From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id F0926941151 for ; Tue, 22 Apr 2025 00:27:14 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=QuBvsYjaqv/00vh/kgCG/KhnpDe3TFwBT6ZR6LT8mxA=; c=relaxed/simple; d=groups.io; h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:Accept-Language:msip_labels:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type; s=20240830; t=1745281634; v=1; x=1745540833; b=Bg+/oghCfpYt0fMxiNbIVxo6+ILtO8J5Rwuc4r7bysem+GTMq5ulHwsv1vw2sBI8E8PoTVdr KUQPHKVVo6xDc0pwuKGL5mq/f0Py7JbJUfVpBz+D6XnlGmq8CcAlj696NDEWNmRmDs44ZlX7wba GZYL6j0Y1oJHc4PgvtxfJwMZ+esP+vOQrxPUm/Nw0Xbi9M1zk9bWMYsZkW9qzF9n62LN1sKjAaw ZvXPs2GZs7qDRvkScgayTkAGCmS8wBoGuccVdeUatiPBI9tTnPz0vDqmEq62mFEPoGDFq5OU6+i /N5LDrrb5ZOO9f6bNfvakrt9FCaTlMALRsjUWQfPgZyGw== X-Received: by 127.0.0.2 with SMTP id nH8HYY7687511xbndvUl3Pan; Mon, 21 Apr 2025 17:27:13 -0700 X-Received: from NAM10-MW2-obe.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.61]) by mx.groups.io with SMTP id smtpd.web10.1375.1745112712799367331 for ; Sat, 19 Apr 2025 18:31:53 -0700 X-Received: from IA1PR12MB8285.namprd12.prod.outlook.com (2603:10b6:208:3f6::19) by DS0PR12MB8562.namprd12.prod.outlook.com (2603:10b6:8:164::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8632.34; Sun, 20 Apr 2025 01:31:47 +0000 X-Received: from IA1PR12MB8285.namprd12.prod.outlook.com ([fe80::641e:18ea:bbe:19e1]) by IA1PR12MB8285.namprd12.prod.outlook.com ([fe80::641e:18ea:bbe:19e1%4]) with mapi id 15.20.8655.031; Sun, 20 Apr 2025 01:31:47 +0000 From: "Wang, Huibo via groups.io" To: "devel@edk2.groups.io" CC: "Lendacky, Thomas" , Ard Biesheuvel , Jiewen Yao , Gerd Hoffmann , Erdem Aktas , Min Xu , "Roth, Michael" , Ray Ni , Jiaxin Wu , Zhiguang Liu , Dun Tan , Rahul Kumar , Star Zeng Subject: [edk2-devel] Move X2APIC enablement from Pei to Sec phase Thread-Topic: Move X2APIC enablement from Pei to Sec phase Thread-Index: AQHbsLrc56xUfM9hxUGVAZP9coOxOQ== Date: Sun, 20 Apr 2025 01:31:47 +0000 Message-ID: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_dce362fe-1558-4fb5-9f64-8a6240d76441_Enabled=True;MSIP_Label_dce362fe-1558-4fb5-9f64-8a6240d76441_SiteId=3dd8961f-e488-4e60-8e11-a82d994e183d;MSIP_Label_dce362fe-1558-4fb5-9f64-8a6240d76441_SetDate=2025-04-20T01:31:46.564Z;MSIP_Label_dce362fe-1558-4fb5-9f64-8a6240d76441_Name=AMD Internal Distribution Only;MSIP_Label_dce362fe-1558-4fb5-9f64-8a6240d76441_ContentBits=0;MSIP_Label_dce362fe-1558-4fb5-9f64-8a6240d76441_Method=Standard; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: IA1PR12MB8285:EE_|DS0PR12MB8562:EE_ x-ms-office365-filtering-correlation-id: 0e28c330-359f-4a58-87cd-08dd7fab1db1 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: =?iso-8859-1?Q?qj4PYrdYphKuriClmsncH5CkBWpnRWS8k52JeW8mZVJi+3R+MIPVKi0b0g?= =?iso-8859-1?Q?uMk6uHsV7yre06WgsKdNNvfrSnXQh8vIRRYUOI9Tzm9CSqFtSa7StCP0CC?= =?iso-8859-1?Q?wQkz2rmniB2r8SPcgj4rdeeYNe2k/FnPvNRUpVWkU9mRTGCdJDFR603J+s?= =?iso-8859-1?Q?55KYXD+70qzdufqcwwlsXjOAhGo1ll06j6736pfaO+naYcn14JDCliMT+V?= =?iso-8859-1?Q?6hByK4s37rJ+Bqq/L7u4mggaLb55ZKhzw2GQgAmPAZxZE34TZGdRpcQ9mD?= =?iso-8859-1?Q?IwyPifm1gWWrwqubHIWzlgFqUyKixA6F/1WPE1ZER9anAnoUydbA5WJ0Wx?= =?iso-8859-1?Q?6rGwDDWxnxkzdJAjMRAm5y2JYVps9EH1dyvA7TbCfEJD9wWrQT8vbmnwY7?= =?iso-8859-1?Q?zPzTuOsxrhL4QAysne5xUYalfw37RPYFEpF9NZKJ1GLqAMfT51CQJ6uA7e?= =?iso-8859-1?Q?Fpy0FyV9anSXuiYN7XkIT9DXXD0E9oK7CmOkQJoopP4gfhSb4XuUnttzzx?