From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web09.4680.1650334080682386457 for ; Mon, 18 Apr 2022 19:08:00 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=lc8l9TYf; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: jiewen.yao@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1650334080; x=1681870080; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=KH9aY7GX1YzkE7Kdd9nGtKXYy+QUbVSJAJA6Hl3nXpE=; b=lc8l9TYfI64bup8MIuOxGpNveDTNOwkFgkkW7cdgdY8K3A479khwWBDp qn9j2+7FxB0jDDOBIjk7kfeh6XptsrpiJUA2HQacghsieOD+XS0RsJxAQ i70+yBJYp0geIkNsqMwV9jgdKcI7oNc2R/zW+EcWOTcDcCQpLvQ2dFaoN B32w0pI31pI/U+IbRDD/Dg6LlnQ7PolJ1bvgJSwZSGlDbaSpSPXdpDHs0 bjgmOeKfSTf2nOofhR/Kks4J2MhzZm3ugp2lz+lEll0Rxa2GbFWl4a7oy Ykph/tDkZvxx6a628CQtJxW0mMI80E8lWh73kydS1pTol9rSaBe42cAuE A==; X-IronPort-AV: E=McAfee;i="6400,9594,10321"; a="288748606" X-IronPort-AV: E=Sophos;i="5.90,271,1643702400"; d="scan'208";a="288748606" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Apr 2022 19:08:00 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.90,271,1643702400"; d="scan'208";a="554496726" Received: from orsmsx605.amr.corp.intel.com ([10.22.229.18]) by orsmga007.jf.intel.com with ESMTP; 18 Apr 2022 19:07:59 -0700 Received: from orsmsx602.amr.corp.intel.com (10.22.229.15) by ORSMSX605.amr.corp.intel.com (10.22.229.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Mon, 18 Apr 2022 19:07:59 -0700 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Mon, 18 Apr 2022 19:07:59 -0700 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.172) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.27; Mon, 18 Apr 2022 19:07:58 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MsrfmWWPH78z0ziJoR3fNrTGO0evgXDVfvc8TK/WEZ7bZXp7uiXaMEg2ZOfsJ8TkfQSSEyoIRZjmtfI04uRbKAlU/OMO1YIHS0h+HN6zIga+j4AkSeD/GFH+eChs4AMR4p1ZepLmqqHFf/hzwm8xPRP+b5859ehmWuWWE2u26oGbC1ZVGUYgnBresONSFuhTHP8NygdsfwZd/hd6et4yp21wvXhVFFJkCxaHiJroUQcV68ISTRcJaieclxQmoIRFefVoQ9Drw1fN/6WbFsh9XesH+5QBJj2sJHciAUHzmiBAi9GiyNKO1KhKFzT6qJZzJe/rCtVRrgf6aXfmTt+nGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GogLa1bbbK7+Fx1uLkeR7lN41xPQYOYzJy84RyTawnc=; b=X8dPLyYGtJh8DxBrIY6aLt54mUbOQrs/e/mStTWDQ/kF0LUxLoe/9e9AKiVsPuVeO4zJ0cFRIFQJ//nAfS5VMRjTG9iMKHuATwfG6GwwzTrDMIqRyhlc6WHmFQ2XOmZXiaVbv4z+FxcIqSRh9i2PNIo8eRFev7UxKQfNAt8lS+ZMMvBPPulgZZWRq2A7BXWzOV2LVqYpBiDXdZafWj8TwFupUZE32/tisAxeH+iN6zB173nVd24PAmleu6HqQkBQf1BUA+Zt7XlcCPlDkMeLXY/l8wxr/4GkTj486ZdBBF719+/Fig7uq60cQG282rjtJm5BBBhJrRZDNRXzX/XWLQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by BY5PR11MB4242.namprd11.prod.outlook.com (2603:10b6:a03:1c1::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5164.20; Tue, 19 Apr 2022 02:07:54 +0000 Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::198e:ea23:c83b:b93a]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::198e:ea23:c83b:b93a%4]) with mapi id 15.20.5164.025; Tue, 19 Apr 2022 02:07:54 +0000 From: "Yao, Jiewen" To: "devel@edk2.groups.io" , "Xu, Min M" CC: Brijesh Singh , "Aktas, Erdem" , James Bottomley , Tom Lendacky Subject: Re: [edk2-devel] [PATCH] OvmfPkg: Set PciLib for TdxDxe driver Thread-Topic: [edk2-devel] [PATCH] OvmfPkg: Set PciLib for TdxDxe driver Thread-Index: AQHYU5EF52tkA5TcwEGoABwxC84FI6z2fNaw Date: Tue, 19 Apr 2022 02:07:54 +0000 Message-ID: References: <20220419015828.899-1-min.m.xu@intel.com> In-Reply-To: <20220419015828.899-1-min.m.xu@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.6.401.20 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 41312b61-7b75-4d9e-026c-08da21a96aaa x-ms-traffictypediagnostic: BY5PR11MB4242:EE_ x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: oi1yRSDMeN0Zc5IwsGrYfWtdi7jQf5NO++Ll9GQ494PHhoqaSSi7DB0+AfwbevwE+z9g6I7Db89cjtosqc9LA6XHwRWMppNnMzIckBa6lHwrn6ZxQiqlbEuDapS/U0gxO9e10ucJw2LezRigWp+U4KzAYeDXoRrAOmzAqxFbFr20i+IdUxYkKiIX+HFMRSwTjTEmCZcoSN2IE7EKu25/e9kLdPD1OIK9pvGwMihyer/E+/hNZOqD383m3Z4S3I2itUXHrAh+RPp59v1sBEWoKYqPAmHZvudcYqliDri0S0b6F+XkJGkWFc1eHm1qyssMHmLGYOsSCiWVDcJ/1H1AdJeFxsvNF2lxz29DN3U71AZAX+bIR64hAR87m6O6MbDCxwP3bBNZ5abj9pHrqfb+b3Gbbj0ayMKQNOOW0quxHHmEEqWMkxrYTO0GF+VJVOxA6AI2KdqHOm6s0ttd5D9kjTFWGjK+YP7vNZ7XiA8Q1Dh51odiIjD7UFODyHbmNO1jgmBGuNsAvyEE1WCESD8GWsfZk+Dw8X9TUCgPmRjAi7UmL0VQaNPotvo6vQ6Mgz/2dgjXRpCAGA1CM1zApxEuRynwQKSf7HrBVdOKLy1kLz6Vw7kh8nrzku3Jr7tT5CiBi7qs5UqpyG43YEeW0f+ezzc6DetktC+iZiU06flU5hFU0ozVn1hXrXEg+uwgEwQaiwA3X4zdMF7P1eqnErgMG1nIuSOQc1u0WZBN/aHe2jn/q0yvUulaNbhmFg3FhlT/kwsyV85G22WlodcNhAtoDIpWHkSdeBcZbAWXqgrhI+qeJeHbaYmBOXg0jqfYSX2PUJz228z2KIAfaaSeFnsAKA== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5872.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(7696005)(26005)(508600001)(966005)(186003)(6506007)(86362001)(53546011)(2906002)(8936002)(52536014)(9686003)(33656002)(83380400001)(5660300002)(76116006)(38100700002)(6636002)(19627235002)(54906003)(316002)(110136005)(71200400001)(66946007)(8676002)(122000001)(55016003)(38070700005)(82960400001)(4326008)(66556008)(64756008)(66446008)(66476007);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?tPv85dLWsY55PvzgkspElU6QeQ6iJRu9TLtT26IW1CU85DXxH4ad0h9cz9vR?= =?us-ascii?Q?Vio5Mo0Nj8y7IpV2ONA6nTfedJWCWajlz20m/2EUQM8DX4wZ1/Eg+Z+GgEPM?