From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web12.7197.1647321374086303241 for ; Mon, 14 Mar 2022 22:16:15 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=NeqAxMrq; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: jian.j.wang@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1647321374; x=1678857374; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=V4ESl+uaOcFHthSjxEeG34f/p9qZoZSfRQ4B/RUWmP4=; b=NeqAxMrqA9ed0OE6RyyzHQW8IzbbOM4Kg9aC0fIhUNbdmLSMXPfC2Ep6 3RG5RSY6CO87ZCR2oZXSWyeBhQMtHzaoX0oLdv1fNsYF2Q3Oa8duVX30y V1pMBE+5Ytfa4NETL2LU9tSmgkt2dN61RRxU9uO878TWRQmRI30UjnMCR RVaJ7GTt3AvClXcuIoWdWqu40tD0vuA0cwawptn7KzQF3uBbn3Est3ewE oNZ7jYOBpDn6aSwjWTsLn72H815D3tyn08+fwQUQoTUlyxFgOf0Fpxs7P EmKHLKkqDiMb4knSSmK68Q5KKlaI8dRoLvhsBl9L1TIShRDRtjFX4S3SA Q==; X-IronPort-AV: E=McAfee;i="6200,9189,10286"; a="280982296" X-IronPort-AV: E=Sophos;i="5.90,182,1643702400"; d="scan'208";a="280982296" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Mar 2022 22:16:13 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.90,182,1643702400"; d="scan'208";a="549476816" Received: from fmsmsx605.amr.corp.intel.com ([10.18.126.85]) by fmsmga007.fm.intel.com with ESMTP; 14 Mar 2022 22:16:13 -0700 Received: from fmsmsx611.amr.corp.intel.com (10.18.126.91) by fmsmsx605.amr.corp.intel.com (10.18.126.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21; Mon, 14 Mar 2022 22:16:13 -0700 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx611.amr.corp.intel.com (10.18.126.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21 via Frontend Transport; Mon, 14 Mar 2022 22:16:13 -0700 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.102) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.21; Mon, 14 Mar 2022 22:16:13 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WWnuZfMTO6eTOHwhC8NVjCe05t/Hv645qo0ynsIE/gY4h25G9k1SQGsJCtOwfUuYLAR5k0Peg8p0Z3V0649u4GtVUnFMG3ZRonpxiUGf5RpIu1wbB35v63Tm5V0gYG41WW1Y4WMz6FvTWFR5ziIqOq9bG5GPay7HeB6xeq5bBXgSimXrjIqaxfKwD3SNQlP/OQnka30R9Cwii+tbf0xduWldATfFklBXDbUHmH5tP5qGwCMkx+grxPtbsalLHPW8S3OKsoKKJTn8FYuZDNBVdhg3be7He4Zq4Mze4w2XHVfZbV/888xzbY8V8xGUnqq6WthVIvcIeiCDxPY7JoFwog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=T3dCnO/wdjAxRsxKQaRXBWZjQbHDqykk3kqhOnHvU6Q=; b=XnfFkmVdI9cEZahZ0/MZZ4ECyf0T3LbdTaZHpapTivwqXkonwRZV4EYPNP6kjLBQJSF5uJb1d+9TemsdTumgcNBxpovBQ7coh8HfyuGLIBTqeyNnPhzs3t/E7V29mboo53ovy/Ka1+LKGoPeLks4CCeO4aPRktdZGwF9N01v90zy/0wg97DItACKi52VxyRVYQmktBOPa1PDC7hO9zkIh/dC+bbBQwSWsAtJ0LLdf242VyZ2j4sLyEWeeLqogJsgXJ8X71PGc/Sb6aOlvFJy4FRB6qKNrzAF+UBAvNAY6nChRa2lzinNLC48lqJcQ8AvaainkPY8Vplv79AfTzExyw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from CO1PR11MB4945.namprd11.prod.outlook.com (2603:10b6:303:9c::8) by MN2PR11MB3824.namprd11.prod.outlook.com (2603:10b6:208:f4::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.14; Tue, 15 Mar 2022 05:16:10 +0000 Received: from CO1PR11MB4945.namprd11.prod.outlook.com ([fe80::2598:e534:2ebb:782a]) by CO1PR11MB4945.namprd11.prod.outlook.com ([fe80::2598:e534:2ebb:782a%4]) with mapi id 15.20.5061.029; Tue, 15 Mar 2022 05:16:10 +0000 From: "Wang, Jian J" To: "Xu, Min M" , "devel@edk2.groups.io" CC: "Wu, Hao A" , Brijesh Singh , "Aktas, Erdem" , James Bottomley , "Yao, Jiewen" , Tom Lendacky , Gerd Hoffmann Subject: Re: [PATCH V8 36/47] MdeModulePkg: Add PcdTdxSharedBitMask Thread-Topic: [PATCH V8 36/47] MdeModulePkg: Add PcdTdxSharedBitMask Thread-Index: AQHYNbRhm6iwFdJvFUKVYM1pm94FNqy/7BTw Date: Tue, 15 Mar 2022 05:16:10 