3 (1x -> level 2, 3x 1GB)
> +    mov     dword[PT_ADDR (0x3000)], PT_ADDR (0x2000) + PAGE_PDE_DIRECTORY_ATTR
> +    mov     dword[PT_ADDR (0x3004)], %1
> +    mov     dword[PT_ADDR (0x3008)], (1 << 30) + PAGE_PDE_LARGEPAGE_ATTR
> +    mov     dword[PT_ADDR (0x300c)], %1
> +    mov     dword[PT_ADDR (0x3010)], (2 << 30) + PAGE_PDE_LARGEPAGE_ATTR
> +    mov     dword[PT_ADDR (0x3014)], %1
> +    mov     dword[PT_ADDR (0x3018)], (3 << 30) + PAGE_PDE_LARGEPAGE_ATTR
> +    mov     dword[PT_ADDR (0x301c)], %1
> +
> +    ;
> +    ; level 2 (512 * 2MB entries => 1GB)
> +    ;
> +    mov     ecx, 0x200
> +.pageTableEntriesLoop5Level:
> +    mov     eax, ecx
> +    dec     eax
> +    shl     eax, 21
> +    add     eax, PAGE_PDE_LARGEPAGE_ATTR
> +    mov     dword[ecx * 8 + PT_ADDR (0x2000 - 8)], eax
> +    mov     dword[(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], %1
> +    loop    .pageTableEntriesLoop5Level
> +%endmacro
> +
> +%macro Enable5LevelPaging 0
> +    ; set la57 bit in cr4
> +    mov     eax, cr4
> +    bts     eax, 12
> +    mov     cr4, eax
> +%endmacro
> +
>  ;
>  ; Modified:  EAX, EBX, ECX, EDX
>  ;
> @@ -125,6 +216,13 @@ SetCr3ForPageTables64:
>      ; normal (non-CoCo) workflow
>      ;
>      ClearOvmfPageTables
> +%if PG_5_LEVEL
> +    Check5LevelPaging Paging4Level
> +    CreatePageTables5Level 0
> +    Enable5LevelPaging
> +    jmp SetCr3
> +Paging4Level:
> +%endif
>      CreatePageTables4Level 0
>      jmp SetCr3
>  
> @@ -152,6 +250,8 @@ TdxBspInit:
>      jmp SetCr3
>  
>  SetCr3:
> +    ;
> +    ; common workflow
>      ;
>      ; Set CR3 now that the paging structures are available
>      ;

Nice touch, moving the "common workflow" comment here!

Reviewed-by: Laszlo Ersek <lersek@redhat.com>


> diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/ResetVector.nasmb
> index 366a70fb9992..2bd80149e58b 100644
> --- a/OvmfPkg/ResetVector/ResetVector.nasmb
> +++ b/OvmfPkg/ResetVector/ResetVector.nasmb
> @@ -53,6 +53,7 @@
>  
>  %define WORK_AREA_GUEST_TYPE          (FixedPcdGet32 (PcdOvmfWorkAreaBase))
>  %define PT_ADDR(Offset)               (FixedPcdGet32 (PcdOvmfSecPageTablesBase) + (Offset))
> +%define PG_5_LEVEL                    (FixedPcdGetBool (PcdUse5LevelPageTable))
>  
>  %define GHCB_PT_ADDR                  (FixedPcdGet32 (PcdOvmfSecGhcbPageTableBase))
>  %define GHCB_BASE                     (FixedPcdGet32 (PcdOvmfSecGhcbBase))



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116245): https://edk2.groups.io/g/devel/message/116245
Mute This Topic: https://groups.io/mt/104660114/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 08/10] OvmfPkg/ResetVector: wire up 5-level paging for TDX

[Laszlo Ersek]

