From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mx.groups.io with SMTP id smtpd.web11.5378.1631591645646843572 for ; Mon, 13 Sep 2021 20:54:05 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=zatOErA8; spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: jiewen.yao@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10106"; a="201376195" X-IronPort-AV: E=Sophos;i="5.85,291,1624345200"; d="scan'208";a="201376195" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Sep 2021 20:54:03 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.85,291,1624345200"; d="scan'208";a="650603038" Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by orsmga005.jf.intel.com with ESMTP; 13 Sep 2021 20:54:03 -0700 Received: from fmsmsx611.amr.corp.intel.com (10.18.126.91) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Mon, 13 Sep 2021 20:54:02 -0700 Received: from fmsmsx608.amr.corp.intel.com (10.18.126.88) by fmsmsx611.amr.corp.intel.com (10.18.126.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Mon, 13 Sep 2021 20:54:02 -0700 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx608.amr.corp.intel.com (10.18.126.88) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Frontend Transport; Mon, 13 Sep 2021 20:54:02 -0700 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (104.47.57.42) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.12; Mon, 13 Sep 2021 20:54:02 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QCf1163kTvEUTQ5VRvG6vpe/4m1gUbmKUkIN5WrGcojvmEo2zajckKZkDtApvHxyOtaNPa6MSuRgPoRHSX3+n+VKVlMAEKgMUGUQU/d5aqIZXoC4Pap5zjwKjDELI7evQkIowOVBhH//mD7YN+DS4pTHJw8HmI3w4qyDyRBNDIExYjGw3rGV+yTpp2mshEyncdQNvXiSN4nauDZzhIPO9ZRne58Ck4JetKVSsAmGFFt5T/LXdtsDy8yWCTt13Ra81EyPchL8FaY/TF5u85HXsL/nj+U+fQ8/3pHuACCFdZiSTiAlLuCoub5m5g5hvueb7XBEdXC+xBnY4GbA8hEsLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=5QYRhQ0jG46g5i8IE2y+mv6GkQt29oZ/lko22qtwseU=; b=cSGfymq9msKhJTm8TqmyN7uSFdc05p4w8orUCsHCryvioCuIkB1UH7SZV21nnTopRzT2253hejNaOFGRsCEfHOd9KWiQH/OfMrmS3iVl5kMWKvQPOOGM7VaZ7rQ/8eLW03QotJBLjvdIugyco5F8dfrf7MlfDBG/WiHaT+BOuju7UwKQoMX9jzQYSkuOzPAGdxchSZL8BIKtXzTxFA4PwhbBDFfxSdzFbjXMQWC6QC7zYKuKjoUeKkid1CwYmA9upqCJIwM95QnAjKCNGNX0K3toy/pRS/SCfZ7/TrI4nmvbMtDZpg0DuGBUOnCJrDTYZsVBJOHe5l2+bS7MUDaH6w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5QYRhQ0jG46g5i8IE2y+mv6GkQt29oZ/lko22qtwseU=; b=zatOErA8i5EOOP2GWe5U2dEcJ6AbhkcGQT90BrfAMG/GUTxzc+W00ZUbQCbPcl5I6l6gvfgZEMOQndMDc8MjU7lwGXycY0EFgGxJp86oAbYDFA6uYK9YBoVm3av4NLn2lWS3jMJP5IGHsD7Q6HiAHGj66xxKFpH3FFuztesLi48= Received: from PH0PR11MB4885.namprd11.prod.outlook.com (2603:10b6:510:35::14) by PH0PR11MB5158.namprd11.prod.outlook.com (2603:10b6:510:3b::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4500.14; Tue, 14 Sep 2021 03:54:00 +0000 Received: from PH0PR11MB4885.namprd11.prod.outlook.com ([fe80::754e:42e9:16cd:1306]) by PH0PR11MB4885.namprd11.prod.outlook.com ([fe80::754e:42e9:16cd:1306%7]) with mapi id 15.20.4500.019; Tue, 14 Sep 2021 03:54:00 +0000 From: "Yao, Jiewen" To: "devel@edk2.groups.io" , "kraxel@redhat.com" , "Xu, Min M" CC: Ard Biesheuvel , "Justen, Jordan L" , Brijesh Singh , "Erdem Aktas" , James Bottomley , "Tom Lendacky" Subject: Re: [edk2-devel] [PATCH V5 2/2] OvmfPkg/ResetVector: Enable Intel TDX in ResetVector of Ovmf Thread-Topic: [edk2-devel] [PATCH V5 2/2] OvmfPkg/ResetVector: Enable Intel TDX in ResetVector of Ovmf Thread-Index: AQHXnUe8zzrXuIpYXkOUxm6qh7dqPauLqi4AgAFGYgCAACjNAIACyKCAgAB41ACAAAi4gIABPVHwgAAwq4CACfhSAIABNMmAgAX+XaA= Date: Tue, 14 Sep 2021 03:54:00 +0000 Message-ID: References: <81c97a782bbbf83043854ad8a86d14604918d788.1630289827.git.min.m.xu@intel.com> <20210830074058.22gfqmzrha4su6fh@sirius.home.kraxel.org> <20210831053510.ian6sqpefzmrrfi7@sirius.home.kraxel.org> <20210902071812.2qet62x7npu25rht@sirius.home.kraxel.org> <20210903053919.ybkq7imveuxbufao@sirius.home.kraxel.org> <20210910081937.ju4jvrolyschulrl@sirius.home.kraxel.org> In-Reply-To: <20210910081937.ju4jvrolyschulrl@sirius.home.kraxel.org> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: timeout-no-action authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 2aef1e42-aac0-40ee-fbd4-08d977334966 x-ms-traffictypediagnostic: PH0PR11MB5158: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: XnQPc/hcFSqLsgXMO42u/XtlvKgBVC3WRu+4aBmN5XipSEpulT96A+uWE2oEcPrYWE9QDoU2xD6SqFKt9Rje0vDczOB1O9Rf0ZQagVh2MEtkLyn+ndJhW3+tc3XyMBpGw+ocbNdQ6Y/oxSR6axLy/TES1sUalB2KVk5SsPfonT6XnV9DOOTeQSma7RkV+VFD/OWRG5qQXpLT7F2QpVsLg3PSqMAUafhzWg84/dKzIAQY/pMw4QNL3ec+b5K0/sEY0tQ+Ig278LS/xxQPjhi8usyeVrph/zNSGoPfoFHGmACmd1o7aOSl5Cym9cEPhRGEfcTPgwOL+7pJvkb3Ok/DukFtTr0/UhxsjmTVgDohqq6E/Z8lJVpL3yRcXqEBFmO+zIKKr6jYpnh3Ehg+rBCGpyzpZfSCcjimhp8toeiL6Vxcac0I0vrtEBt0QD9/Dbf+lSX2tSUaXEj1gf+gg6qoQMB3w6T807HwNcyE6t6gZe4suuk/2M1RQrEEF5qBtw8R0lCYkvGM7mAqAnRzqk78LL28IhtQW7aSaU/5JRxYgFoQKulqtJhnBPcUU6BykEQ/Z/26UcC8b40m9k3mhDhg0qlY5eRV1H0cNPlocoZgL/pjvYnrV2kAGbmK+pvnXo4P2JzIYJ0LbnpXg/IUr10xIJsx5aHDttUyXcNeZQODsnlpxDIDjX2lB3JuYLidkugW/vfYHt3/lKd6cGZlGyZFHXht330aMzl8y1A2/jH61Cc4K7JvUhTCQuxM1psqmVRS0vDIo02aVdJdkyc35AtVtSIEOtiCOkfXc4pkt+XfTpMNq6RvgZq8TUddnQeLSn/KNGr3QowIdCQyAfqRoCf80A== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB4885.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(39860400002)(396003)(366004)(376002)(136003)(186003)(52536014)(86362001)(966005)(122000001)(9686003)(38100700002)(71200400001)(5660300002)(53546011)(33656002)(7696005)(26005)(83380400001)(4326008)(66946007)(8936002)(38070700005)(6506007)(64756008)(66446008)(66556008)(110136005)(2906002)(54906003)(316002)(8676002)(76116006)(66476007)(55016002)(6636002)(478600001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?6wAcUpzIazs1Z4nnSKjxp7orSRExLfLa7ZNdKdC3ZquR/OSLoB2xgzhVY270?= =?us-ascii?Q?i8So81k7katpfIv4HdYlI+ue9r2lIi4rj0KKSydb8FhJghG1EUTWihyCpLIM?= =?us-ascii?Q?0VYyIZKbI02k2FOsB0TsSZ8GHF7DEzdNSE8xkuLNX3eiT81jEd+ZtCOmPCvQ?= =?us-ascii?Q?K0edr3xbevIAg+cZKWj+3hmPhPQDOLXJ09HEW/5NkyDZ/zyv8XgSq/frf8AZ?= =?us-ascii?Q?175TvkCUdoFvFa6FCf2CnWl7/ctkj4Qf61G3ewsaSIF420w2hRAaCHUejk3u?= =?us-ascii?Q?gKexSIUe6ib2/rgnWp3/mRkFtsIPUMZoRyy6cEVrGYfOq3LMzPjbX0jViUNv?= =?us-ascii?Q?SFjZr8iuVJ+dFuYwrNx0FGtlKym/IauSOu+v6h5y2XmtEi632r5Ozt/yb8KO?= =?us-ascii?Q?nr7NAXNf6CYNx6iIzap+rq1SJpkz+RLgfDjV7cmv+4+hyEW8RC30mhzZe2oU?= =?us-ascii?Q?z21yQMZVmSJu+0WbUkRGQeeb7GUZ6SwkgR097CdahS0Rdj4ViwsjQkpRVNgY?= =?us-ascii?Q?iWCe7cKIzYjxldqKCXRnGO0ubpp8GoG+8ljMlcYFfqSTAYyvEK/qotgyLbrt?= =?us-ascii?Q?SF0LSye8ISUGWuRQzvKjK3x/tWdETvSMf0mfnepfJGx94xLGPgnjkl02y6Os?