= =?iso-8859-1?Q?h4F1smScVl7WLBczNBTeVz+99jQcjpztXOdSXRpPzeu430+Y/0bP5icZvR?= =?iso-8859-1?Q?BCF1azMkmaWvOqBGXr4dv/eqKs6k6goyGJ32bm+miinT7jXIQpAg++vo7B?= =?iso-8859-1?Q?6RKkjzWl5q62pjGRtAf3x3J97xDmO5ZohwYQ6vt1K60gG07jknzhqHjiXO?= =?iso-8859-1?Q?PE3crCml036XNWTDQxw5OQOi6XIhtEvfZLG5XMrjUmSM5b9NHZ5S1AmAUk?= =?iso-8859-1?Q?dYm8t0O4rP1ebTQ+vFI5DvJFsGhi4eeRV75Ee6M6vkTo9ml15N0hfNknEk?= =?iso-8859-1?Q?sXzXGOlVabTjMSiEinNYtilvpMvzXBub+yR7q00WFzYJuBqav3/WMve2LZ?= =?iso-8859-1?Q?zA7z5PynuxaERyBZhMzXTt88tN6Eby+yKp8kyjg6DyC6qS4Bq+sbtputox?= =?iso-8859-1?Q?T3KdijBzvzWqacmHh8uoxueTkM/oOFE19lL8BW1FGAeiU3e0KuCxN2ExPV?= =?iso-8859-1?Q?KVwlnrmA0KxbEf2ekXiKdDyPsdOOtJx3n0Pd3W7pQ3p0JOOLXPGN/QbRqg?= =?iso-8859-1?Q?eVPCMJDAk39Frhz86gmEMGFvBeiEbAjAZUQxEKIgUzOWSfhTO7TqsWj4xw?= =?iso-8859-1?Q?Mm+lG1SPvrcbUZRX0hBGPC1BQPO5/fafZ1/f3/4zcodKHOC8mDaeaW5iEP?= =?iso-8859-1?Q?AObSkcDUg4giCzkBemxUgZ3pLNeuqs+ruy/eE1QnPmdJ6XfiFHBfpMy4do?= =?iso-8859-1?Q?anaFAiXuF7QGsAQejFHt6YyvgNWUMvaPExMS5xPYxMoSqtRQBHHp6pCg5e?= =?iso-8859-1?Q?HPc/Fv5zY98WFxBVOPWY6awWr5xjX3ar1IG0Ws2zSTXA0shpP9H04ITt2b?= =?iso-8859-1?Q?9VJQbPCXz1oW8sUDjHCRbf7CbMxagqEkW0o21XZMK2Dkftq6YnTqbuejvl?= =?iso-8859-1?Q?Nbr8Vm2zVBhXgD1pTbyFOQML6MyieEQ4YGxM59LOtQ8/4UM++c6VCvD/V6?= =?iso-8859-1?Q?OEvRuSiQtsq+LANg1vQC0tABrfKV+chHbsRcUq6rVd7HlKZem0Q/c8D/OO?= =?iso-8859-1?Q?K7MSLt0=3D?= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?k9GGTC2OXNGC6m/b2oVEXkTj3o+b5gua0Jcd/F9LsElrZ1ZPA4ysYO7+JU?= =?iso-8859-1?Q?qB64wKKYEyI0KPMJ9WN6/o3mAImSv5lW8HBZQYaFTGaNOFq6OgUpz6rYkW?= =?iso-8859-1?Q?t2CJspcyXbzISaxFmoNAk6lB+rwVd7Wyh+t/UPMF6wizdKmhMvNgMuZfNB?= =?iso-8859-1?Q?tBVoSPiZ2tP+sKXNWOEAaDsVynlo/qSTEa9ZmxO9aiz8QgLKkK/9NnI+FT?= =?iso-8859-1?Q?k/1OaF83BJs0z8Tk08lV35ijPnqlME6Fg18gGanhjWhRiUJqwdEVmR15jW?= =?iso-8859-1?Q?HRiXJHYI9TtKlESuWRr7ayoM4graoRtrDdgkbf/E/if6ieO1fZT38vSt+A?= =?iso-8859-1?Q?mHKVKw0G1cD1b27MbwIzSb+rHlvcHV4/xEXZcKspgpbRkW+br9igGGggDn?= =?iso-8859-1?Q?y7XnEreBJDDuIyNsSgjmkXPbJ0ItRf7NYcz6MK/sF4ixUj68tL89rY8u3I?= =?iso-8859-1?Q?mQTlljDQbfre/CC9TbS2w+SJNF8sPBSgChrA3iE4TqZ/eAdsneSpfzmInC?= =?iso-8859-1?Q?XUJFkpTs8n7MgvaJtELj4JPJTh7fSkwJ1zzMNpLNhBib3plV1keQ18qCF3?= =?iso-8859-1?Q?NpgQPut/wUWeJW2STyT4ytpfHaUe93slvcYqIJoVd+eCgDkvVYepzcg6WA?= =?iso-8859-1?Q?pCa6womNbkaKb81Yug/zzNeB80PCnJJ74f013ZINh+K6SxhjDH/85NhN2V?= =?iso-8859-1?Q?eyN9p7RSJ6w5LcrNWVIrol7XBLTVcQjX3Bps4z+GewwJ9Jzf8KSTiQl5zM?= =?iso-8859-1?Q?7YRdJHR2m7zFbo6A7dpnAo4ufhrMQ/kZ1RR752VO28LNxw8LkjD0OysETn?= =?iso-8859-1?Q?Rt7oez2tc8ay50Ji8bfFrQs1grtuwtoaWVdJafDItvGJmNUJhEp3aJvp/d?= =?iso-8859-1?Q?cHcPtDGsa/PBVpGZ/k/pUbH31rSVwdVmuWkjD2ie9Ls2C7X2ZH+3TPamJL?= =?iso-8859-1?Q?vMtmEh/+StwBOrnNd8ML3ut9rfjuf2Y8smkPIeXIXC0FP48xgONKTkXYmF?= =?iso-8859-1?Q?V+6+wVU86wIzF6Zwa41o+MepgmElr0hZlQdOmLMZ/GtQjDvWCtkCaeov7E?= =?iso-8859-1?Q?difgnLP/tvyEgiihwuXm+90P6TIxVG9orx49AkR9W7jNBUtoUSugSG1CWn?= =?iso-8859-1?Q?JvQicF07OE6vcCWglDlGnOv7skT3Ig0e+ZtBwlSAg5oldLV1hE9931Nc5T?= =?iso-8859-1?Q?I7bUxEiblr941jlXak7DktHS1beC3cA/1EFmud7ZviwHxJiBg9IqEMTMEW?= =?iso-8859-1?Q?vV6rkxFMp2cFg0HOydCMz0DYul648ku9i0UQqNHRtBmQTcafxedvTVyKnP?= =?iso-8859-1?Q?EEZ1oP3v5rCQcu2yyZ/RXPkYogMnEO6DG85cGzg1SQd4YK/xfaZVuLPTDV?= =?iso-8859-1?Q?MOmkxrwm3JHTYUmRSE8TQSISIovCdcvLYv1++AC9QBLt4kkjNFEplimSgB?= =?iso-8859-1?Q?gAbqYYeHdP6V3TSvQGf/LGwnNuTKJkvp1OEad1DngRy3Mwq0fbGLeI8siC?= =?iso-8859-1?Q?jaYUAkY9w1U+KEwS3A58+cLQh8nKYfA8zgQbQbJ4AwVOFL+bhPmm8KC/2B?