On 3/1/24 08:44, Gerd Hoffmann wrote:
> BSP workflow is quite simliar to the non-coco case.
> 
> TDX_WORK_AREA_PGTBL_READY is used to record the paging mode:
>   1 == 4-level paging
>   2 == 5-level paging
> 
> APs will look at TDX_WORK_AREA_PGTBL_READY to figure whenever
> they should enable 5-level paging or not.
> 
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> ---
>  OvmfPkg/ResetVector/Ia32/IntelTdx.asm     | 13 ++++++++++++-
>  OvmfPkg/ResetVector/Ia32/PageTables64.asm | 16 ++++++++++++++++
>  2 files changed, 28 insertions(+), 1 deletion(-)
> 
> diff --git a/OvmfPkg/ResetVector/Ia32/IntelTdx.asm b/OvmfPkg/ResetVector/Ia32/IntelTdx.asm
> index c6b86019dfb9..7d775591a05b 100644
> --- a/OvmfPkg/ResetVector/Ia32/IntelTdx.asm
> +++ b/OvmfPkg/ResetVector/Ia32/IntelTdx.asm
> @@ -179,7 +179,7 @@ InitTdx:
>  ;
>  ; Modified:  EAX, EDX
>  ;
> -; 0-NonTdx, 1-TdxBsp, 2-TdxAps
> +; 0-NonTdx, 1-TdxBsp, 2-TdxAps, 3-TdxAps5Level
>  ;
>  CheckTdxFeaturesBeforeBuildPagetables:
>      xor     eax, eax
> @@ -200,6 +200,17 @@ TdxPostBuildPageTables:
>      mov     byte[TDX_WORK_AREA_PGTBL_READY], 1
>      OneTimeCallRet TdxPostBuildPageTables
>  
> +%if PG_5_LEVEL
> +
> +;
> +; Set byte[TDX_WORK_AREA_PGTBL_READY] to 2
> +;
> +TdxPostBuildPageTables5Level:
> +    mov     byte[TDX_WORK_AREA_PGTBL_READY], 2
> +    OneTimeCallRet TdxPostBuildPageTables5Level
> +
> +%endif
> +
>  ;
>  ; Check if TDX is enabled
>  ;
> diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
> index e15945da0476..b922c845f297 100644
> --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
> +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
> @@ -44,6 +44,7 @@ BITS    32
>  
>  %define TDX_BSP         1
>  %define TDX_AP          2
> +%define TDX_AP_5_LEVEL  3
>  
>  ;
>  ; For OVMF, build some initial page tables at
> @@ -214,7 +215,14 @@ SetCr3ForPageTables64:
>      je        TdxBspInit
>      cmp       eax, TDX_AP
>      je        SetCr3
> +%if PG_5_LEVEL
> +    cmp       eax, TDX_AP_5_LEVEL
> +    jne       CheckForSev
> +    Enable5LevelPaging
> +    jmp       SetCr3
> +%endif
>  
> +CheckForSev:
>      ; Check whether the SEV is active and populate the SevEsWorkArea
>      OneTimeCall   CheckSevFeatures
>      cmp       byte[WORK_AREA_GUEST_TYPE], 1

Minor nit: we don't neet the "CheckForSev:" jump label at all if
PG_5_LEVEL is absent, so the "CheckForSev:" label definition should
still be in the "%if PG_5_LEVEL" scope.

(My proposal under v1 patch#6 was:

%if PG_5_LEVEL
    cmp       eax, TDX_AP_5_LEVEL
    jne       CheckForSev
    Enable5LevelPaging
    jmp       SetCr3
CheckForSev:
%endif

)

Did you place the "CheckForSev:" label intentionally outside of the %if
scope? If it was intentional, then I'm OK with it.

If it was unintended / an oversight, then next question: do you want me
to move the label into the %if's scope for you, upon merge? Or do you
like it better as written in your patch, after all?

