From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web11.8304.1638940423272040480 for ; Tue, 07 Dec 2021 21:13:43 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=AjhLdacZ; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: min.m.xu@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10191"; a="301140547" X-IronPort-AV: E=Sophos;i="5.87,296,1631602800"; d="scan'208";a="301140547" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Dec 2021 21:13:42 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.87,296,1631602800"; d="scan'208";a="502916082" Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by orsmga007.jf.intel.com with ESMTP; 07 Dec 2021 21:13:42 -0800 Received: from fmsmsx605.amr.corp.intel.com (10.18.126.85) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20; Tue, 7 Dec 2021 21:13:41 -0800 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx605.amr.corp.intel.com (10.18.126.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20 via Frontend Transport; Tue, 7 Dec 2021 21:13:41 -0800 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.109) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.20; Tue, 7 Dec 2021 21:13:40 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bNC3gr6j8kVF/j+Rw7T2fkrtbfqmTuTaX9k5drqV6tAeo7SFZ7yUvMGEtgveiSlUxJ9NqFtwb6rhK+VgauQQHkvfgFW8s2VA27bN/yksNC0/NIqOmNmb0dN6l/WhfBTDjZHMPu1CDpnes8Eh5GoL4twq5+w4q22SLGt0A2GzRRvuNJ4QIno9xIza8Q4YXR4re5doKCDdgEtziFNSZFXMeDH7fTuP2EL0f33jQG6Hrj8Aj+JT2O4EUTZAXXD2yoDRgKBA7ZoHlzp1aYNRDgb9Uo2ObNOZAnVfplLq4cxYUK861NoAwJV0W/0JFqCjeVhS1Iab//8qGW80StHGcf3pmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KFmdBUnWdBKXwtsTLwk77RJJA1GebWTYa83R9DIvsQA=; b=Pidku3IpsPqxUBFJRI7mM/1NLrCFSp9mEY3208Oys71kVrKjGVTWTr38c2SDL6v2OnYjHJmDo5/TO9jlAnkZ4th3Y/hfTuLm8qKTTmMloeen1Xg3us/jE1fHIevBGDoIN36XJ6mSc67uItiNUmeGFBvC7Yrqx3OyJQWZCQaCg2COuJXr9iKdsUs4FlyINYVJuJR9kv4LRGn68/3splkgrpnBm7EWPxUntTuBStajuNSjYXnt73okjKYw6S0X3hPi05Ymp+f7J0Sj2AH8QpScZC39gY6L7Ebjgne6eZgeeOTUnHjqfyfy17/UVCPrEvjaFFbvP9x5be/YfHUANfuHAw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KFmdBUnWdBKXwtsTLwk77RJJA1GebWTYa83R9DIvsQA=; b=AjhLdacZm1HLec3vU1nmHwtdDcVA52Is5Phw1zw1X5RJt5jbfqppIFnOKIaM4CE11425ak0x+IxE2SnxFmRVkIKC18qfC4U1ogRi7kCnS5k8TNx6Uu5CKuw4L9dF6k9dmzkSM1bBLO29X5IUcje7xSQcxvJoWsa65j83yJKZaIg= Received: from PH0PR11MB5064.namprd11.prod.outlook.com (2603:10b6:510:3b::15) by PH7PR11MB5863.namprd11.prod.outlook.com (2603:10b6:510:135::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4778.11; Wed, 8 Dec 2021 05:13:37 +0000 Received: from PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::fd42:b334:5030:af8d]) by PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::fd42:b334:5030:af8d%6]) with mapi id 15.20.4755.022; Wed, 8 Dec 2021 05:13:37 +0000 From: "Min Xu" To: "devel@edk2.groups.io" , "kraxel@redhat.com" , "Yao, Jiewen" CC: "jejb@linux.ibm.com" , Ard Biesheuvel , "Justen, Jordan L" , Brijesh Singh , Erdem