= =?iso-8859-1?Q?uDfpaQ8qK8+gwUocvhnvYg2NQkwxMobOcSf0uM4iFb7wZtRCxPbAkf0BBf?= =?iso-8859-1?Q?3DeMIk3ojnwkc=3D?= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: IA1PR12MB8285.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0e28c330-359f-4a58-87cd-08dd7fab1db1 X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Apr 2025 01:31:47.0673 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 9bzXul1nTGib7D8oayiFFJiqqYYrDBKQa11alLCyHiJyCeWkvm1+LYgcwDNgkI16JVuSQyhinCxME4uKKiixWQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB8562 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Mon, 21 Apr 2025 17:27:12 -0700 Resent-From: Huibo.Wang@amd.com Reply-To: devel@edk2.groups.io,Huibo.Wang@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: dXHiq7xCpEvJOdeswwnCfwjEx7686176AA= Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_IA1PR12MB828574BD3419FEC67CD5C0C595BF2IA1PR12MB8285namp_" X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240830 header.b="Bg+/oghC"; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io --_000_IA1PR12MB828574BD3419FEC67CD5C0C595BF2IA1PR12MB8285namp_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable [AMD Official Use Only - AMD Internal Distribution Only] Hi, I am currently working on enabling Alternate Injection for AMD SEV-SNP gues= ts and have encountered a design issue. The Alternate Injection specification, which is still preliminary, defines = a so-called SVSM APIC protocol through a subset of X2APIC MSRs while timer support is configurable. [ This means, if timer functionality is not supported, the guest must rely = on the hypervisor to emulate timer support through use of the #HV Timer GHCB protocol. ] When the OVMF firmware starts, it is in XAPIC mode by default and then, lat= er, during the init phase it switches the guest to X2APIC. However, with Alternate Injection enabled, the OVMF in its very first phase= - SEC - does XAPIC accesses. The SVSM, however, which is part of the guest, uses the so-called SVSM APIC= protocol which uses a subset of the X2APIC MSRs. The OVMF, however, assumes it starts off in XAPIC memory-mapped mode and th= us there's a protocol mismatch of sorts because with Alternate Injection already enabled in the SEC phase, it manda= tes X2APIC MSR accesses. The registers (timer registers) when not handled by SVSM will get routed to= the hypervisor (KVM) which at that point is operating the guest in XAPIC mode until the PEI phase switches to X2APIC. If X2APIC enablement is moved from the PEI to the SEC phase, the problem ca= n be resolved. I have tested it and it works. However, I dont know if there is any concern or potential design issues wit= h that move. Do folks think this is ok to do - i.e., move the X2APIC enablement to the S= EC phase? Or do you have any suggestions for a better solution? Please feel free to ask questions if some concepts are unclear and I'll gla= dly expand on them. I am new to this, sorry If I have CCed too many people. Thanks, Melody -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#121279): https://edk2.groups.io/g/devel/message/121279 Mute This Topic: https://groups.io/mt/112386836/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- --_000_IA1PR12MB828574BD3419FEC67CD5C0C595BF2IA1PR12MB8285namp_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

