From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web09.4890.1650438026113074812 for ; Wed, 20 Apr 2022 00:00:27 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=NR4NqeGk; spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: jiewen.yao@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1650438027; x=1681974027; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=gGBJ38eCr4i4mrRrjoLXtYxoJbY253S5HNh6ZXa9FWA=; b=NR4NqeGkcfQV0O0Hq+84huUkb6dwnj2Q/DLA7KfaglImGuZhLw0pc9BT 0XD0el+hWV2b6Pe0wiNVVxnjpAxJaCye6dhGVae/flFGitlUtFjHIIJOb Owt2dh092DdBTIwCNPHFJDVbtMGsnl1VGOK6XUWl3YPIFaKA4Tpm6i+xI yxVnPEn8eFw6kHhAztp3kS6vHOTSpPDJA29DZ8L0whNg5rwTrwiMVgACF 37pehK5XFnbqfGBXwHKOdTpj5fsr4EcvzyLjgBzyfn6PRrNYMYJ4o9GQi dE9Dtz2SMlrTcUyjDuLuiM2w3lgRvrq0afDVZN7Wp6py6yT1WH57gi1Qy A==; X-IronPort-AV: E=McAfee;i="6400,9594,10322"; a="261559117" X-IronPort-AV: E=Sophos;i="5.90,274,1643702400"; d="scan'208";a="261559117" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Apr 2022 00:00:25 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.90,274,1643702400"; d="scan'208";a="510438973" Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by orsmga003.jf.intel.com with ESMTP; 20 Apr 2022 00:00:25 -0700 Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Wed, 20 Apr 2022 00:00:24 -0700 Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Wed, 20 Apr 2022 00:00:24 -0700 Received: from NAM04-DM6-obe.outbound.protection.outlook.com (104.47.73.48) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.27; Wed, 20 Apr 2022 00:00:24 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dNPeFm2E8VmLP82crH2JnmvyUICY+5Pw3C113Y+Grxi4xbHw2aVGEuCGuSjeWbG+Ga0fH/zaBMB6AlplgtQfyVl4ZcRG6660dIrSCzJvrzXyWh7c+8/B3nXJxXc7hA+EvKnqfuLUyJV7QgHeQyd1TQT8PKEeqdjREvwc54E280fbeYmqpftxfZTCNPtv2051COYiASBWFuLofFl2IFKKMOGFb5EWgA8QqdA2E1sEi3X+ssKGMV1lwiBuRYIys+GeUkTXwyjipEidwFH+MIb0StXVaM6e74+YKIJK3TnbA8IycPjDU0lqatsww2geaa/uoKwbHjN4R2Ea34mO7fYJcQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TunHt7EvUq1TStNsWeIrxFjh+GFppNzblDQGBVNug5g=; b=S1TeyjCiNRFE7tfHHDgI359jiDKcZBne1R8snngYlI4twLQQOKGkCbmtMap+rxySNjaSY7LV+1JHqwHoc0XT0OMs1fMDKtYihTqTJzEOdE22mbQm7MauPLM3piRqOpIwNLa7R564WEHEvt1s3fT3eWrvf29+qQP1hWSs7TZnGslh+86U+WGBGHWz3sUgOCPAS2mrRj5PI//Uil6Wes/jVtR3rGfpwvvrtDlsZWYbRktXdfsya0htTb90g1iSNUJfSPhffsGhHRUN8KXw06+MrtWPeQk8TSgMPvjl9yRyJ4FvA8uNGP1lgOGOsXrXCVTeZGR1I6lbwCmTQdmn4sFlhw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by DM6PR11MB4506.namprd11.prod.outlook.com (2603:10b6:5:205::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5164.20; Wed, 20 Apr 2022 07:00:22 +0000 Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::d55d:28c1:bfab:3dd]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::d55d:28c1:bfab:3dd%5]) with mapi id 15.20.5186.013; Wed, 20 Apr 2022 07:00:22 +0000 From: "Yao, Jiewen" To: "Xu, Min M" , "devel@edk2.groups.io" CC: Brijesh Singh , "Aktas, Erdem" , James Bottomley , Tom Lendacky , "Yao, Jiewen" Subject: Re: [PATCH V2 1/1] OvmfPkg/OvmfPkgX64: Adjust load sequence of TdxDxe and AmdSevDxe driver Thread-Topic: [PATCH V2 1/1] OvmfPkg/OvmfPkgX64: Adjust load sequence of TdxDxe and AmdSevDxe driver Thread-Index: AQHYVIP1RGk0mBZL4UCrul/SSFtH0qz4Xxpw Date: Wed, 20 Apr 2022 07:00:22 +0000 Message-ID: References: <7e208d15ca88fa07c6aca4714e32eb62c67248e9.1650437719.git.min.m.xu@intel.com> In-Reply-To: <7e208d15ca88fa07c6aca4714e32eb62c67248e9.1650437719.git.min.m.xu@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.6.401.20 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 1a4b4983-2306-490d-c1f2-08da229b7078 x-ms-traffictypediagnostic: DM6PR11MB4506:EE_ x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 8kyCpF/g+PozQ73M/qQn05PCdGQX96qCn4ZxBRhqPEl2k8thcYYeI7WbbQr1DvIGfWJcjL1FpQp++V7XeGk3lEMVEg+N7Mc1KM65jdNN7R+dSX5BuAEh2UNSk1JDcTidMlW/YJMUl6G8TZtxAsGQOJyLnrexpVihrbMllhU2Ryoppm1Q/uu1Ydcgrp8ymbkwKsMTLf28uenfkGJDWbjiy+JbKbOHFtpWEkB/OAdgPwC5hzQ/75d38w80OYSx875oBd9n+gAUl9eXJzTE+XYSB1kGW2h9UUCaOLWaRiqm2KdxgNU5akpSJFEM77cxbQQOCJ1ZB3ROuTuORDG3qcep66A30VCwAGa4zPcQYseIYYDVbUw3s+lREQjdj4TsDrcaAtJt4II0pdO11Pu94l8pACQNFTXib0bDJ7tblLu026qOpnxPuP442+NriwRIXvTYQQxF42oYpJN09DI/YhLkViYl4T6BFcwpsRL+jUplnklJ1KXLRj/DMRM558m6ncF/jrBMxIysmSCa1Cea+S/6IYS99y0o3vwpbm/AZREjdl4XFVy9z4GYWvMrreCOa3tzBApdZPjzqL+0Qk3QE9OCnefI/SnDlDegPtKWGcRgXwmaSuoYxNd8CLv7Y34RnDvrRMLMSiyWsePm8/bZh0gOB+hR3TCnkbxYXUu8SJ+gtSgVwPhr2OtLxzT0EwTyg6aBwygCVO8Eu9318UQ8q19JER10cr7NaxN5boZfukp2HqyXbT1/ceXHaVefmCHxxncEphLEHshVfqCV/iMt2mJITSo0vjt1GJebBF1Hveuq6nc= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5872.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(33656002)(4326008)(66556008)(508600001)(66476007)(66446008)(54906003)(8676002)(64756008)(2906002)(52536014)(19627235002)(122000001)(7696005)(110136005)(5660300002)(53546011)(8936002)(6506007)(107886003)(9686003)(71200400001)(66946007)(76116006)(316002)(966005)(82960400001)(38100700002)(83380400001)(86362001)(26005)(186003)(55016003)(38070700005);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?Aaj1zPUm+Yd6G9wrpsHmorCwOaH/cVPdg5gE1SP36xmeWCDKi/MZr+wJaiI3?