= =?us-ascii?Q?iOsS68gxPI0OlbyeLLaQuZU8Q218tZ2BogYmyo1pd3FEa/NgIMhfEG8bJS7j?= =?us-ascii?Q?75zVJWTimG9WCkuG7+yKnOAIGlrXPMuxcLQe39f8ekpEWoxUMv5g6JUy1S8I?= =?us-ascii?Q?vqFzbrlSNjo5RTn/CLWpaYLGl96d3f7KqLl6ySNGR2uOYyiiVIekQPDo2x8d?= =?us-ascii?Q?MjYmTLKtT+pbvGkQMI7RTJRr9G1MJTH4aduVONQmNY46bq8pcAhu4DnDblGG?= =?us-ascii?Q?KbuoK3mmGUSO/vgoDLBt/r80yO4v7QN7gUm9Z99VIC+zj/lD7lP2rqFEAWhP?= =?us-ascii?Q?kJf31vpiaiRMbHKXHAiJkVN12yLUQwtepAnB/+F+Ar38syLVuXMhCgbI9m6c?= =?us-ascii?Q?vNF8sWZloYEv0BpDepSJ3T3nJw02/I1aPpLwhB2YmotWDDe3hhFhI0813v7W?= =?us-ascii?Q?NVi3+0dvDzk5qPe+vSgNBA8Z9sAkWf+Lsv+lz57lsJuDdpbpRWO3464Z0kXA?= =?us-ascii?Q?E0KJow08/0CyexEjer3oreVu9RRrxyRuJyqgKDFAb8EOV15DsA1DYPCVUEHa?= =?us-ascii?Q?Av22Ju4J2g+OS7uSpL4m6qQHlYHHsERokSFtFXF/1YYZKBt35hA8kfIhj6Uk?= =?us-ascii?Q?UjyehFGWhHq2EHa73qmeEw4DGfrzn9fRCtzo5NWdw9xA5NfF5vFPEse93ksZ?= =?us-ascii?Q?PHA9JSQasFz/uIIWQvddZGtHMIC4cMY8mHXqxJ1fTre4Xtaomn3NH2VBRWi7?= =?us-ascii?Q?sGwe24usdsyxm2SneOH3PYoGNEdu7bdmuUtxWINZKAC4AWabv5WRmrQ9BLHS?= =?us-ascii?Q?Tw8VpRDsk6bpD7zPHxRwBhwOC0RJX6IkqPFsJPZaO+z/vFrJ/YY8wBVdcSH5?= =?us-ascii?Q?JqeuyXzg5Zyks53tY7a0L/qj0MpnVqIolm4ihqb5KEUvJQ9119QrOVRwt+WD?= =?us-ascii?Q?Cqwr46VuqgaiZk1U11xSR3hgch981p8T3qJEh/+hyFrj7SZ+Jt3uIczrQF1l?= =?us-ascii?Q?JhXVAh5XQqPxL7Q12Ufyn2j21ZPjopldneGNNb3d18emnWOzX44sT1G1OhXL?= =?us-ascii?Q?lbN7aH2IlT9CF3Nq+uPj2wWUZwjhOF3t2trZn49W1sr4gKzTfFmHB6tkwAfT?= =?us-ascii?Q?ikFy1+OUxKvGINaZfkIULsZtvEqs3ya4U/ktAfqKO1FuXPbPcAmuCs7j3BsN?= =?us-ascii?Q?175uW6QtN5xjUEmYnj6jMmCsFYjivSyiYgC1E1DnACkd+6O3Ue2bU2+Wlkql?= =?us-ascii?Q?Zlgt7nkZQhJi1AaqLozJr3lvBpy+M0Pnzu14ghu0/+1ha4dR9suPxK2EQKzc?= =?us-ascii?Q?KigQvgNxAjioywuJQTIPEhUcBCVoGHjO+1gzohE6H/TipjhcnrfTlD99JM0n?= =?us-ascii?Q?X7kV4TgjvkpnFDKEVAnKWwlDFnumsmn6DRNIFo2rhCT0mziHccIy4jChKcJB?= =?us-ascii?Q?zc8QWoN2Qg7tk/ZYcHHDCkOjdUf6wkVUh781e3IULe+gMFibGW7HfBny15fy?= =?us-ascii?Q?zwluEJCjc6ZclSrvT7MIkJWO2mlx7M8eHy8owAY0oCMe6H8m2F3FKKC5iMIk?= =?us-ascii?Q?hFtwwc4JLBn9ErP9TNgGma1KMYjLlrrEgr5uS3UOXRBAXCDdsxx3nbPRUbhv?= =?us-ascii?Q?3KAn1dItN9L1LN/6gEyY5Xvyb7CAKFNaSqXxHWOon4XvMpxVGwcbEnDAHGmY?= =?us-ascii?Q?+z0o8t7WFA=3D=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 41312b61-7b75-4d9e-026c-08da21a96aaa X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Apr 2022 02:07:54.8282 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: pjI3/PI8zGisqBZoEHfcvmDCDlHOddDeoOfsOgM4PhJxgw4Pcv1KiSkfG0LACPvzQj+LXG634z1TmQbPYONFsw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR11MB4242 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi If TdxDxe breaks SEV, should we skip the