[AMD Official Use Only - AMD Internal Distribution Only]


Hi,

I am currently working on enabling Alternate Injection for AMD SEV-SNP gues= ts and have encountered a design issue.

The Alternate Injection specification, which is still preliminary, defines = a so-called SVSM APIC protocol through a subset 
of X2APIC MSRs while timer support is configurable. 
[ This means, if timer functionality is not supported, the guest must rely = on the hypervisor to emulate timer 
 support through use of the #HV Timer GHCB protocol. ]

When the OVMF firmware starts, it is in XAPIC mode by default and then, lat= er, during the init phase it switches the guest to X2APIC. 
However, with Alternate Injection enabled, the OVMF in its very first phase= - SEC - does XAPIC accesses.

The SVSM, however, which is part of the guest, uses the so-called SVSM APIC= protocol which uses a subset of the X2APIC MSRs.

The OVMF, however, assumes it starts off in XAPIC memory-mapped mode and th= us there's a protocol mismatch of sorts 
because with Alternate Injection already enabled in the SEC phase, it manda= tes X2APIC MSR accesses.

The registers (timer registers) when not handled by SVSM will get routed to= the hypervisor (KVM) which at that point is operating the guest
in XAPIC mode until the PEI phase switches to X2APIC.

If X2APIC enablement is moved from the PEI to the SEC phase, the problem ca= n be resolved. I have tested it and it works. 
However, I dont know if there is any concern or potential design issues wit= h that move.

Do folks think this is ok to do - i.e., move the X2APIC enablement to the S= EC phase?

Or do you have any suggestions for a better solution?

Please feel free to ask questions if some concepts are unclear and I'll gla= dly expand on them.

I am new to this, sorry If I have CCed too many people.

Thanks,
Melody





_._,_._,_
Groups.io Links:

=20 You receive all messages sent to this group. =20 =20

View/Reply Online (#121279) | =20 | Mute= This Topic | New Topic
Your Subscriptio= n | Contact Group Owner | Unsubscribe [rebecca@openfw.io]

_._,_._,_
--_000_IA1PR12MB828574BD3419FEC67CD5C0C595BF2IA1PR12MB8285namp_--