From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web10.5056.1645087429277171622 for ; Thu, 17 Feb 2022 00:43:49 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=nClJwxib; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: min.m.xu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1645087429; x=1676623429; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=CcwVTgm/ITxkej/hj+Ovac8+SG2t4Ook4N/jSd/Y7fA=; b=nClJwxib+x0p8yGfBwl5fqgv8vXsiV5oPrUJSbesQFia2PycbfttH+D5 g0vo7agsuHEpWIXOMBaXstfWZcJmVRveeEqK1NXKo83ctvBx7qw1kjkAY C/8eVxmX3r13gp6V2EKojHAOKb1PpaWh5GkaHH1rwVxDe4EFGwTsgtKGu 72+NQM7bE+UXxlEs0Dv0Fo5AMDjBOp1kp62hnJruipaBb0tP4ATDSoAGY z3KCyA1Y74D1nthm2m8bySEC6TUB9wwTLEYJ+knwpZ5WWk+I1R49EBvyy Mh0rEj1mEa08mAGwzKrsXCBYn4hhPS3ZApARVGgtQfxCn+3BHCAOb04So w==; X-IronPort-AV: E=McAfee;i="6200,9189,10260"; a="275414910" X-IronPort-AV: E=Sophos;i="5.88,375,1635231600"; d="scan'208";a="275414910" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Feb 2022 00:43:35 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.88,375,1635231600"; d="scan'208";a="503407581" Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by orsmga002.jf.intel.com with ESMTP; 17 Feb 2022 00:43:35 -0800 Received: from orsmsx608.amr.corp.intel.com (10.22.229.21) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20; Thu, 17 Feb 2022 00:43:34 -0800 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx608.amr.corp.intel.com (10.22.229.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20 via Frontend Transport; Thu, 17 Feb 2022 00:43:34 -0800 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.177) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.20; Thu, 17 Feb 2022 00:43:34 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g7P+d08zW0IpSXq+PSUJRdPQdeJKhbAR4z6UFWOJjRdepQ/jKr5neYwoMph5f+p1B4rasHJcDmrjwfRfubK1mQTyFP0jJed5BXWDJrFt8DyNWl7EmV6aPQVQT97pCm+/eGIC7kM/z128Bhf4htALhlN6rf3buMtBCFAizoDcouKLHpV15izD+wYvlBAg8eN9QIopL2GwlE+c0qoxS+/HMBzO3ZjKYa08MkrocTlvnscuJK5RUTVuBrq9aPf9wT2YRy1qm2GpUwUcisOcidNZNffuqRIeei4c5EEK6EI7NxczETvs2WibmRRvr/Q83UsAUmZyvVx14ZBmFDS1LjxCuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=J+h7GAGajiba9etTALwAwNAfuxyYvSHfrH4m7bsRERg=; b=FzuAWuXy8xPK9VmzMDzmyeeQO3Ob3d5gpEQgxX/WQo62eitZj/geStq+bAoPOAik9l2AFgqVR6Krl2XYcomFKwPnRYakTJO/dpk1pmxc7sDIafi2W42mFBmIHdPN4htrDZ2Qf7klPDwelP7sX8487mhjDCQzn/DAC21qkV37TVLZInIRS5V0wLVdmWnj+2Hd3rgBie0nCRgUqMlDxeDH3+cFG2l4uIAxq4PsXNdVbxsIPrafBoOmL3brYPsea6Duxpig81yQELPm1OgJBBEXEEARtBsUnHThPBODKJcy5lEejFoNTujrDZLp1cpEPQGk8c0aNvAsUEm8/oM3JyfPXQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from PH0PR11MB5064.namprd11.prod.outlook.com (2603:10b6:510:3b::15) by DM6PR11MB4739.namprd11.prod.outlook.com (2603:10b6:5:2a0::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4995.15; Thu, 17 Feb 2022 08:43:32 +0000 Received: from PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::98f5:edb6:aee6:6886]) by PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::98f5:edb6:aee6:6886%8]) with mapi id 15.20.4975.019; Thu, 17 Feb 2022 08:43:32 +0000 From: "Min Xu" To: Gerd Hoffmann CC: "devel@edk2.groups.io" , Ard Biesheuvel , "Justen, Jordan L" , Brijesh Singh , "Aktas, Erdem" , James Bottomley , "Yao, Jiewen" , Tom Lendacky Subject: Re: [PATCH V5 25/33] OvmfPkg: Update PlatformPei to support Tdx guest