From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web09.14969.1627192857321261931 for ; Sat, 24 Jul 2021 23:00:57 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=bVkboHyh; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: jiewen.yao@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10055"; a="233918643" X-IronPort-AV: E=Sophos;i="5.84,266,1620716400"; d="scan'208";a="233918643" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jul 2021 23:00:56 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.84,266,1620716400"; d="scan'208";a="660765813" Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by fmsmga006.fm.intel.com with ESMTP; 24 Jul 2021 23:00:55 -0700 Received: from orsmsx609.amr.corp.intel.com (10.22.229.22) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.10; Sat, 24 Jul 2021 23:00:55 -0700 Received: from orsmsx608.amr.corp.intel.com (10.22.229.21) by ORSMSX609.amr.corp.intel.com (10.22.229.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.10; Sat, 24 Jul 2021 23:00:54 -0700 Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx608.amr.corp.intel.com (10.22.229.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.10 via Frontend Transport; Sat, 24 Jul 2021 23:00:54 -0700 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.170) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.10; Sat, 24 Jul 2021 23:00:53 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JYhPLwA1lzV8rkw6DnyqxKPPiMgzUy8MT6QSpPyd/X4WR5GbtpV73ufROU7rMT/dMz2qg7K+9gV/9akPU2gt6Ii9Qs/stWz7q2p1y7FGRtSd8LG29kC4r9FQJsxNQI7SK3pv+7jAPgTHQn9ak3z2f7235YMon9PehPbUaQzf3NaiF1n+hK1MHYyffu/C/0kCHXPTgnNAVPJ3ZjymsS6+xgvtiQhvb6sGGjF4ToNEAIRIiPlvPZyGm1iHc0UCwEnqWutNOb/qSC/oZP9I1OOqXwdzyg4kZnZXaZEXFdJkV+BaWdW+ytwrSdaM0rrKZSuYlJdpBpAOBhYrPKaXU3V85g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sYWWp4LiJ9a+a624AJHH/VfSeZZ2tIMKHD7mXW/wdQM=; b=jWRiKjzOpftXcCTBATWSt3sJeTb1oRhGOla9sFmsavBtcs55URNecDkDdZSPbdQnmY+Ur6YVkISktV73frHL5ImkllcuMz6WA5T5E9oT2sppVj98NxqINNQeglTpCjU2JjoGn5jOR+ImGsxRax8o/VFjq1abQsi/JDWyFFBVqya5URPjIqpZqDd1I3fcduAiXtRIL4M7OtwzHT0abHP1ytBwRWN36/3Gx0A3SvWgWPL0JC5IByNI6oSeD5zir9PDLCLcYLHUS9TNmViosurQx6V+hJ5ag5e8DpCKLybqGpHPoXEImL9B6pKeD54uAACX+pQCkGTi4aAnvk0+Myva7Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sYWWp4LiJ9a+a624AJHH/VfSeZZ2tIMKHD7mXW/wdQM=; b=bVkboHyhfKd5IugcelfdX+iKpTXY0qPvVzsRA0YuXEmIE7GVopAA7JF6UhAaYTiRSAahtdM3L+XV/XeJEUDKjHzfyomz/85XPDFN8HNrh7ZqmU/cvk/McCOVUacLgBn8UocYnPkwVHXqWapKZudTr5xAr+J74FSIkL/FlbLQhLE= Received: from PH0PR11MB4885.namprd11.prod.outlook.com (2603:10b6:510:35::14) by PH0PR11MB5208.namprd11.prod.outlook.com (2603:10b6:510:3b::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4352.29; Sun, 25 Jul 2021 06:00:52 +0000 Received: from PH0PR11MB4885.namprd11.prod.outlook.com ([fe80::6c99:8170:1c3c:9121]) by PH0PR11MB4885.namprd11.prod.outlook.com ([fe80::6c99:8170:1c3c:9121%3]) with mapi id 15.20.4352.030; Sun, 25 Jul 2021 06:00:51 +0000 From: "Yao, Jiewen" To: "Xu, Min M" , "devel@edk2.groups.io" CC: Ard Biesheuvel , Brijesh Singh , Erdem Aktas , James Bottomley , Tom Lendacky Subject: Re: [PATCH V2 4/4] OvmfPkg/ResetVector: Update ResetVector to support Tdx Thread-Topic: [PATCH V2 4/4] OvmfPkg/ResetVector: Update