Reviewed-by: Laszlo Ersek <lersek@redhat.com>

Thanks
Laszlo




> @@ -253,6 +261,14 @@ TdxBspInit:
>      ; TDX BSP workflow
>      ;
>      ClearOvmfPageTables
> +%if PG_5_LEVEL
> +    Check5LevelPaging Tdx4Level
> +    CreatePageTables5Level 0
> +    OneTimeCall TdxPostBuildPageTables5Level
> +    Enable5LevelPaging
> +    jmp SetCr3
> +Tdx4Level:
> +%endif
>      CreatePageTables4Level 0
>      OneTimeCall TdxPostBuildPageTables
>      jmp SetCr3



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116248): https://edk2.groups.io/g/devel/message/116248
Mute This Topic: https://groups.io/mt/104660117/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 09/10] OvmfPkg/ResetVector: leave SEV VC handler installed longer

[Laszlo Ersek]

On 3/1/24 08:44, Gerd Hoffmann wrote:
> When running in SEV mode keep the VC handler installed.
> Add a function to uninstall it later.
> 
> This allows using the cpuid instruction in SetCr3ForPageTables64,
> which is needed to check for la57 & 1G page support.
> 
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> ---
>  OvmfPkg/ResetVector/Ia32/AmdSev.asm       | 12 ++++++++++--
>  OvmfPkg/ResetVector/Ia32/PageTables64.asm |  1 +
>  OvmfPkg/ResetVector/Main.asm              |  4 ++++
>  3 files changed, 15 insertions(+), 2 deletions(-)
> 
> diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
> index 23e4c5ebbe92..cbb86871636f 100644
> --- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
> +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
> @@ -320,9 +320,9 @@ NoSevEsVcHlt:
>  NoSevPass:
>      xor       eax, eax
>  
> -SevExit:
>      ;
> -    ; Clear exception handlers and stack
> +    ; When NOT running in SEV mode: clear exception handlers and stack here.
> +    ; Otherwise: SevClearVcHandlerAndStack must be called later.
>      ;
>      push      eax
>      mov       eax, ADDR_OF(IdtrClear)
> @@ -330,8 +330,16 @@ SevExit:
>      pop       eax
>      mov       esp, 0
>  
> +SevExit:
>      OneTimeCallRet CheckSevFeatures
>  
> +SevClearVcHandlerAndStack:
> +    ; Clear exception handlers and stack
> +    mov       eax, ADDR_OF(IdtrClear)
> +    lidt      [cs:eax]
> +    mov       esp, 0
> +    OneTimeCallRet SevClearVcHandlerAndStack
> +
>  ; Start of #VC exception handling routines
>  ;
>  
> diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
> index b922c845f297..29ce155eed8d 100644
> --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
> +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
> @@ -254,6 +254,7 @@ SevInit:
>      CreatePageTables4Level edx
>      ; Clear the C-bit from the GHCB page if the SEV-ES is enabled.
>      OneTimeCall   SevClearPageEncMaskForGhcbPage
> +    OneTimeCall   SevClearVcHandlerAndStack
>      jmp SetCr3
>  
>  TdxBspInit:
> diff --git a/OvmfPkg/ResetVector/Main.asm b/OvmfPkg/ResetVector/Main.asm
> index 46cfa87c4c0a..88b25db3bc9e 100644
> --- a/OvmfPkg/ResetVector/Main.asm
> +++ b/OvmfPkg/ResetVector/Main.asm
> @@ -80,7 +80,11 @@ SearchBfv:
>      ; Set the OVMF/SEV work area as appropriate.
>      ;
>      OneTimeCall CheckSevFeatures
> +    cmp         byte[WORK_AREA_GUEST_TYPE], 1
> +    jnz         NoSevIa32
> +    OneTimeCall SevClearVcHandlerAndStack
>  
> +NoSevIa32:
>      ;
>      ; Restore initial EAX value into the EAX register
>      ;

Did you miss Tom's review under v1?

https://edk2.groups.io/g/devel/message/116176

The patch is identical to its v1 counterpart, which should not be a
problem in itself (Tom mentioned a small, *optional*, simplification,
IIUC); however, I don't understand why you didn't pick up Tom's R-b.

I'm ready to merge this (adding Tom's R-b, if you, Gerd, confirm that
that's what you want).