= =?us-ascii?Q?jqgXfC92GM1vuTasQquDQEcg5GqVwSK22yLcdEDSpgwc2VAYn2NcbE9tOUAt?= =?us-ascii?Q?gFRzP7Pcb/x4x8eqDEMUwaBsHMF+vtYNwN2BL5yE7C6P4W3EzFPfQKR71pwL?= =?us-ascii?Q?Ek2LRalmhaTP0Mg3AIHWDaLbFdQJDXzylas2Yy58VtWsbyo4BzVBLStoeBu2?= =?us-ascii?Q?vG287nZTDmSD8T7zCrnZNggeOJKmxYPyULX5TWpgcQf2goPhsXjXx3/r0kwV?= =?us-ascii?Q?XN6SYQFfICfAYCdlMJsIvjO8njx4svOmcaSEwrMnz9ZqL6VtX2OmJqbU22OX?= =?us-ascii?Q?4LLZVN8sml2Moj8q/WOHnuS22OSSMiNcOKMegsw3R5I4Rkkxezu1etk6++gJ?= =?us-ascii?Q?eGpe3uzXS0dycgBhDbnY04UqQQ/qH5ory4vnga4tG2f/HVB7kyiA+Dnk4pEd?= =?us-ascii?Q?Azv2Wdk/8A+/08n517A++5esZ9h5tKASAeRHE1IjrvqLngPEsjG64P4u+mW4?= =?us-ascii?Q?nWE6JdWEFCFdAsU23lnAhNVU5i+QKye+joESeHLLfvbYpOTbDlHtjDQO87QF?= =?us-ascii?Q?UHO36NAW3DUAGBUPriKfJrHIW39FZ1ip7PMV+6xwRvw4n3YCEEJ1wuPxF4QI?= =?us-ascii?Q?FgAopqdMjmZOyq10/gS5FepjJH68EGI/SICr9V5sVaogN/LnFibhlaeCytNi?= =?us-ascii?Q?zH/TyKePBw0wg4P5pG9LKVXE5/pg96ehkWJ57LV+6qLD4ulyhdKb8//J3QHT?= =?us-ascii?Q?JiOa4bYYWFp+aF1IMHh+cIka4WdDKnNiW6P4joHdXkXa/BvnFMH4QhbVOcaw?= =?us-ascii?Q?yQyjb/6PKNSmMD6T/P7G3nZO59kO/o0Z3K7pE577mL2KSi4Ex60hJTs4RuKW?= =?us-ascii?Q?634Ykp+iOyEvbMwnMEH1GJ9lbVmFsaVyvEjuH/Ze9rTjnkA5bV1L+KcOs0g1?= =?us-ascii?Q?GdePCH1odY6IPmnpqVHGEzHhK/7qnNpG8nnrzrSI+XbTQPESKx3rpRb00jC0?= =?us-ascii?Q?cq2whRi1AOhiBtQBbXFG0bJOPm+CXvQgHjtQQ9ws5fbFU1a9Pk8w5v9ogx5y?= =?us-ascii?Q?VtpZngjbxDA4KbJ8vtpdTzZtDJ0YGF4O1M3QH+XARdu/EzJHbVXbSkIUOCeQ?= =?us-ascii?Q?zXeDyUfjWfjaPzBUlGk0dHbgTuhqEllY9+h8vUk2nm3CLIdiMUKJ/1BMo88w?= =?us-ascii?Q?LOSCgO0gtoVCEG4lgchOgq4hw0GgBw5kZjmiPIweBbi4y7e3GfIJknC+P9gd?= =?us-ascii?Q?GqxPEJlQQHZuO0TYYqTTinZQHPdGMmrXk8pIk0gUOFCVilQiWQDzoMaenD0t?= =?us-ascii?Q?f8ZnHEuSD5R0ybC9TOzkdNjaGjcNNi4bqYL2fuUYG8FZegstuw9vRoaz0sGQ?= =?us-ascii?Q?MOjfWLtVOZ2LAxcnh2HgZUNiFbtVGP66zq3d7kDYN40+OUwsoa2ZtCOLa6M9?= =?us-ascii?Q?gzgcdz4i9B6wxE4AfLUn8JL9TjEQyLMLxgXmUed5nUGf8+Hk9tQu8TWzJt1W?= =?us-ascii?Q?sX4G0Ea1nmDSO2vQYd67zQOxYDJlUE+yH2o363UDT6vX6OFZh4zlCfx68Ewl?= =?us-ascii?Q?I+UJCaRmx1l+pwP0tEXyEAB9S3EZJd4H0J6tw4Xn/WU205Itmi4dblVq9Dqe?= =?us-ascii?Q?VzlozvJNGvT4cTnFQHOJPJh5osgv1ikSOPRYXAHNjGTZIC9E0SCg8oRWyDdj?= =?us-ascii?Q?RQhfa5rbWegd+zgxTfkS45yL1TAH5IpY3BeufBFkBx2DwbJ7gItms0Ajwx6x?