ResetVector to support Tdx Thread-Index: AQHXfr3fFr/X2zR+P0e27apblWjz+qtTLtwg Date: Sun, 25 Jul 2021 06:00:51 +0000 Message-ID: References: <0e28e0d01b2db776c5c00469bac5097a326c3ed9.1626931332.git.min.m.xu@intel.com> In-Reply-To: <0e28e0d01b2db776c5c00469bac5097a326c3ed9.1626931332.git.min.m.xu@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 7b35375d-bce7-438b-9577-08d94f318eef x-ms-traffictypediagnostic: PH0PR11MB5208: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: rBBAipkYag7q0xU/ZAaGVUzaXLSZyQcjm9shmjL+rwVubjGFTwgN/7nT8JeyYNrR7RlNOyP2Hp+ftHVtBbH7jTLtpY5RgTmGNZg1lLyF4uZC1qJHaSja5g/yRdv0zY/wIIXg32+dYwowQOcwwqZwRhVOvtke9m+8DqLltH0ZGLyzgFm1KWx1pngkxoRpgYyXDY3UYRtM+GorHriM/rKPHmqfV95HA0atb9C06v+ZeAmTy8J2Dx01PLypO8InrFIfdP5Q5BZFsQg/3o7ELRWX5uJU7AVLtztMC4xnUNTfRUiqZwGT/vE08fLaaWgqgP+GGssLXRl3oc28/7+Yu9XwbeA9ZqxL/TVFPhjh3WusZ4ovhZD+iXnro0W6WIQZ8BM9GmBojOqOtmmLsRYDSE8KeVBWmpDWOZxL+1gd6fWbYEjZ82aLfArOBl2/Pv1zRMJzepCG01Dw7wOmdpWSXE8n8RqYNPEYNeQPBFPWxGBncFutc3MbTV2PRPbStXhCkdPBI5UJv4d8rMxPZplnUjxsHk9FCSneoshAo/3NYKReStPWg2ylGJgp0Ii9KfFB81z2rjaioEUu1CgLAZUxkN9+qrefO1xhM6ic3daorxhvkyjhHg4H39UcUoZXaPzVJe1BkBN5RaE/wNR9citriTAab2/fio68Y31R4X8XsfP7Jg13BLmTw1gzGvQarqjChDgMShXz8HP1v/MeTcovzcEFasHoXO1TTBU+lr6CliyADjxZzAudrimFdC1alUdV5nvbvxnOl6m/kYNu+m3W72XTxIaHzMYetVAeWWyhR0BCmGw= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB4885.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(366004)(376002)(136003)(396003)(346002)(5660300002)(26005)(316002)(110136005)(15650500001)(83380400001)(54906003)(66946007)(66476007)(966005)(19627235002)(66556008)(2906002)(64756008)(186003)(66446008)(122000001)(76116006)(33656002)(38100700002)(71200400001)(53546011)(6506007)(55016002)(86362001)(9686003)(478600001)(8936002)(30864003)(8676002)(7696005)(52536014)(4326008)(38070700004);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?gtXC4mbrr/sYLhA2d0VPRO4/Fje34FF0hn1302a1IEDDt3sAIp1GkxbKx9Ih?= =?us-ascii?Q?QyavwG9Mk9npD9UKCaRlrzWIDPlFHJKRFrONSch4f3bhlKughQigDyDfPxzP?= =?us-ascii?Q?u92NdYHJJOoRzPSIOGKiS5mj40r1jEtws/D9jW7W47SGKEynIE1A1ghQd4pf?= =?us-ascii?Q?QWBcJKBSsr1tSlrf47W0e3nmefLBAjEY2VsZOn6XmF3Sf8It3apYNLFo919U?= =?us-ascii?Q?rvmdbJg8+hgOh4wXgKsh9ljR54AkjXWm8fSo1WDSiaWuGvt9UM1tqsp6Dn98?= =?us-ascii?Q?/wNGRDmbYZc4A0YaBUA0MlSvuPJ0wl1qgqNDP1fWqCMYlXBF5HQ0JcJdkgVz?= =?us-ascii?Q?mOPywZMo8lWVdl0PxfysMLMcdEFZYoxs7TL9A7y0YGGnTjRvuwdRp0NHYOwA?= =?us-ascii?Q?wGrtrz1vRN40ZCudKXMOHSDpsJ7ElhGznveTWlCy8onjaMg9uMFCliWw0PQn?= =?us-ascii?Q?CinBqn56A4M81PhuBT/Dnz6vD64EyZLOYxNiSY6TzYo3xPBrA+qfP/lEgXEE?= =?us-ascii?Q?+k9JDn1uJzhuqiddxZrW7wxq/cEqYOk/ws8L+yjztG9hWhNFz/4iamjk43m3?= =?us-ascii?Q?wudPqETTTri0NwBrKnDL156vfCklQ67E/28cHeQ8Dh7gulz2ryGIH6EDV6Ws?= =?us-ascii?Q?UaxHbwzwsPPkvtmlznk28g1EFjN4jf0miUzkadV3bwXHRmvp4KfBWnLhrS7R?= =?us-ascii?Q?1Oxf3s2CXTYVaTNJnMrwFnuxSVmX0sA6NeRzZP0Mwp863h2NY4a5zD9jhu3c?= =?us-ascii?Q?/KBDt41H0GhXZNu7nlrPXHKw9mFIJmKxC4MWm3s8Ouj4sBmn+2oLaCiQ+XSn?= =?us-ascii?Q?Uyr7x5BE8RQCYHutehsXerHQoyw4RY+9fuSfODj1xlycxfYT9mutoM35A4aR?= =?us-ascii?Q?VUtpu5YHgeK8z2S/wBgHQ1BizjiCjTctlzMcln9CT5b4iXRr7T93qQreVQmi?= =?us-ascii?Q?fpAzTbSMnVDT7xB9z1buQ8o36NAr6HtDK00l0/N8kogODT/IWenoSMqc4SQs?= =?us-ascii?Q?P1HDEonORelAcCZy5yRr3PZDupQO+kiMzGrKFfHkfVoZLOaFvQpi/Te3s2NV?