Having deferred to Tom's judgement on this:

Acked-by: Laszlo Ersek <lersek@redhat.com>



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116250): https://edk2.groups.io/g/devel/message/116250
Mute This Topic: https://groups.io/mt/104660115/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 10/10] OvmfPkg/ResetVector: wire up 5-level paging for SEV

[Laszlo Ersek]

On 3/1/24 08:44, Gerd Hoffmann wrote:
> Turn the GetSevCBitMaskAbove31 OneTimeCall into a macro because we
> need that twice (for 4-level and 5-level paging).  Change include
> order to allow AmdSev.asm macros being used in PageTables64.asm.

I *think* the include order change will not only make the macros
visible, but also rearrange how the code (the binary instructions) are
laid out in the reset vector -- however, that should not be a problem.

Reviewed-by: Laszlo Ersek <lersek@redhat.com>


> 
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> ---
>  OvmfPkg/ResetVector/Ia32/AmdSev.asm       | 16 ++++++++--------
>  OvmfPkg/ResetVector/Ia32/PageTables64.asm | 14 +++++++++++++-
>  OvmfPkg/ResetVector/ResetVector.nasmb     |  4 ++--
>  3 files changed, 23 insertions(+), 11 deletions(-)
> 
> diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
> index cbb86871636f..c577f5572f04 100644
> --- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
> +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
> @@ -146,6 +146,14 @@ BITS    32
>      jmp     %%TerminateHlt
>  %endmacro
>  
> +; Get the C-bit mask above 31.
> +; Modified: EDX
> +;
> +; The value is returned in the EDX
> +%macro GetSevCBitMaskAbove31 0
> +    mov edx, dword[SEV_ES_WORK_AREA_ENC_MASK + 4]
> +%endmacro
> +
>  ; Terminate the guest due to unexpected response code.
>  SevEsUnexpectedRespTerminate:
>      TerminateVmgExit    TERM_UNEXPECTED_RESP_CODE
> @@ -191,14 +199,6 @@ pageTableEntries4kLoop:
>  SevClearPageEncMaskForGhcbPageExit:
>      OneTimeCallRet SevClearPageEncMaskForGhcbPage
>  
> -; Get the C-bit mask above 31.
> -; Modified: EDX
> -;
> -; The value is returned in the EDX
> -GetSevCBitMaskAbove31:
> -    mov       edx, dword[SEV_ES_WORK_AREA_ENC_MASK + 4]
> -    OneTimeCallRet GetSevCBitMaskAbove31
> -
>  %endif
>  
>  ; Check if Secure Encrypted Virtualization (SEV) features are enabled.
> diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
> index 29ce155eed8d..92d134441abe 100644
> --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
> +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
> @@ -247,11 +247,23 @@ SevInit:
>      ; SEV workflow
>      ;
>      ClearOvmfPageTables
> +%if PG_5_LEVEL
> +    Check5LevelPaging Sev4Level
>      ; If SEV is enabled, the C-bit position is always above 31.
>      ; The mask will be saved in the EDX and applied during the
>      ; the page table build below.
> -    OneTimeCall   GetSevCBitMaskAbove31
> +    GetSevCBitMaskAbove31
> +    CreatePageTables5Level edx
> +    Enable5LevelPaging
> +    jmp SevCommon
> +Sev4Level:
> +%endif
> +    ; If SEV is enabled, the C-bit position is always above 31.
> +    ; The mask will be saved in the EDX and applied during the
> +    ; the page table build below.
> +    GetSevCBitMaskAbove31
>      CreatePageTables4Level edx
> +SevCommon:
>      ; Clear the C-bit from the GHCB page if the SEV-ES is enabled.
>      OneTimeCall   SevClearPageEncMaskForGhcbPage
>      OneTimeCall   SevClearVcHandlerAndStack
> diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/ResetVector.nasmb
> index 2bd80149e58b..ba83bc7b3124 100644
> --- a/OvmfPkg/ResetVector/ResetVector.nasmb
> +++ b/OvmfPkg/ResetVector/ResetVector.nasmb
> @@ -92,6 +92,8 @@
>  %define SNP_SEC_MEM_BASE_DESC_3       (CPUID_BASE + CPUID_SIZE + SEV_SNP_KERNEL_HASHES_SIZE)
>  %define SNP_SEC_MEM_SIZE_DESC_3       (FixedPcdGet32 (PcdOvmfPeiMemFvBase) - SNP_SEC_MEM_BASE_DESC_3)
>  
> +%include "Ia32/AmdSev.asm"
> +
>  %ifdef ARCH_X64
>    #include <AutoGen.h>
>  
> @@ -144,8 +146,6 @@
>    %include "X64/OvmfSevMetadata.asm"
>  %endif
>  
> -%include "Ia32/AmdSev.asm"
> -
>  %include "Ia16/Real16ToFlat32.asm"
>  %include "Ia16/Init16.asm"
>  