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-reaction: no-action dlp-version: 11.6.401.20 dlp-product: dlpe-windows authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 215a3884-0348-4dd5-6a88-08da0642eb24 x-ms-traffictypediagnostic: MN2PR11MB3824:EE_ x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 4ANqveQVyi+zkvFmNuUTbJS13uWVI++EBvYJjQsVc3ztUL3tOrlq+9nysiAHlTlAng2zwvCYMv6iyAgQifQZibT2On0aCWb2vu6/GOp0Vk6fQOmz5mBPZcv3O/VpX5VAQpAAtgjMd5yMLUnxyk5rkK/tmxRcOmSIrD0K9cmAojoJSmyElTsr5qWWOLxCgw+MNMfYmDYI+FF5FBbw0U5ayBGkt/6ZmOAzfqXYvDHAi6tiOnMoR7MaTEMnxDZR1qIbmzXeXQZl/WxUIgKLP78qddl9N+WnxglOqZFQN0Ll8tVoDZKT1+yjKPyU3yjEhTHHLL5yykeRNG5jPnC4BvW212SFoDIxhV1se69EoMjeCvwg7++E+ku9MPFvCHJYqrwapo00maSRgMJ1hU4hVNvITllUwdtSJBg8a2BwP159rch/8HmGnIfP81IIb1qDBL8BLENOIdlnrTc01gxCaxzXai4tUfO0vNZepJAXaDJEm1xEKjMNwiyE5kZn4ai/5F8h6/DjRSmWRbKoViTNc2Xam/dxkTKpWFI5caBcD4mgtkHlBCr4WLHvJAmT3x0218Axgwt9IJXyVohFfPa4i0I2YAgpYsWszWW3ZE3M5IIb2eRwSkHdhaqL5W51po+uUbS4FkY1Na8+pCJ6rHVo9efUapbtzouot3XUBKdTZP9TBmBkkzeo1fwbU0orn2UQI4fh5STHgK70OnKLmRzP1GOpqnpl+3V713q8zVP3DvArfwF0ImSNdGBDDhg04VJNzdgreJ5rV3DiQgX/u4A+tRjj8K7LrxekM7ubo+vKlBYq2J1R6jcF7I+G3Llibpf1dxGgrz90EET/LoFVkr2KsoCN/7T52+TQw7VPofulc9E/CI8= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CO1PR11MB4945.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(6506007)(53546011)(7696005)(83380400001)(9686003)(76116006)(52536014)(33656002)(110136005)(5660300002)(8936002)(54906003)(122000001)(38100700002)(86362001)(316002)(966005)(19627235002)(71200400001)(4326008)(66946007)(8676002)(26005)(186003)(38070700005)(508600001)(2906002)(66556008)(66476007)(66446008)(64756008)(55016003)(82960400001)(213903007)(156123004);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?U/eMa7yUuhs+J42xnP6ur1bkjXvOzoOlWEEPH3gbZ3CYrTLDYExL8HWbt5YL?= =?us-ascii?Q?Fa9VfaTEYN6PB3pXg+eSY6qd5iX4qQr0FTCl0wdaeaHxxnAXUZf/xlEqAd8F?= =?us-ascii?Q?6qZCM7XhdfHi5fqOMyRxgA40rkqEKPPurjiP+meDQD+YBaX/5BYAka1dpsx2?= =?us-ascii?Q?IUGx0N2R6fbzDCulX9Yj+KbZeHToHFOkfrHsRTrCnTq9OsTZr8uWMAYoXvQG?= =?us-ascii?Q?lvBWZonlm3GaQxG9VG0UwJMfUoYQe3uPYypET0mFiZtWPLbVE/p8r/FimN+Y?= =?us-ascii?Q?P73KHLVBi1G1pfOo3UMQdv8VJZ4AsMwzvkr5DlTRIpLZ1d8yVkntwJNd6Zkp?= =?us-ascii?Q?8EXW16BGV2Y/yvIYMzDOYNUl/xVFTjVdOyYBLD5Oq3lUuKOX3tD1VK29V8KV?= =?us-ascii?Q?oLRpTxhxRb+MJFX1KKC70Gzz/XZI6jmw5dpEwxkBSpQIMDaOUi2mYf0o7Mf8?= =?us-ascii?Q?htqDmvp5p0QLY3AYDiujycoRItzD3I1zf4uxY1oOHYdpSUeP3YTggkdl0A3C?= =?us-ascii?Q?0iScfq5AYqW3wsUORISLxua7bf1nH08cSWiCKbiNDkqPx32qWChdzlRDNzMr?= =?us-ascii?Q?JbxV1rtyQqi6kr64DkaU/Ei9zDnyAqPcc71GC4A6UyDHETPnRqYL3OyXiJhe?= =?us-ascii?Q?QS/6Q7MwnZ2LdTUJHfUV5CQRHDbYdf++pWi/PmG4X/DEXQctyfS/XtUE0iNT?= =?us-ascii?Q?eHXwPngzlgCrGDptMhvifVXuVILIqA/9956gBN+hZh58IGwdG+C86YmyDfPt?= =?us-ascii?Q?q1SZUr+vj4d8lq6jPFcRtZklM8w/v0/vsJ18oN6kcqCZU9TG9k8FeZOM/hqM?= =?us-ascii?Q?RcX1soLDUGKfUk9CfIMTTzT2IfjbbfHZ0h+bdS9a0yc57r3YCAAFyMD+Ipb3?= =?us-ascii?Q?8pvKHOvFSo3JIJ54Hd6iDgnvNZEy2DKtX4EoVfIgXWMy2LF+W0G+1koqlnSz?= =?us-ascii?Q?kf0iugrjLefmXh3B2GPFGEDozxDXY3BiXyEsZSrH12bg9uhsKOpBW4EV9I1g?= =?us-ascii?Q?xqAfNkupN1+WoQArM7cEubahoP/9Cs7BXoO2rEcDqxfgfwZkWWT0yheChnlN?= =?us-ascii?Q?jJTRvTGGtffcfUBqZhEkoGXF+NYCWs5aHR7CODnkmpnL9YUe8DGUdn+GkSXZ?= =?us-ascii?Q?DREQj/1i2YgRSJ6DbsP7qD/bfXy1p1nyttZRTwpTN2bcyfFGPHcyC/HdWlwk?= =?us-ascii?Q?tQjyiDPte9Ke+zOkThiqUy+u1oeoGtHMIkbJe19g9oijapSw1qyNxYV0NwtS?= =?us-ascii?Q?avFI9G7XppEyUQHVcpNFVFm+CeOd/tSJd4FrVsVAznqNIXfRIXX9el8rln/m?= =?us-ascii?Q?HlaQbkrvRZS2TU2SExT0jasOC9bh9jByZ4kavlD97vwsnGEmUI9aa6s9c5lO?