TdxDxe in SEV path? I don't understand why we need use Cfg8. Thank you Yao Jiewen > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Min Xu > Sent: Tuesday, April 19, 2022 9:58 AM > To: devel@edk2.groups.io > Cc: Xu, Min M ; Brijesh Singh = ; > Aktas, Erdem ; James Bottomley > ; Yao, Jiewen ; Tom Lendacky > > Subject: [edk2-devel] [PATCH] OvmfPkg: Set PciLib for TdxDxe driver >=20 > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3904 >=20 > TdxDxe driver is introduced for Intel TDX feature. Unfortunately, this > driver also breaks boot process in SEV-ES guest. The root cause is in > the PciLib which is imported by TdxDxe driver. >=20 > In a SEV-ES guest the AmdSevDxe driver performs a > MemEncryptSevClearMmioPageEncMask() call against the > PcdPciExpressBaseAddress range to mark it shared/unencrypted. However, > the TdxDxe driver is loaded before the AmdSevDxe driver, and the PciLib > in TdxDxe is DxePciLibI440FxQ35 which will access the > PcdPciExpressBaseAddress range. Since the range has not been marked > shared/unencrypted, the #VC handler terminates the guest for trying to > do MMIO to an encrypted region. >=20 > To fix the issue TdxDxe driver set the PciLib to BasePciLibCf8.inf as > AmdSevDxe driver does. >=20 > Cc: Brijesh Singh > Cc: Erdem Aktas > Cc: James Bottomley > Cc: Jiewen Yao > Cc: Tom Lendacky > SEV-Tested-by: Tom Lendacky > TDX-Tested-by: Min Xu > Signed-off-by: Min Xu > --- > OvmfPkg/IntelTdx/IntelTdxX64.dsc | 5 ++++- > OvmfPkg/OvmfPkgX64.dsc | 5 ++++- > 2 files changed, 8 insertions(+), 2 deletions(-) >=20 > diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc > b/OvmfPkg/IntelTdx/IntelTdxX64.dsc > index 245155d41b..f58f14a1d8 100644 > --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc > +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc > @@ -704,7 +704,10 @@ > OvmfPkg/PlatformDxe/Platform.inf > OvmfPkg/IoMmuDxe/IoMmuDxe.inf >=20 > - OvmfPkg/TdxDxe/TdxDxe.inf > + OvmfPkg/TdxDxe/TdxDxe.inf { > + > + PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf > + } >=20 > # > # Variable driver stack (non-SMM) > diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc > index fb2899f8a1..68e7d051d0 100644 > --- a/OvmfPkg/OvmfPkgX64.dsc > +++ b/OvmfPkg/OvmfPkgX64.dsc > @@ -967,7 +967,10 @@ > } > OvmfPkg/IoMmuDxe/IoMmuDxe.inf >=20 > - OvmfPkg/TdxDxe/TdxDxe.inf > + OvmfPkg/TdxDxe/TdxDxe.inf { > + > + PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf > + } >=20 > !if $(SMM_REQUIRE) =3D=3D TRUE > OvmfPkg/SmmAccess/SmmAccess2Dxe.inf > -- > 2.29.2.windows.2 >=20 >=20 >=20 >=20 >=20