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116251): https://edk2.groups.io/g/devel/message/116251
Mute This Topic: https://groups.io/mt/104660118/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 08/10] OvmfPkg/ResetVector: wire up 5-level paging for TDX

[Gerd Hoffmann]

  Hi,

> Did you place the "CheckForSev:" label intentionally outside of the %if
> scope? If it was intentional, then I'm OK with it.
> 
> If it was unintended / an oversight, then next question: do you want me
> to move the label into the %if's scope for you, upon merge? Or do you
> like it better as written in your patch, after all?

I've placed it at the start of the SEV block without realizing that we
don't need it in the first place when compiling without 5-level support.

Moving it is fine with me.

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116258): https://edk2.groups.io/g/devel/message/116258
Mute This Topic: https://groups.io/mt/104660117/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 09/10] OvmfPkg/ResetVector: leave SEV VC handler installed longer

[Gerd Hoffmann]

  Hi,

> >      OneTimeCall CheckSevFeatures
> > +    cmp         byte[WORK_AREA_GUEST_TYPE], 1
> > +    jnz         NoSevIa32
> > +    OneTimeCall SevClearVcHandlerAndStack
> >  
> > +NoSevIa32:
> >      ;
> >      ; Restore initial EAX value into the EAX register
> >      ;
> 
> Did you miss Tom's review under v1?
> 
> https://edk2.groups.io/g/devel/message/116176

Saw the mail only after sending out v2, updated my local branch
meanwhile.

> I'm ready to merge this (adding Tom's R-b, if you, Gerd, confirm that
> that's what you want).

As stated in the cover letter I think it's better to not (yet) merge
patches 9+10 because BaseMemEncryptSevLib is not ready for 5-level
paging.  That way SEV will work fine (in 4-level paging mode) even when
building with PcdUse5LevelPageTable=TRUE.

thanks & take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116260): https://edk2.groups.io/g/devel/message/116260
Mute This Topic: https://groups.io/mt/104660115/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 09/10] OvmfPkg/ResetVector: leave SEV VC handler installed longer

[Laszlo Ersek]

On 3/1/24 15:52, Gerd Hoffmann wrote:
>   Hi,
> 
>>>      OneTimeCall CheckSevFeatures
>>> +    cmp         byte[WORK_AREA_GUEST_TYPE], 1
>>> +    jnz         NoSevIa32
>>> +    OneTimeCall SevClearVcHandlerAndStack
>>>  
>>> +NoSevIa32:
>>>      ;
>>>      ; Restore initial EAX value into the EAX register
>>>      ;
>>
>> Did you miss Tom's review under v1?
>>
>> https://edk2.groups.io/g/devel/message/116176
> 
> Saw the mail only after sending out v2, updated my local branch
> meanwhile.
> 
>> I'm ready to merge this (adding Tom's R-b, if you, Gerd, confirm that
>> that's what you want).
> 
> As stated in the cover letter I think it's better to not (yet) merge
> patches 9+10 because BaseMemEncryptSevLib is not ready for 5-level
> paging.  That way SEV will work fine (in 4-level paging mode) even when
> building with PcdUse5LevelPageTable=TRUE.

Got it!

Laszlo

> 
> thanks & take care,
>   Gerd
> 
> 
> 
> 
> 
> 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116279): https://edk2.groups.io/g/devel/message/116279
Mute This Topic: https://groups.io/mt/104660115/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 00/10] OvmfPkg/ResetVector: cleanup and add 5-level paging support.