= =?us-ascii?Q?xkachubPXQi0YYgTZghtby9h1fyHhPdzAVCjZFUCCvDb6clv8fIo1bbfYwVu?= =?us-ascii?Q?xUY1uxmXywEqn/QCn6oJjYIGdtl+EIcc9I4m60YT0TYIXSb68ZhsEdMgzRSn?= =?us-ascii?Q?akC49guyV0BoGkehvHwPCbKtd6+cbGXPcjRbQAgvFNQdMxAvH0mK3P0iBzZA?= =?us-ascii?Q?OJVtH9BhLTD7o7DLzbAfrd0OpJpvXaLD/bJbIm/Dl27EG3iZ2tN0QDLS4J4u?= =?us-ascii?Q?Vj+oQtwB0m2hqbIq/d3z+gnA?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4885.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7b35375d-bce7-438b-9577-08d94f318eef X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jul 2021 06:00:51.8688 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: kqBA7sOxz6NDIghsIJg1MkDI1T96bd0fM3hXI5vtJ4zQ0oCR5qroa2GuqPUkY4jsFUQXwNBgkzbZQUVaqMJAXQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5208 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Min, Brijesh, James I feel very frustrated when I review the existing OVMF reset vector. A big problem is that this code mixed too many SEV stuff, and we are trying= to add more TDX stuff in *one* file, without clear isolation. Take PageTables64.asm as example, here are the symbols. (* means it is newl= y added.) =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D CheckSevFeatures: GetSevEncBit: SevEncBitLowHlt: SevSaveMask: NoSev: NoSevEsVcHlt: NoSevPass: SevExit: IsSevEsEnabled: SevEsDisabled: SetCr3ForPageTables64: CheckSev: (*) SevNotActive: clearPageTablesMemoryLoop: pageTableEntriesLoop: tdClearTdxPageTablesMemoryLoop: (*) IsSevEs: (*) pageTableEntries4kLoop: clearGhcbMemoryLoop: SetCr3: SevEsIdtNotCpuid: SevEsIdtNoCpuidResponse: SevEsIdtTerminate: SevEsIdtHlt: SevEsIdtVmmComm: NextReg: VmmDone: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D In order to better maintain the ResetVector, may I propose some refinement: 1) The main function only contains the non-TEE function, where TEE =3D=3D S= EV + TDX. 2) The TEE related code is moved to TEE specific standalone file, such *Sev= .asm and *Tdx.Asm. 3) We need handle different cases with different pattern. I hope the patter can be used consistently. As such, the reviewer can easil= y understand what it is for. 3.1) If TEE function is a hook, then the main function calls TEE function d= irectly. The TEE function need implement a TEE check function (such as IsSe= v, or IsTdx). For example: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D OneTimeCall PreMainFunctionHookSev OneTimeCall PreMainFunctionHookTdx MainFunction: XXXXXX OneTimeCall PostMainFunctionHookSev OneTimeCall PostMainFunctionHookTdx =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D 3.2) If TEE function is a replacement for non-TEE function. The main functi= on can call TEE replacement function, then check the return status to decid= e next step. For example: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D OneTimeCall MainFunctionSev Jz MainFunctionEnd OneTimeCall MainFunctionTdx Jz MainFunctionEnd MainFunction: XXXXXX MainFunctionEnd: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D 4) If we found it is too hard to write code in above patter, we can discuss= case by case. > -----Original Message----- > From: Xu, Min M > Sent: Thursday, July 22, 2021 1:52 PM > To: devel@edk2.groups.io > Cc: Xu, Min M ; Ard Biesheuvel > ; Brijesh Singh ; Erdem > Aktas ; James Bottomley ; > Yao, Jiewen ; Tom Lendacky > > Subject: [PATCH V2 4/4] OvmfPkg/ResetVector: Update ResetVector to suppor= t > Tdx >=20 > RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 >=20 > In Tdx all CPUs "reset" to run on 32-bit protected mode with flat > descriptor (paging disabled). But in Non-Td guest the initial state of > CPUs is 16-bit real mode. To resolve this conflict, BITS 16/32 is used > in the very beginning of ResetVector. It will check the 32-bit protected > mode or 16-bit real mode, then jump to the corresponding entry point. > This is done in OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm. >=20 > ReloadFlat32.asm load the GDT and set the CR0, then jump to Flat-32 mode. >=20 > InitTdx.asm is called to record the Tdx signature ('TDXG') and other tdx > information in a TDX_WORK_AREA which can be used by the other routines in > ResetVector. >=20 > Init32.asm is 32-bit initialization code in OvmfPkg. It puts above > ReloadFlat32 and InitTdx together to do the initializaiton for Tdx. >=20 > After that Tdx jumps to 64-bit long mode by doing following tasks: > 1. SetCr3ForPageTables64 > For OVMF, some initial page tables is built at: > PcdOvmfSecPageTablesBase - (PcdOvmfSecPageTablesBase + 0x6000) > This page table supports the 4-level page table. > But Tdx support 4-level and 5-level page table based on the CPU GPA wi= dth. > 48bit is 4-level paging, 52-bit is 5-level paging. > If 5-level page table is supported (GPAW is 52), then a top level > page directory pointers (1 * 256TB entry) is generated in the > TdxPageTable. > 2. Set Cr4 > Enable PAE. > 3. Adjust Cr3 > If GPAW is 48, then Cr3 is PT_ADDR (0). If GPAW is 52, then Cr3 is > TDX_PT_ADDR (0). >=20 > Tdx MailBox [0x10, 0x800] is reserved for OS. So we initialize piece of t= his > area ([0x10, 0x20]) to record the Tdx flag ('TDXG') and other Tdx info so= that > they can be used in the following flow. >=20 > After all above is successfully done, Tdx jump to SecEntry. >=20 > Cc: Ard Biesheuvel > Cc: Brijesh Singh > Cc: Erdem Aktas > Cc: James Bottomley > Cc: Jiewen Yao > Cc: Tom Lendacky > Signed-off-by: Min Xu > --- > OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 21 ++++++++ > OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm | 47 ++++++++++++++++ > OvmfPkg/ResetVector/Ia32/Init32.asm | 34 ++++++++++++ > OvmfPkg/ResetVector/Ia32/InitTdx.asm | 57 ++++++++++++++++++++ > OvmfPkg/ResetVector/Ia32/PageTables64.asm | 41 ++++++++++++++ > OvmfPkg/ResetVector/Ia32/ReloadFlat32.asm | 44 +++++++++++++++ > OvmfPkg/ResetVector/ResetVector.nasmb | 18 +++++++ > 7 files changed, 262 insertions(+) > create mode 100644 OvmfPkg/ResetVector/Ia32/Init32.asm > create mode 100644 OvmfPkg/ResetVector/Ia32/InitTdx.asm > create mode 100644 OvmfPkg/ResetVector/Ia32/ReloadFlat32.asm >=20 > diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > index ac86ce69ebe8..a390ed81d021 100644 > --- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > +++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > @@ -155,10 +155,31 @@ resetVector: > ; > ; This is where the processor will begin execution > ; > +; In IA32 we follow the standard reset vector flow. While