Aktas , Tom Lendacky Subject: Re: [edk2-devel] [PATCH V3 15/29] OvmfPkg: Update SecEntry.nasm to support Tdx Thread-Topic: [edk2-devel] [PATCH V3 15/29] OvmfPkg: Update SecEntry.nasm to support Tdx Thread-Index: AQHX4GsWCjL+/LTX60Ss2rt5jCGW86wRK24AgAAC0oCAAAQtAIAABTiAgAAHrgCAAMMCAIAAUsIAgAAxTgCAACj8gIAAB9eAgAABGACAAA63AIABJg2AgAFv4oCACFhLAIABiVMAgAZjzICAAMDqgIAAXgsAgAFefgA= Date: Wed, 8 Dec 2021 05:13:37 +0000 Message-ID: References: <5d39c546fe66fc945e9687f187ed9892b6a6a00c.camel@linux.ibm.com> <20211125083219.uiqbg7fsoervmdkq@sirius.home.kraxel.org> <20211201135506.bwxpo5h4fr5lcbni@sirius.home.kraxel.org> <20211206145737.e3bh6fl65j6qw62f@sirius.home.kraxel.org> <20211207080440.pgbd73f2jx2z2id3@sirius.home.kraxel.org> In-Reply-To: <20211207080440.pgbd73f2jx2z2id3@sirius.home.kraxel.org> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.6.200.16 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: c8f531ff-60dd-489b-dbe2-08d9ba097d90 x-ms-traffictypediagnostic: PH7PR11MB5863:EE_ x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: QNwqgFBvG+ozk2zpW61h9BKqSrYKSIsaQwh+8G0L7xcyISxIdYJwTsHsZGBopT7RPXmFVHRjNnJJwUkcr93ePUw8KbX3sSPsc3lp4rRaMbBNeWmPuUtxuqjgqPRJhCnQ8mzg9S68G/FrMkDoB9ySX57diIuqS7cIH1UNQheBlAZepqEAl4oMzYBsg4edud6lqqx9V0eG2TeHIOLafn4qq6GJdu8zWMDDkH8oXnv8TbXV4Fp1gfLWmEqRJXqwa5GN8sAhG9SJjCrnK7cC2/N592isMOpaSruy8gInkS70zxAaIGHfP8sLmX6Zjoi7R1bg15m9dcSdu7boZziCaZid+E9qWDBq16q6qTW0/Ra7cXkzDCR3GL/B0YpCd34zErmy+nTb580AKtBGal8svsG41PIJyJc4WXKi760ACSxHz0afGsIa7BCo+DWipnmD8tgFfaXt+Cw0xy3hukSBZ8BeTwRaJNkjcVPjyPoUKvhLuX51CH4IzRJrk5WFXnJY+nsR4xYBfba2l3T6jhz3fqdMweE60ijih57LXRyLMPJn+6ZYOFCdc4KPpu2pbKNEYp0SPdGee2fADccLAU6L4MeI7DwbbnMOkGNwBd+G95rTglCsrdKm7bhAv6dO7fufpG7iJESA9mw6LRRoOek8XWXRaPg3EUYnfdq3v+rk/qsds+94v8EP6/eH4s0GcglHUsgK4IweEGVMTvhEDVYXdKaBtQ== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB5064.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(366004)(9686003)(33656002)(82960400001)(66946007)(52536014)(66476007)(66446008)(64756008)(54906003)(66556008)(76116006)(316002)(71200400001)(110136005)(6636002)(86362001)(2906002)(6506007)(38100700002)(8936002)(122000001)(8676002)(508600001)(55016003)(4326008)(83380400001)(26005)(5660300002)(7696005)(38070700005)(186003);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?EfuI5LOI38WiCmMlCrn7uAie1XZou0jiDlLsAer67bcFR5wZzJQBlltndwzM?= =?us-ascii?Q?oigEnGmAJY9uUQpyxNhScbsFox0hKUF6l6YUGSQV+fK8hb/ygCVGOWNvILwQ?= =?us-ascii?Q?7t3X0xgOVGCEQUdoHhqaEHQsq+Ay2cUUUGyaNhjjJ3TdfK8bq50PmualSsJN?= =?us-ascii?Q?A9jQZ8X7fmz4/X76fIBDzyx6obmmM+87h0Tg0V6GFNbeUv+gbPw9sU1oNbVc?= =?us-ascii?Q?ZpYCJklXTdZwC/ktgwT0fR0GVhQ6YmUjcX30jL3Ybjwdq238bQe47lqo72WL?= =?us-ascii?Q?hycazE/VKLRH6iaCjuh76mMtBaUpZLvIVCSS1Xa5o9NAJ4/TJRqHY3bOYOhH?= =?us-ascii?Q?EFmtT3ZbqaNdWc3JzW4k3O+jrFJzjusBxPXrHw4gPXgGKWP4qQb1G+/Ae1Om?= =?us-ascii?Q?NNBqWfKOETqkumW7OcVpEgcevYIzQyEYDpNzFghhGCvmuKpmD1XHflts/IlK?= =?us-ascii?Q?ZI5izTKKXTo9stu2nKvIw7KZlY3N5Ba+PQ3tFica7VJ4DnqAAbSmnztiLrGG?