From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by mx.groups.io with SMTP id smtpd.web09.7070.1646277107169476720 for ; Wed, 02 Mar 2022 19:11:47 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=PT06z1Pr; spf=pass (domain: intel.com, ip: 192.55.52.120, mailfrom: jian.j.wang@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1646277107; x=1677813107; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=F5TEUNamIFqiCYraNemnLAZF/L1Jeq5JWEqWpSFVBNw=; b=PT06z1PrF4SikqyIreUCcSCR39GMchUzYo2+2dvK5GOJRUMZIlgabXO3 v/tMorDFnai6RVmZpk7kfj6nYsGIkZC+vZDzWGdd/qXlf2zGvYF8AK+rN gcclN1KB4KW0Fu8GpxKvPCKk/6MNxFPYflRmWXoDQMqthyBoJkCt9nvkS 9MkogrW/Tk5WNo5rslufkbqEd7xurN5e5o4/jRdl8MsVAlJRngg4lOkq2 WEx9n8Hyd2b/Oc/8lg0yL0fqphM6A03JXJTov3kRpRz/KSbVevhpGCb12 01FHS/I4zVzkCyPDuewdITAQULOC5tOvAPHRRoYgPoFkGxK9h/1tT5wIh Q==; X-IronPort-AV: E=McAfee;i="6200,9189,10274"; a="252392627" X-IronPort-AV: E=Sophos;i="5.90,150,1643702400"; d="scan'208";a="252392627" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Mar 2022 19:11:46 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.90,150,1643702400"; d="scan'208";a="493775003" Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by orsmga003.jf.intel.com with ESMTP; 02 Mar 2022 19:11:46 -0800 Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21; Wed, 2 Mar 2022 19:11:45 -0800 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21 via Frontend Transport; Wed, 2 Mar 2022 19:11:45 -0800 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.169) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.21; Wed, 2 Mar 2022 19:11:45 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dlB17LZ9DvBZlDdFzcy6UXAFxM4KK2H3ZluUdHCtAWXZOBOQ6XtW3G1sR3WIAN3ykJi0Q4nUVs5TdEUFbiLiZ75xC+y4IJHo2mrgzQAhpm+EaJ9gz21XEGF6qfMl8YLPRan7ck4Coj0BvZ9HyTgp3AAqUvyNMZ1RREHsGL2nDVTqfbp6PN0NQALRzouGSDV7Ej/5TLSLS99/QY2QKvFOVa/gl1rkXj2e9gtdUiwOwm1CrTRMCSpO5aTVA4hHCtaz5HKtNPxhCwZpzz27fvk0Sb/X4pOtVHVsFgsVxyAl1ZscAYfjro+c/eI8wvEUUdSp3YpvgSWkwtnbO5shQslGlw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WUO1+EqAUkUHf3MRC2VbVzo1O/ZRL5GINlsEkf1R0xQ=; b=RFQC8yMrR/yplcYf2kpUDXI7HvWJ7N8dTJjwIFUW9pQoLKqAWs5SusujCPoIjeIWu7l5O62+yCarQXZOKkyCR9IMk4RItOa1F32CvyI9xpn4aD3yYz3N9t73zlfF4SiVPC1MS8l4tdnR7rlt6KiZ5UeH7wQZApGTOzVdKhQqWnlQJGSoq4djvf+P6WvgMgzkYEfDsC19s/Ofei80lY483wdTCzR44IYHS+g2OzBHBJum0iI/P2RYAsvW8tJTH17GG/Dv9sq8nrSv4h2xv9rt6kG8zvG1nhZzSxIz1JZ596XWyDmS1VfxSRqEKxCsmF/Dep/1bkh5PrYiExA4Vp5XJw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from CO1PR11MB4945.namprd11.prod.outlook.com (2603:10b6:303:9c::8) by MWHPR1101MB2159.namprd11.prod.outlook.com (2603:10b6:301:53::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5038.14; Thu, 3 Mar 2022 03:11:42 +0000 Received: from CO1PR11MB4945.namprd11.prod.outlook.com ([fe80::c9d4:be7:7abc:48c0]) by CO1PR11MB4945.namprd11.prod.outlook.com ([fe80::c9d4:be7:7abc:48c0%4]) with mapi id 15.20.5038.014; Thu, 3 Mar 2022 03:11:42 +0000 From: "Wang, Jian J" To: "Xu, Min M" , "devel@edk2.groups.io" CC: "Wu, Hao A" , Brijesh Singh , "Aktas, Erdem" , James Bottomley , "Yao, Jiewen" , Tom Lendacky , Gerd Hoffmann Subject: Re: [PATCH V7 25/37] MdeModulePkg: EFER should not be changed in TDX Thread-Topic: [PATCH V7 25/37] MdeModulePkg: EFER should not be changed in TDX Thread-Index: AQHYLHP4WVHlFBPgZkOI6nY/jREcn6ys/lJw Date: Thu, 3 Mar 2022 03:11:42 +0000 Message-ID: References: <639b222086067437c7613d942f36adf0636376b0.1646031165.git.min.m.xu@intel.com> In-Reply-To: <639b222086067437c7613d942f36adf0636376b0.1646031165.git.min.m.xu@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-reaction: no-action dlp-version: 11.6.401.20 dlp-product: dlpe-windows authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 41e31ee7-918b-45a8-1155-08d9fcc38ab3 x-ms-traffictypediagnostic: MWHPR1101MB2159:EE_ x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: +igxxaCjyxUhi6xOvskQlh7cH3Lk37O9voDUOsnFbNbhFGdF3rMw8rMiF3ec8QmafLkB6MdmDOPNDyIX6qae13jLwvFhoKAvShnoCy2l29H5W3YCuSrtYGvzjB9m6SosN/3PE/pvYVxGXkDUDj2zMBSdAUHgvH0DoJn2HUdb7sc5YuW3jdSQZt6VyqOxVxidfwwC8312kVLKFvIbS0SpiQTc0jAVh7aeLQMCbOpt8m8qokMkltRqz5DKEzSrM0dVeN42e8Z4THZpYXsLNv41pL00Ujx4vCNLxu0N6st91COKeyH7Ksy3h0UWG3jKS2yvewow2fnXKKocUD9y6bjHVqBipkmnzq52mmteV3tRsVF4G9xorba+26UwhIBWLc8xE3U/UKwWLeqIYotYL86ejywVSIPTfzrccsv4wo4X5HuEeNz1f065sWyTsbm6/ah+aslvAfi3PWalhfBrV25G4/vJjle0ufZijMeCpqMG75mSLHyFnBp4cpGxJsK6oAMbk42jYDmPwzj7SbgYTk7A5vOK+AQry8jdPXE1q5Y3hLWrFZKwn7T+iiOe0VHqRwPXtGoHbEpldVp15dMkVweXOYRAR7sGgyJsxwUu4Bwi2tE+sPmB5k/fOJ5eo+J580ZGlPCa78Ke6IYh+Sb6BCNIIwy3cxAH0auCYmNABkeWj0QPkm8KyqD4ePfVA2GThhi+qmvoip7F1KH+fOS+Z6CFELUGUkNR++nNK/MmHJTif3ThALLBTxB1NNtDKjE30XMES1BG3qSn+u3c85iLmxk3fWnFwZS1eK8+GnOVrSAQ57M= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CO1PR11MB4945.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(19627235002)(38070700005)(316002)(8936002)(26005)(186003)(9686003)(76116006)(7696005)(6506007)(66556008)(122000001)(5660300002)(66946007)(2906002)(8676002)(66476007)(64756008)(66446008)(82960400001)(4326008)(53546011)(71200400001)(38100700002)(86362001)(52536014)(508600001)(33656002)(966005)(83380400001)(110136005)(54906003)(55016003);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?AknNs3DS4fgTvwPzwR757+wkZ/ST6sy27HCuhzvqzEJEWwNX2pi32vEDBFJ4?= =?us-ascii?Q?jh6xDKBcEew5vgxFpP1TEE9+vq1+LJ7IA9R96CX9dborWQAXRXo1RIvAQSiw?= =?us-ascii?Q?wxmFz2YCspJT5nVpD02ls3sGqrjW1Saa287X5EYRPYbTNDy3MkZda8nCnJ+9?= =?us-ascii?Q?+eOjvL87RCG/q+xh11qnAjWxhvLCQQNWh+8pxMz+egZs8tYFfSQ58VgPTkES?= =?us-ascii?Q?QYDZMqJg2ye15B/DE/utKKY5KKki7C7f1RDWxMAdOFxZw8IC6ezJi6cLPZUB?= =?us-ascii?Q?O6ATTzkE6tiDVWsEafO84+dvDkXzwYsqBehraoiIqEWa7SWdWZUtabToQtwD?