= =?us-ascii?Q?3OkjnMDEzqGbhN7bwu6cQTp1liZe4fbVONbSIxVbrJXh1RITZgiIW9dReQWF?= =?us-ascii?Q?w1jiMrkjpaK1LLeZIgpkIvcBBTYhsQYU?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4945.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 215a3884-0348-4dd5-6a88-08da0642eb24 X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Mar 2022 05:16:10.8048 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: II4rjCPvF/90PwXZQp/cJ2qTnOF00dhNaZBdplxilDSUTGYz9cTe31qIdcFUH0Gr6f8mEQMJZ+ILIE9t8k+4iA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3824 Return-Path: jian.j.wang@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jian J Wang Regards, Jian > -----Original Message----- > From: Xu, Min M > Sent: Saturday, March 12, 2022 9:54 AM > To: devel@edk2.groups.io > Cc: Xu, Min M ; Wang, Jian J ; > Wu, Hao A ; Brijesh Singh ; > Aktas, Erdem ; James Bottomley > ; Yao, Jiewen ; Tom Lendacky > ; Gerd Hoffmann > Subject: [PATCH V8 36/47] MdeModulePkg: Add PcdTdxSharedBitMask >=20 > RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 >=20 > Guest Physical Address (GPA) space in Td guest is divided into private > and shared sub-spaces, determined by the SHARED bit of GPA. This PCD > holds the shared bit mask. Its default value is 0 and it will be set > in PlatformPei driver if it is of Td guest. >=20 > Cc: Jian J Wang > Cc: Hao A Wu > Cc: Brijesh Singh > Cc: Erdem Aktas > Cc: James Bottomley > Cc: Jiewen Yao > Cc: Tom Lendacky > Cc: Gerd Hoffmann > Acked-by: Gerd Hoffmann > Signed-off-by: Min Xu > --- > MdeModulePkg/MdeModulePkg.dec | 4 ++++ > OvmfPkg/AmdSev/AmdSevX64.dsc | 3 +++ > OvmfPkg/Bhyve/BhyveX64.dsc | 3 +++ > OvmfPkg/CloudHv/CloudHvX64.dsc | 3 +++ > OvmfPkg/Microvm/MicrovmX64.dsc | 3 +++ > OvmfPkg/OvmfPkgIa32.dsc | 3 +++ > OvmfPkg/OvmfPkgIa32X64.dsc | 1 + > OvmfPkg/OvmfPkgX64.dsc | 3 +++ > OvmfPkg/OvmfXen.dsc | 3 +++ > 9 files changed, 26 insertions(+) >=20 > diff --git a/MdeModulePkg/MdeModulePkg.dec > b/MdeModulePkg/MdeModulePkg.dec > index 463e889e9a68..1a2425974f44 100644 > --- a/MdeModulePkg/MdeModulePkg.dec > +++ b/MdeModulePkg/MdeModulePkg.dec > @@ -2079,6 +2079,10 @@ > # @Prompt Enable PCIe Resizable BAR Capability support. >=20 > gEfiMdeModulePkgTokenSpaceGuid.PcdPcieResizableBarSupport|FALSE|BOOLE > AN|0x10000024 >=20 > + ## This PCD holds the shared bit mask for page table entries when Tdx = is > enabled. > + # @Prompt The shared bit mask when Intel Tdx is enabled. > + > gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0|UINT64|0x100 > 00025 > + > [PcdsPatchableInModule] > ## Specify memory size with page number for PEI code when > # Loading Module at Fixed Address feature is enabled. > diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc > b/OvmfPkg/AmdSev/AmdSevX64.dsc > index c173a72134f4..dda98aa43bdb 100644 > --- a/OvmfPkg/AmdSev/AmdSevX64.dsc > +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc > @@ -558,6 +558,9 @@ > # Set memory encryption mask >=20 > gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask| > 0x0 >=20 > + # Set Tdx shared bit mask > + gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 > + > # Set SEV-ES defaults > gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 > gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 > diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc > index 656e407473bb..0daae82d6705 100644 > --- a/OvmfPkg/Bhyve/BhyveX64.dsc > +++ b/OvmfPkg/Bhyve/BhyveX64.dsc > @@ -550,6 +550,9 @@ > # Set memory encryption mask >=20 > gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask| > 