in X64, Td gue= st > +; may be supported. Td guest requires the startup mode to be 32-bit > +; protected mode but the legacy VM startup mode is 16-bit real mode. > +; To make NASM generate such shared entry code that behaves correctly in > +; both 16-bit and 32-bit mode, more BITS directives are added. > +; > +%ifdef ARCH_IA32 > + > nop > nop > jmp EarlyBspInitReal16 >=20 > +%else > + > + smsw ax > + test al, 1 > + jz .Real > +BITS 32 > + jmp Main32 > +BITS 16 > +.Real: > + jmp EarlyBspInitReal16 > + > +%endif > + > ALIGN 16 >=20 > fourGigabytes: > diff --git a/OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm > b/OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm > index c6d0d898bcd1..2206ca719593 100644 > --- a/OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm > +++ b/OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm > @@ -17,6 +17,9 @@ Transition32FlatTo64Flat: >=20 > OneTimeCall SetCr3ForPageTables64 >=20 > + cmp dword[TDX_WORK_AREA], 0x47584454 ; 'TDXG' > + jz TdxTransition32FlatTo64Flat > + > mov eax, cr4 > bts eax, 5 ; enable PAE > mov cr4, eax > @@ -65,10 +68,54 @@ EnablePaging: > bts eax, 31 ; set PG > mov cr0, eax ; enable paging >=20 > + jmp _jumpTo64Bit > + > +; > +; Tdx Transition from 32Flat to 64Flat > +; > +TdxTransition32FlatTo64Flat: > + > + mov eax, cr4 > + bts eax, 5 ; enable PAE > + > + ; > + ; byte[TDX_WORK_AREA_PAGELEVEL5] holds the indicator whether 52bit i= s > supported. > + ; if it is the case, need to set LA57 and use 5-level paging > + ; > + cmp byte[TDX_WORK_AREA_PAGELEVEL5], 0 > + jz .set_cr4 > + bts eax, 12 > +.set_cr4: > + mov cr4, eax > + mov ebx, cr3 > + > + ; > + ; if la57 is not set, we are ok > + ; if using 5-level paging, adjust top-level page directory > + ; > + bt eax, 12 > + jnc .set_cr3 > + mov ebx, TDX_PT_ADDR (0) > +.set_cr3: > + mov cr3, ebx > + > + mov eax, cr0 > + bts eax, 31 ; set PG > + mov cr0, eax ; enable paging > + > +_jumpTo64Bit: > jmp LINEAR_CODE64_SEL:ADDR_OF(jumpTo64BitAndLandHere) > + > BITS 64 > jumpTo64BitAndLandHere: >=20 > + ; > + ; For Td guest we are done and jump to the end > + ; > + mov eax, TDX_WORK_AREA > + cmp dword [eax], 0x47584454 ; 'TDXG' > + jz GoodCompare > + > ; > ; Check if the second step of the SEV-ES mitigation is to be perform= ed. > ; > diff --git a/OvmfPkg/ResetVector/Ia32/Init32.asm > b/OvmfPkg/ResetVector/Ia32/Init32.asm > new file mode 100644 > index 000000000000..772adc51e531 > --- /dev/null > +++ b/OvmfPkg/ResetVector/Ia32/Init32.asm > @@ -0,0 +1,34 @@ > +;-----------------------------------------------------------------------= ------- > +; @file > +; 32-bit initialization for Tdx > +; > +; Copyright (c) 2021, Intel Corporation. All rights reserved.
> +; SPDX-License-Identifier: BSD-2-Clause-Patent > +; > +;-----------------------------------------------------------------------= ------- > + > +BITS 32 > + > +; > +; Modified: EBP > +; > +; @param[in] EBX [6:0] CPU supported GPA width > +; [7:7] 5 level page table support > +; @param[in] ECX [31:0] TDINITVP - Untrusted Configuration > +; @param[in] EDX [31:0] VCPUID > +; @param[in] ESI [31:0] VCPU_Index > +; > +Init32: > + ; > + ; Save EBX in EBP because EBX will be changed in ReloadFlat32 > + ; > + mov