= =?us-ascii?Q?QAdTtgGICx/Ud7Y4q6vxJb7ZkKJqXeET3DTnqJb4Cxp5psmIx0xssgWvAjKY?= =?us-ascii?Q?GuXDqapdh7Nb/JavdRzNk+grydtqUaHLgz3JKVhR+FvpMz2HgUjUp82VN4CC?= =?us-ascii?Q?LkiDb7jrmm0ikYRzSS68E9CDBGMQpzvMa/SvAXbgMICfwEuKqUxve0TDtObh?= =?us-ascii?Q?EAit2dYf5GQ96yr/SPkpgVN0rjpegRlgB2UQ1NmDcOfxor+27IDdXR0oYCpp?= =?us-ascii?Q?gIhOv6NBY+f5omp1Xr11T2LoSPUHmo+hDcNUQ94pYbBnVOa7fXv/UxTVAslb?= =?us-ascii?Q?eYHZBKlaIner3qvQ4olvsKZhn9f/T3HDAXVCH3SzOoQmP2QOXIGrINH1RuEE?= =?us-ascii?Q?/K1DJ299c0Xy3lEQzTSEZHZOqcQXMb+UicjpLmV9oRI3TYkqY+VVKbCOCFDm?= =?us-ascii?Q?wx28qirxFE6nokjeUsgsg5dKXrACfMewQji52sBWFdqEA6F0QW0HB9v37N7N?= =?us-ascii?Q?HHsW6ZjxolbsCfG/CXmCfxZDddOACMwXKS0PD8IhVYYQCHcDQTd9+HyY/5+F?= =?us-ascii?Q?uf+67ZY3TbDXZdoNAamzligIxcMK8jHknfXLnUQ/shwzWqDFcaJrBAfDNffP?= =?us-ascii?Q?DWNNLNyVMfaVjrLhwY1+4D4RRFPyw2a6v0aFkwPb0G3bXlNoiG/MN+Hm/dj7?= =?us-ascii?Q?KLFepmfqytarCvZPW+ZhB9DdMHCU/74G2vCP6SPxVDMIw5OdBhA+t9Im696S?= =?us-ascii?Q?Xra5mpMaJj/WeDok24HWGx1O5NxJ+EzDAiOHDz42jZZ1NdAwLMCcd/HCwd1H?= =?us-ascii?Q?512+esr+7w4T2nhc46mrCQPX8kjDYDATJaMjqLnQ9IAADxsoJYgHxvIDD+7p?= =?us-ascii?Q?HAVpjMKJveMLloa2FjC0nys9OcJFUBDtXCWH67KsS6uWSxxZ1hISBGg1p8jI?= =?us-ascii?Q?FkcllcjMDPN7/0yt7ln/VVKHNYlsu1d1I5jLMr56mm0tzqjrfEFKEUqI2d4g?= =?us-ascii?Q?Z5vte2+fYdNnP3LcMXcTg1zwtmT06tBpte3IyHBDVGUrgNM3ex5FTso7dLnf?= =?us-ascii?Q?9vNoVZIHC/RkbDzeom5wV0iM53JZPfyx2qTOhvkFPVllq8NlI0iEFjduw8aC?= =?us-ascii?Q?5au0wCgx99SopYpgxeDCxQvZs5OZyx0lJ0NX16bZDw3RHo0Ez8Ssqz8vuqjr?= =?us-ascii?Q?JOquqf/h1Agy+OhXX5hRGgRG8I5K7qsVBTXrQNBFSUg2Y+ie+kvT3LHhM/qz?= =?us-ascii?Q?Z4vFSiRWWwBSjTqrcthAd4WsUE8EqPsp78PSCNlPRXSBNGYwOOA5muX17akV?= =?us-ascii?Q?9fmGK2sjEfVbZkoxW7YczJw=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4945.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 41e31ee7-918b-45a8-1155-08d9fcc38ab3 X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Mar 2022 03:11:42.3886 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: mQeU7akaodP6hCUuSC6vUOCF/tNPZuMw51+4C/WzWT1O4J4OCBAgSBkrwPsupWzcDtMukYfHDjV94TpGtyXTrQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR1101MB2159 Return-Path: jian.j.wang@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Min, I think the PCD should not be dynamic. Dynamic PCD is used for those featur= es which can be changed at boot time. But, for Intel processor, it should alwa= ys stay as FALSE. So there's no need to make it dynamic. FixedAtBuild should b= e fine. Regards, Jian > -----Original Message----- > From: Xu, Min M > Sent: Monday, February 28, 2022 3:21 PM > To: devel@edk2.groups.io > Cc: Xu, Min M ; Wang, Jian J ; > Wu, Hao A ; Brijesh Singh ; > Aktas, Erdem ; James Bottomley > ; Yao, Jiewen ; Tom Lendacky > ; Gerd Hoffmann > Subject: [PATCH V7 25/37] MdeModulePkg: EFER should not be changed in TDX >=20 > RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 >=20 > In TDX IA32_ERER is