= =?us-ascii?Q?e9Qh7h7t6A=3D=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1a4b4983-2306-490d-c1f2-08da229b7078 X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Apr 2022 07:00:22.8427 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 0WvSHxnKj3Z57J1zU0PnFCzWTpTW5ZYO+h0UlkSU9J405f2gfhecupu5U8NMd+ek/Z2xy4fKIyM/rZrI74X/XA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB4506 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Thanks Min. Would you please add some comment in the APRIORI section, to explain why th= e order is in this way? It also reminds people that the order should not be changed. With comment added, reviewed-by: Jiewen Yao > -----Original Message----- > From: Xu, Min M > Sent: Wednesday, April 20, 2022 2:57 PM > To: devel@edk2.groups.io > Cc: Xu, Min M ; Brijesh Singh = ; > Aktas, Erdem ; James Bottomley > ; Yao, Jiewen ; Tom Lendacky > > Subject: [PATCH V2 1/1] OvmfPkg/OvmfPkgX64: Adjust load sequence of TdxDx= e > and AmdSevDxe driver >=20 > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3904 >=20 > TdxDxe driver is introduced for Intel TDX feature. Unfortunately, this > driver also breaks boot process in SEV-ES guest. The root cause is in > the PciLib which is imported by TdxDxe driver. >=20 > In a SEV-ES guest the AmdSevDxe driver performs a > MemEncryptSevClearMmioPageEncMask() call against the > PcdPciExpressBaseAddress range to mark it shared/unencrypted. However, > the TdxDxe driver is loaded before the AmdSevDxe driver, and the PciLib > in TdxDxe is DxePciLibI440FxQ35 which will access the > PcdPciExpressBaseAddress range. Since the range has not been marked > shared/unencrypted, the #VC handler terminates the guest for trying to > do MMIO to an encrypted region. >=20 > Adjusting the load sequence of TdxDxe and AmdSevDxe can fix the issue. >=20 > Cc: Brijesh Singh > Cc: Erdem Aktas > Cc: James Bottomley > Cc: Jiewen Yao > Cc: Tom Lendacky > SEV-Tested-by: Tom Lendacky > TDX-Tested-by: Min Xu > Signed-off-by: Min Xu > --- > OvmfPkg/OvmfPkgX64.fdf | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) >=20 > diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf > index 71df28705ea8..1f9d0b3f5fcc 100644 > --- a/OvmfPkg/OvmfPkgX64.fdf > +++ b/OvmfPkg/OvmfPkgX64.fdf > @@ -214,8 +214,8 @@ READ_LOCK_STATUS =3D TRUE > APRIORI DXE { > INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf > INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf > - INF OvmfPkg/TdxDxe/TdxDxe.inf > INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf > + INF OvmfPkg/TdxDxe/TdxDxe.inf > !if $(SMM_REQUIRE) =3D=3D FALSE > INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf > !endif > -- > 2.29.2.windows.2