[Laszlo Ersek]

On 3/1/24 08:43, Gerd Hoffmann wrote:
> [...]

For future patch submissions: please include the Cc: tags in the commit
message bodies; PatchCheck.py (also part of CI) enforces that now.

Thanks
Laszlo



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116280): https://edk2.groups.io/g/devel/message/116280
Mute This Topic: https://groups.io/mt/104660109/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 00/10] OvmfPkg/ResetVector: cleanup and add 5-level paging support.

[Laszlo Ersek]

On 3/1/24 08:43, Gerd Hoffmann wrote:
> So I ran with the suggestion by Laszlo to move the page table setup into
> macros and untangle the non-CoCo / TDX / SEV code paths.  The first five
> patches of the series are doing that (without functional changes).
> 
> Support for 5-level paging is added by the following five patches.  This
> way it is indeed easier to understand.  Additional bonus is that the
> patches can be splitted into smaller pieces and 5-level paging for the
> three cases (non-CoCo / TDX / SEC) can be enabled independently.
> 
> The SEV patches (#9 + #10) are included here for completeness, but it is
> probably a good idea to merge them only after 5-level paging support was
> added to BaseMemEncryptSevLib.  This way we can turn on 5-level paging
> support without breaking SEV.
> 
> v2 changes:
>  - remove SetCr3La57 label, use Enable5LevelPaging macro instead.
>  - turn GetSevCBitMaskAbove31 into a macro.
>  - comment fixes.
> 
> Gerd Hoffmann (10):
>   OvmfPkg/ResetVector: improve page table flag names
>   OvmfPkg/ResetVector: add ClearOvmfPageTables macro
>   OvmfPkg/ResetVector: add CreatePageTables4Level macro
>   OvmfPkg/ResetVector: split TDX BSP workflow
>   OvmfPkg/ResetVector: split SEV and non-CoCo workflows
>   OvmfPkg/ResetVector: add 5-level paging support
>   OvmfPkg/ResetVector: print post codes for 4/5 level paging
>   OvmfPkg/ResetVector: wire up 5-level paging for TDX
>   OvmfPkg/ResetVector: leave SEV VC handler installed longer
>   OvmfPkg/ResetVector: wire up 5-level paging for SEV
> 
>  OvmfPkg/ResetVector/ResetVector.inf       |   1 +
>  OvmfPkg/ResetVector/Ia32/AmdSev.asm       |  40 ++-
>  OvmfPkg/ResetVector/Ia32/IntelTdx.asm     |  17 +-
>  OvmfPkg/ResetVector/Ia32/PageTables64.asm | 299 +++++++++++++++++-----
>  OvmfPkg/ResetVector/Main.asm              |   4 +
>  OvmfPkg/ResetVector/ResetVector.nasmb     |   5 +-
>  6 files changed, 272 insertions(+), 94 deletions(-)
> 

Patches 1 through 8 have been merged as

     8  fded08e74400 OvmfPkg/ResetVector: improve page table flag names
     9  52e44713d23d OvmfPkg/ResetVector: add ClearOvmfPageTables macro
    10  4329b5b0cd58 OvmfPkg/ResetVector: add CreatePageTables4Level macro
    11  b7a97bfac528 OvmfPkg/ResetVector: split TDX BSP workflow
    12  e3bd782373d8 OvmfPkg/ResetVector: split SEV and non-CoCo workflows
    13  49b7faba1d6e OvmfPkg/ResetVector: add 5-level paging support
    14  318b0d714a7e OvmfPkg/ResetVector: print post codes for 4/5 level paging
    15  275d0a39c42a OvmfPkg/ResetVector: wire up 5-level paging for TDX

via <https://github.com/tianocore/edk2/pull/5432>.

In patch #8, I moved the "CheckForSev:" label into "%if PG_5_LEVEL" scope, as discussed.

Laszlo



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116285): https://edk2.groups.io/g/devel/message/116285
Mute This Topic: https://groups.io/mt/104660109/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-