= =?us-ascii?Q?YTM/eQnLK6CF8j8cWPiEdFfueKNrS+yOYfTAFlGYanljhShmK6W6HJuuBZEa?= =?us-ascii?Q?zKG6ASNhi3dBx++WLny9zmoedVuorbIsULrZuK+c0N3Z+HdqmK9VJ2sEwBBd?= =?us-ascii?Q?YtiFTKVEclMBPvjVhtts00ffW+SQ8wj+Vhba1ZoYzzkFESQstozM/0IPhiwf?= =?us-ascii?Q?PZKW0sJ8WejXgT2l85CRjBb+ZKkOwjkL3Y/OUfdIKikKsuxJbVrtZOi9sgMW?= =?us-ascii?Q?mYqKx5kq0swgFjTpM/Fr7JQQje7qfMpYl3fPwAZ9fskht37j5UOE9BJBO63c?= =?us-ascii?Q?Ua2wwXzV6MSqQydHpm8l/TjjdmpV7cRD8YiCgRAE7g+sUKtatE67bDRuYo+5?= =?us-ascii?Q?3fxwi0GFPPyXPvRKKHJSkXDRrHdtKXXiWCV4OU+fQPJOp/9cR+N0Mplsl6L6?= =?us-ascii?Q?98MALx+t8jg7Xbc5QF5olATki/FT+BUl4j6P+U+XYkpZh7bBU4iGUSHuzjPt?= =?us-ascii?Q?qU2W8VkCmy71OAP+Pct43Aq5dlNKkqNzQBYPon0wW3dAC3+FQNbxA4NCTABG?= =?us-ascii?Q?bOTVxfsROGduu6g4USGwaI6HmntF4q2AXBSLpu6suVRwEZPEP22fgIiwFXfc?= =?us-ascii?Q?P3dP+jjRV1GrWgubGoULis4hWnKggldtWBer9/gY+3Af+jS5Z3Pc5a8DKIyw?= =?us-ascii?Q?X2dbnUjwtTHfO71g0EShTHv0?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4885.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2aef1e42-aac0-40ee-fbd4-08d977334966 X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Sep 2021 03:54:00.7382 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 9ELuEHViHFtiNzZA1pJS/5EMjCeHWLs9yr1iyGrf7+aoXWdNm9dwjbha13f36CZA8f/3ueTi/aqdwUaW10NM/g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5158 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I think it is OK to always enable 4-level paging at this moment. 5-level paging enabling is NOT super critical for TDX enabling at this mome= nt, as long as we can boot OS kernel. I am fine to enable it later, in a se= parate patch. Let's cross the bridge when we come to it. Thank you Yao Jiewen > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Gerd > Hoffmann > Sent: Friday, September 10, 2021 4:20 PM > To: Xu, Min M > Cc: Yao, Jiewen ; devel@edk2.groups.io; Ard > Biesheuvel ; Justen, Jordan L > ; Brijesh Singh ; Erdem > Aktas ; James Bottomley ; > Tom Lendacky > Subject: Re: [edk2-devel] [PATCH V5 2/2] OvmfPkg/ResetVector: Enable Inte= l > TDX in ResetVector of Ovmf >=20 > Hi, >=20 > > > If we can use 4-level paging initially, then we surely should go for = option (1) > > > and simply not touch the reset vectors paging code. >=20 > > After PoC I find this option is not a good one. Though the reset > > vectors is not touched, there are tricky changes in DxeIpl. To set up > > 5-level paging in an 4-level paging, it should first be switched from > > 64-bit long mode to 32 protected mode, then turn off the Paging, > > disable IA32_ERER.LME, then set the Cr4. The tricky thing is that in > > TDX IA32_EFER is not changeable. MdeModulePkg/.../DxeIpl is widely > > used and it is high risk to make such changes. >=20 > Ok. One more question: Do we have to use 5-level paging at all? >=20 > The only reason I could see is accepting memory with a gpa above 4-level > address space. But with the longer-term plan to support lazy acceptance > (and passing unaccepted memory ranges to the guest kernel) this reason > goes away. >=20 > So I think we could just leave it to the guest kernel to deal with the > switch from 4-level to 5-level paging. Or do I miss something? >=20 > take care, > Gerd >=20 >=20 >=20 >=20 >=20