0x0 >=20 > + # Set Tdx shared bit mask > + gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 > + > gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 >=20 > # MdeModulePkg resolution sets up the system display resolution > diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc > b/OvmfPkg/CloudHv/CloudHvX64.dsc > index c307f1cc7550..1732f281b435 100644 > --- a/OvmfPkg/CloudHv/CloudHvX64.dsc > +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc > @@ -603,6 +603,9 @@ > # Set memory encryption mask >=20 > gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask| > 0x0 >=20 > + # Set Tdx shared bit mask > + gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 > + > # Set SEV-ES defaults > gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 > gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 > diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc > b/OvmfPkg/Microvm/MicrovmX64.dsc > index 0eac0c02c630..cde90f523520 100644 > --- a/OvmfPkg/Microvm/MicrovmX64.dsc > +++ b/OvmfPkg/Microvm/MicrovmX64.dsc > @@ -592,6 +592,9 @@ > # Set memory encryption mask >=20 > gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask| > 0x0 >=20 > + # Set Tdx shared bit mask > + gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 > + > # Set SEV-ES defaults > gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 > gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 > diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc > index 8f02dca63869..01a26c234a88 100644 > --- a/OvmfPkg/OvmfPkgIa32.dsc > +++ b/OvmfPkg/OvmfPkgIa32.dsc > @@ -618,6 +618,9 @@ > # Set memory encryption mask >=20 > gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask| > 0x0 >=20 > + # Set Tdx shared bit mask > + gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 > + > # Set SEV-ES defaults > gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 > gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 > diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc > index 98a6748c62dd..bf08e893e053 100644 > --- a/OvmfPkg/OvmfPkgIa32X64.dsc > +++ b/OvmfPkg/OvmfPkgIa32X64.dsc > @@ -631,6 +631,7 @@ >=20 > # Set memory encryption mask >=20 > gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask| > 0x0 > + gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 >=20 > # Set SEV-ES defaults > gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 > diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc > index 2df5b2999610..3092036bb7f6 100644 > --- a/OvmfPkg/OvmfPkgX64.dsc > +++ b/OvmfPkg/OvmfPkgX64.dsc > @@ -642,6 +642,9 @@ > # Set memory encryption mask >=20 > gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask| > 0x0 >=20 > + # Set Tdx shared bit mask > + gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 > + > # Set SEV-ES defaults > gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 > gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 > diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc > index aa27e2256ae9..470c8cfe4d23 100644 > --- a/OvmfPkg/OvmfXen.dsc > +++ b/OvmfPkg/OvmfXen.dsc > @@ -495,6 +495,9 @@ > # Set memory encryption mask >=20 > gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask| > 0x0 >=20 > + # Set Tdx shared bit mask > + gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 > + > gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 >=20 >=20 > ################################################################# > ############### > -- > 2.29.2.windows.2