ebp, ebx > + > + OneTimeCall ReloadFlat32 > + > + ; > + ; Init Tdx > + ; > + OneTimeCall InitTdx > + > + OneTimeCallRet Init32 > diff --git a/OvmfPkg/ResetVector/Ia32/InitTdx.asm > b/OvmfPkg/ResetVector/Ia32/InitTdx.asm > new file mode 100644 > index 000000000000..de8273da6a0c > --- /dev/null > +++ b/OvmfPkg/ResetVector/Ia32/InitTdx.asm > @@ -0,0 +1,57 @@ > +;-----------------------------------------------------------------------= ------- > +; @file > +; Initialize TDX_WORK_AREA to record the Tdx flag ('TDXG') and other T= dx info > +; so that the following codes can use these information. > +; > +; Copyright (c) 2021, Intel Corporation. All rights reserved.
> +; SPDX-License-Identifier: BSD-2-Clause-Patent > +; > +;-----------------------------------------------------------------------= ------- > + > +BITS 32 > + > +; > +; Modified: EBP > +; > +InitTdx: > + ; > + ; In Td guest, BSP/AP shares the same entry point > + ; BSP builds up the page table, while APs shouldn't do the same task= . > + ; Instead, APs just leverage the page table which is built by BSP. > + ; APs will wait until the page table is ready. > + ; In Td guest, vCPU 0 is treated as the BSP, the others are APs. > + ; ESI indicates the vCPU ID. > + ; > + cmp esi, 0 > + je tdBspEntry > + > +apWait: > + cmp byte[TDX_WORK_AREA_PGTBL_READY], 0 > + je apWait > + jmp doneTdxInit > + > +tdBspEntry: > + ; > + ; It is of Tdx Guest > + ; Save the Tdx info in TDX_WORK_AREA so that the following code can = use > + ; these information. > + ; > + mov dword [TDX_WORK_AREA], 0x47584454 ; 'TDXG' > + > + ; > + ; EBP[6:0] CPU supported GPA width > + ; > + and ebp, 0x3f > + cmp ebp, 52 > + jl NotPageLevel5 > + mov byte[TDX_WORK_AREA_PAGELEVEL5], 1 > + > +NotPageLevel5: > + ; > + ; ECX[31:0] TDINITVP - Untrusted Configuration > + ; > + mov DWORD[TDX_WORK_AREA_INITVP], ecx > + mov DWORD[TDX_WORK_AREA_INFO], ebp > + > +doneTdxInit: > + OneTimeCallRet InitTdx > diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm > b/OvmfPkg/ResetVector/Ia32/PageTables64.asm > index 5fae8986d9da..508df6cf5967 100644 > --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm > +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm > @@ -218,6 +218,24 @@ SevEsDisabled: > ; > SetCr3ForPageTables64: >=20 > + ; > + ; Check Td guest > + ; > + cmp dword[TDX_WORK_AREA], 0x47584454 ; 'TDXG' > + jnz CheckSev > + > + xor edx, edx > + > + ; > + ; In Td guest, BSP builds the page table and set the flag of > + ; TDX_WORK_AREA_PGTBL_READY. APs check this flag and then set > + ; cr3 directly. > + ; > + cmp byte[TDX_WORK_AREA_PGTBL_READY], 1 > + jz SetCr3 > + jmp SevNotActive > + > +CheckSev: > OneTimeCall CheckSevFeatures > xor edx, edx > test eax, eax > @@ -277,6 +295,29 @@ pageTableEntriesLoop: > mov [(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], edx > loop pageTableEntriesLoop >=20 > + ; > + ; If it is Td guest, TdxExtraPageTable should be initialized as well > + ; > + cmp dword[TDX_WORK_AREA], 0x47584454 ; 'TDXG' > + jnz IsSevEs > + > + xor eax, eax > + mov ecx, 0x400 > +tdClearTdxPageTablesMemoryLoop: > + mov dword [ecx * 4 + TDX_PT_ADDR (0) - 4], eax > + loop tdClearTdxPageTablesMemoryLoop > + > + xor edx, edx > + ; > + ; Top