Thread-Topic: [PATCH V5 25/33] OvmfPkg: Update PlatformPei to support Tdx guest Thread-Index: AQHYD/oTJ0B1bKDbZEm7bLiz/KjVyKx2rdMAgCDhwqA= Date: Thu, 17 Feb 2022 08:43:32 +0000 Message-ID: References: <4635cf3ec6e8ab5e24af1b06ef6b502740c142a1.1642899774.git.min.m.xu@intel.com> <20220127101604.ptqfjqnxmimkjwdn@sirius.home.kraxel.org> In-Reply-To: <20220127101604.ptqfjqnxmimkjwdn@sirius.home.kraxel.org> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.6.200.16 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: e85ed19b-e374-40a3-b5aa-08d9f1f19423 x-ms-traffictypediagnostic: DM6PR11MB4739:EE_ x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Dp28is3VYFSwru2AooL0qn12FbZfyCEEs38lAnNv/Cd7opCQz9M3aL/DC7DRn5vpLITxbQs2j6uUz+CJBkltJVMuUhMqG1V6Ys3fBmMPOCv9axMvT+IHdg/zCcOrZL85T6vpSH2thl3sZW+JV+iTWB6fHxN7C1vwdHkJ4h6z53dYeWOnrAmSBHt5UmtC22d9SsUja//nmAJ6XHfS7WrmKzE5KYecPaXfTQwz2eo0Nu/O3+R8ocxiNmgOskfe3Byfj5i9Q1RYNseNIrp+YmTqoYdH5N8cJEc5Y2FF1YzuqgGG9UIC43MHCl4D6dCDjcGcO32xHS6PCEHhSP/2gGxn7UQmJsANxjayZN8+pcGajklHijv0XCygeL5tnTT2UsbfxPtFAaC8tEBt4L4qLMzhB9W5g+UEWb/+eHkGJwSdw143Jon0jMI3thGdDfJmtya35KEIgUDv7BXC4KlyMiPzeg+JwMUsLwtph4UB0l0CUyBvvW4EkMPO4y1Pqo2H+pUT0wunmsy2dvQT8/QEqGQCTavssvTx14Rw6k7FB5uZvU+x1j9ZfegTJKGeiz1t10Na7oZDlrYL8rXc7+lYJsrfTek3GSQ6HaUY6rFJFaEl45X9nv1EfTxf6oLrSh9wlltUeYRDurdTVZ4pcKFDZWElW85oO8M0c5A5GAACJ/b/cd8TKm+V8joYtIVQaRdPD2lQXLf815/YVyX9ajb1pjYUkw== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB5064.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(86362001)(186003)(83380400001)(26005)(66946007)(8936002)(66556008)(66476007)(66446008)(64756008)(8676002)(316002)(82960400001)(38100700002)(55016003)(6916009)(76116006)(38070700005)(2906002)(508600001)(15650500001)(33656002)(71200400001)(4326008)(5660300002)(54906003)(6506007)(7696005)(19627235002)(9686003)(52536014)(122000001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?sWm9pO+S2lbS3jfSq5wGh9/a0CD4fHPA+Yd976S44BWu/FCINiPXStwT6hft?= =?us-ascii?Q?akhgR94V8klfYe+VHOiO3K9t2Oq1jIjfYl9K/g8OmQdMBfQSqJW657HgxYcy?= =?us-ascii?Q?kbIxdYJmQDUxcRSiWNEKqplCgBDnvl0GSoxz2zYlgdQp9EBQz7756LEcZdf+?= =?us-ascii?Q?e7+qtKE6Hxh32/G71+HlD+flO6deGJJHAb1ckRWr2nIcpms7KQ3aZBtpt+De?= =?us-ascii?Q?5Cfx+EKmgITjlyF9na7sj/noClgwFOLWf/SWXxeRiX35MB+3Bs3vzHTWCn27?= =?us-ascii?Q?6Y/FCuedHMB0FRGm1gDOcRXgQT7gT7viUZEa8zmJ2QtqwIKbcal0724742Pz?= =?us-ascii?Q?GuFeAGXihOPR9LJx43oNdB5xEAkqsyU9YKfS6I57/6zso8M6Qmk24GFs+hnl?= =?us-ascii?Q?hjhcFJfve5OdVyt37Hg7dS0NbyXf+pehpiGXo+NFlEbyBSOkNTbjlo3QvoYP?= =?us-ascii?Q?+xOc5L+oVBl1StJVGhKP5lLtGijMD3EsNm5cARJfF8nozx/9ZkrcY1JJJXab?= =?us-ascii?Q?0F5xTRXVNUw1bIsRlCabVYjAltVqXiG32YpckGIHdCwwTfF7OOEAqAMr/P9I?= =?us-ascii?Q?VQssGpEtKGGYBrA5Ji0yf1P+5gVXSEnYbtH/tLRXbCTIRVcDGBnE5TsSKoOC?= =?us-ascii?Q?6TzVS5Uv0O0AJw1ogXWe/oRc2Sj6axSGIMNgO/yqG9qwMvCLi5Uvns/WgkxW?= =?us-ascii?Q?Eg7Z1LIrZVYCi+JkC0iWy5t8Y3AEbMGFVIghMWgnFn89HooOmSjB+SSuuDw3?= =?us-ascii?Q?z0SxNRLxvtBmihMfSRl4MXYbFAzf+yvMq5CxVXsY04PvzZg0BgmVeChC4QyA?= =?us-ascii?Q?zYm/HgFEjquTGUh41f73r1oIjlM7ERg5kXDtMRUaulmEXMNLnV+oIBNjOvyx?= =?us-ascii?Q?7CvkSF7I1BzsmxgQNT9U8AFyd1S5Rb9kHU5WrN67IlXQ5emKSqTlNntli4KB?= =?us-ascii?Q?WJMPBqIDPMlue1Vap/MT6szJOrLKz3w17I5YFxwsMWGRCCw0ssfEJvBH+muZ?= =?us-ascii?Q?frEqo5yRU27ifWlU+cQG24T6jazEBMSAdY4xo/65tcJDN60R1QqcPHuJ8ujH?= =?us-ascii?Q?MaHLJwYzKdKHdAFpS1YwOJTTGmBS415ZvKt69Ov8bN7IydgobNsq3NzLPTLQ?