RO to host VMM. It could not be changed. > PcdIa32EferChangeAllowed is added in MdeModulePkg.dec and it is > to be set to FALSE in Tdx guest. >=20 > Cc: Jian J Wang > Cc: Hao A Wu > Cc: Brijesh Singh > Cc: Erdem Aktas > Cc: James Bottomley > Cc: Jiewen Yao > Cc: Tom Lendacky > Cc: Gerd Hoffmann > Acked-by: Gerd Hoffmann > Signed-off-by: Min Xu > --- > MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 1 + > MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 7 +++++++ > MdeModulePkg/MdeModulePkg.dec | 5 +++++ > 3 files changed, 13 insertions(+) >=20 > diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf > b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf > index 19b8a4c8aefa..106b679b6bd0 100644 > --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf > +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf > @@ -117,6 +117,7 @@ > gEfiMdeModulePkgTokenSpaceGuid.PcdUse5LevelPageTable = ## > SOMETIMES_CONSUMES > gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase = ## > CONSUMES > gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize = ## > CONSUMES > + gEfiMdeModulePkgTokenSpaceGuid.PcdIa32EferChangeAllowed = ## > CONSUMES >=20 > [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64] > gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## > SOMETIMES_CONSUMES > diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c > b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c > index 0700f310b203..5c647c74e773 100644 > --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c > +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c > @@ -159,6 +159,13 @@ IsEnableNonExecNeeded ( > return FALSE; > } >=20 > + // > + // Intel TDX sets this flag to FALSE. > + // > + if (!PcdGetBool (PcdIa32EferChangeAllowed)) { > + return FALSE; > + } > + > // > // XD flag (BIT63) in page table entry is only valid if IA32_EFER.NXE = is set. > // Features controlled by Following PCDs need this feature to be enabl= ed. > diff --git a/MdeModulePkg/MdeModulePkg.dec > b/MdeModulePkg/MdeModulePkg.dec > index 463e889e9a68..453f2a74b11d 100644 > --- a/MdeModulePkg/MdeModulePkg.dec > +++ b/MdeModulePkg/MdeModulePkg.dec > @@ -2138,6 +2138,11 @@ > # @Prompt GHCB Pool Size > gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0|UINT64|0x00030008 >=20 > + ## This dynamic PCD indicates if IA32_EFER can be changed. The default= value > is TRUE but in > + # Intel TDX change of IA32_EFER is not allowed. > + # @Prompt The flag which indicates if IA32_EFER is allowed to be chang= ed. > + > gEfiMdeModulePkgTokenSpaceGuid.PcdIa32EferChangeAllowed|TRUE|BOOLEA > N|0x00030009 > + > [PcdsDynamicEx] > ## This dynamic PCD enables the default variable setting. > # Its value is the default store ID value. The default value is zero = as Standard > default. > -- > 2.29.2.windows.2