level Page Directory Pointers (1 * 256TB entry) > + ; > + mov dword[TDX_PT_ADDR (0)], PT_ADDR (0) + PAGE_PDP_ATTR > + mov dword[TDX_PT_ADDR (4)], edx > + > + mov byte[TDX_WORK_AREA_PGTBL_READY], 1 > + jmp SetCr3 > + > +IsSevEs: > OneTimeCall IsSevEsEnabled > test eax, eax > jz SetCr3 > diff --git a/OvmfPkg/ResetVector/Ia32/ReloadFlat32.asm > b/OvmfPkg/ResetVector/Ia32/ReloadFlat32.asm > new file mode 100644 > index 000000000000..06d44142625a > --- /dev/null > +++ b/OvmfPkg/ResetVector/Ia32/ReloadFlat32.asm > @@ -0,0 +1,44 @@ > +;-----------------------------------------------------------------------= ------- > +; @file > +; Load the GDT and set the CR0/CR4, then jump to Flat 32 protected mod= e. > +; > +; Copyright (c) 2021, Intel Corporation. All rights reserved.
> +; SPDX-License-Identifier: BSD-2-Clause-Patent > +; > +;-----------------------------------------------------------------------= ------- > + > +%define SEC_DEFAULT_CR0 0x00000023 > +%define SEC_DEFAULT_CR4 0x640 > + > +BITS 32 > + > +; > +; Modified: EAX, EBX, CR0, CR4, DS, ES, FS, GS, SS > +; > +ReloadFlat32: > + > + cli > + mov ebx, ADDR_OF(gdtr) > + lgdt [ebx] > + > + mov eax, SEC_DEFAULT_CR0 > + mov cr0, eax > + > + jmp LINEAR_CODE_SEL:dword ADDR_OF(jumpToFlat32BitAndLandHere) > +BITS 32 > +jumpToFlat32BitAndLandHere: > + > + mov eax, SEC_DEFAULT_CR4 > + mov cr4, eax > + > + debugShowPostCode POSTCODE_32BIT_MODE > + > + mov ax, LINEAR_SEL > + mov ds, ax > + mov es, ax > + mov fs, ax > + mov gs, ax > + mov ss, ax > + > + OneTimeCallRet ReloadFlat32 > + > diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb > b/OvmfPkg/ResetVector/ResetVector.nasmb > index b653fe87abd6..3ec163613477 100644 > --- a/OvmfPkg/ResetVector/ResetVector.nasmb > +++ b/OvmfPkg/ResetVector/ResetVector.nasmb > @@ -106,6 +106,21 @@ > %define TDX_EXTRA_PAGE_TABLE_BASE FixedPcdGet32 > (PcdOvmfSecGhcbPageTableBase) > %define TDX_EXTRA_PAGE_TABLE_SIZE FixedPcdGet32 > (PcdOvmfSecGhcbPageTableSize) >=20 > + ; > + ; TdMailboxBase [0x10, 0x800] is reserved for OS. > + ; Td guest initialize piece of this area (TdMailboxBase [0x10,0x20]) t= o > + ; record the Td guest info so that this information can be used in the > + ; following ResetVector flow. > + ; > + %define TD_MAILBOX_WORKAREA_OFFSET 0x10 > + %define TDX_WORK_AREA (TDX_MAILBOX_MEMORY_BASE + > TD_MAILBOX_WORKAREA_OFFSET) > + %define TDX_WORK_AREA_PAGELEVEL5 (TDX_WORK_AREA + 4) > + %define TDX_WORK_AREA_PGTBL_READY (TDX_WORK_AREA + 5) > + %define TDX_WORK_AREA_INITVP (TDX_WORK_AREA + 8) > + %define TDX_WORK_AREA_INFO (TDX_WORK_AREA + 8 + 4) > + > + %define TDX_PT_ADDR(Offset) (TDX_EXTRA_PAGE_TABLE_BASE + (Offset)) > + > %define PT_ADDR(Offset) (FixedPcdGet32 (PcdOvmfSecPageTablesBase) + > (Offset)) >=20 > %define GHCB_PT_ADDR (FixedPcdGet32 (PcdOvmfSecGhcbPageTableBase)) > @@ -117,6 +132,9 @@ > %define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 > (PcdOvmfSecPeiTempRamBase) + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize)) >=20 > %include "X64/TdxMetadata.asm" > + %include "Ia32/Init32.asm" > + %include "Ia32/InitTdx.asm" > + %include "Ia32/ReloadFlat32.asm" >=20 > %include "Ia32/Flat32ToFlat64.asm" > %include "Ia32/PageTables64.asm" > -- > 2.29.2.windows.2