= =?us-ascii?Q?ZnLPmwX2lHFlcbph+sfTiLHMZKGQ1qx0pxAaoWuiTFvKXxG7gUK0nfjh4jB+?= =?us-ascii?Q?TrC7Ikczij7e66nBnpS+VCyb9fNVJ3cpP/8QPDLzGDD6Q9ZgK6zVHGTqkhZR?= =?us-ascii?Q?Vg9eUjitYDrj890zSgkBYo0GHhCcMt3DbMIxouGDDot9OmZALO1iYrM/3kDg?= =?us-ascii?Q?M9Y+bYl1zTRalZDZDW2zGYyljyfy9yljv0g3TPAiwG4fXXzaywZxNB3lTpEV?= =?us-ascii?Q?8eebHc0W7NLqsGYVBFNU/WdOl5/SuAdPXqkNwSyx+cWKAXivP2ZQGgk4sDzR?= =?us-ascii?Q?MPEOxwzfse8ijKY5HOq6sVaNJuW4EEXATgqS702qUB5qQnUdfdxUanis9JO8?= =?us-ascii?Q?/9LCvCSZJSz0pSE+uQtOPTyVL+oHn8kTHgBndu0wtcZht6liDWKW8VI0ipwx?= =?us-ascii?Q?52IPtG5YANbvTmv33VrfwQ0MK1ppXJs9FYdkcKc2+ONRpeZ6t/8/G4/Z2EEh?= =?us-ascii?Q?6SgAYogQOe7J8Dcxyp1K678=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5064.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: e85ed19b-e374-40a3-b5aa-08d9f1f19423 X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Feb 2022 08:43:32.3308 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: hLDccyI/tTRGyPmP/RF+yASvj825B+AzfCyglF+Rhik7qQc7sbSkHmm+OtYKkiJPN/k4pezZTE0jhNexUOMcCg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB4739 Return-Path: min.m.xu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi =20 > > +/** > > + This Function checks if TDX is available, if present then it sets > > + the dynamic PCDs for Tdx guest. It also builds Guid hob which > > +contains > > + the Host Bridge DevId. > > + **/ > > +VOID > > +IntelTdxInitialize ( > > + VOID > > + ) > > +{ > > + #ifdef MDE_CPU_X64 > > + EFI_HOB_PLATFORM_INFO PlatformInfoHob; > > + RETURN_STATUS PcdStatus; > > + > > + if (!TdIsEnabled ()) { > > + return; > > + } > > + > > + PcdStatus =3D PcdSet64S (PcdConfidentialComputingGuestAttr, > > + CCAttrIntelTdx); ASSERT_RETURN_ERROR (PcdStatus); > > + > > + PcdStatus =3D PcdSetBoolS (PcdIa32EferChangeAllowed, FALSE); > > + ASSERT_RETURN_ERROR (PcdStatus); > > + > > + PcdStatus =3D PcdSet64S (PcdTdxSharedBitMask, TdSharedPageMask ()); > > + ASSERT_RETURN_ERROR (PcdStatus); > > + > > + PcdStatus =3D PcdSetBoolS (PcdSetNxForStack, TRUE); > > + ASSERT_RETURN_ERROR (PcdStatus); > > + > > + ZeroMem (&PlatformInfoHob, sizeof (PlatformInfoHob)); > > + PlatformInfoHob.HostBridgePciDevId =3D mHostBridgeDevId; > > + > > + BuildGuidDataHob (&gUefiOvmfPkgTdxPlatformGuid, &PlatformInfoHob, > > +sizeof (EFI_HOB_PLATFORM_INFO)); #endif } >=20 > So, what is the plan for this with pei-less boot? In Pei-less boot PCDs cannot be set. So these settings are saved in Platfor= mInfoHob which will be set in early Dxe phase. >=20 > I think we should move this to PlatformInitLib, then link either into > PlatformPei or the early dxe module for pei-less boot? >=20 1. PlatformInitLib is designed without Dynamic PCDs because it is for both = SEC and PEI. 2. When boot with PEI phase, some PCDs are mandatory. For example, PcdIa32EferChangeAllowed indicates whether IA32_EFER can be mo= dified or not. Because in Tdx guest change of IA32_EFER is not allowed. But= in boot with PEI phase, DxeIplPei tries to update IA32_EFER (see IsEnableN= onExecNeeded). Another example is PcdConfidentialComputingGuestAttr. It is used in MpInitL= ib/MpLib.c (for CpuMpPei). 3. In Pei-less boot, there is no such limitation. Because the PCDs can be s= et before they're consumed. Based on above consideration, I would suggest keep above logics. Thanks Min