= =?us-ascii?Q?jgWNSYobPui3qZlfiDheMTEsd2X65jqL8VefKuFNroaaKX9rgSRlE3IQAYEJ?= =?us-ascii?Q?jzH9CR8eYr8yRQNTnC4WiVSNYenpQSnJ6m5WB+iFRnvLlnL35+4q4ZCQedUs?= =?us-ascii?Q?sLYlRniIB3fDp7RTRoMsl+ursQKhUqVbzFw64AgPuE1qwiGsdD3On1fmKWMW?= =?us-ascii?Q?XdEQGf2po4UQwqNqzUw9xGM2NrHCYAlrGd4f46yIdRQTGxaG2oY3Jnydj6va?= =?us-ascii?Q?oIBfBRQ/eesWftu3p95DZVuPFoS4ZIUZgbJmRf3tOXgaUvfXM2HU/00LnBDl?= =?us-ascii?Q?gfRVQCN3Rp/Cm6H7EfB3sC72xMcCyjBkGMUeegEPEHsBZ2VezwIvsvsE2los?= =?us-ascii?Q?yURwfTOFtcG1EIkn/0dwykc3hfBbed4Ak3Y2sZFS6gL/qBgEC9disjW/Xhvh?= =?us-ascii?Q?1QU1k3bT4ZkEgox16DnRlTN0VnaMviS4vcuOIlsWLAwCOnfnJG1F4Tqe2QJF?= =?us-ascii?Q?GligN847vznv9QNT1O3HoenZeGA1OfAwVYnd4JptmvhF89QG2LtDqGaTzTyn?= =?us-ascii?Q?zkKL0qYJLWVllw9hg9/PO4Hwb12k4JjinAKTbkt1320ymYeNybw10H1z39On?= =?us-ascii?Q?Q0mcB8QmjzrzeL9dkRhSO0ukZlDQePOwtAxSQMTt7OqPJYAl3mscslGyjFLE?= =?us-ascii?Q?h9KwGUJlp6vmvJFMXk9RXyAVjcFwmR6M06tGI4qxqdvItSzNp6iIZcBleipC?= =?us-ascii?Q?gIZtIuviQEIELg7sXFq5jH50DDGfbrLvxK0I4MCaSPfP0YGEZ8xPPUNh+4ZC?= =?us-ascii?Q?LujcrLomSW7zEUA2UChKWw55hcecVzGjIULiTanxnsaXAVha9QxJFeYmu/Gv?= =?us-ascii?Q?6iWaZ8jq6sa7PEQaqpcHdYB1tVftYHpoSIJ1h9S3rdcKXVy+eSQn1xAH1GXj?= =?us-ascii?Q?jwbKMWWFiv+OD+Kal1IOflCqihhkvSr4KShbz5Lo5wEc+U94S348pobn7JQV?= =?us-ascii?Q?L0Huw6FuGGcp8dle99EgKLaK+ttlfWG53TKwV8cJ7hkhb/bXvGZ9NA44drs/?= =?us-ascii?Q?HuOE+y+s8H7013uSwm6aPyB8Lw/07ES/DfzC0HwYlLtsKYUUqrwuykQKSj+/?= =?us-ascii?Q?GA=3D=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5064.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: c8f531ff-60dd-489b-dbe2-08d9ba097d90 X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Dec 2021 05:13:37.2608 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: lCk+CdEZ68fBrLBP/rXXgpMUiSAa4rtM8DHYcS8ThvlFQy3nXIwdIPRamtVcKg5Y0upkJJdNQUjzf9NBhIzebA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR11MB5863 Return-Path: min.m.xu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable On December 7, 2021 4:05 PM, Gerd Hoffmann wrote: > > [Jiewen] OK, I talked with Min again. 12ms is not right data today. > > We have bigger number, but I cannot share the data according to legal > reason. > > > > But I agree with your statement that, if the data is small enough, then= we > don't need MP in sec. > > > > I propose this way: > > 1) In first patch, we drop MP in SEC. >=20 > Yes. Next implement lazy accept ... >=20 > > 2) We can revisit if it is really needed later, when the TDX platform i= s about > to launch. >=20 > ... then revisit where we stand in terms of boot performance. >=20 > And, yes, doing that on the final tdx platform hardware instead of prelim= inary > development hardware makes sense too. >=20 > > > Where does the 50% increase for GPAW=3D52 comes from? > > > > [Jiewen] Yes, this is about page table. > > The reason is that UEFI spec requires you to map all memory. You have t= o > create page table for all. >=20 > Seems that has changed with the latest (2.9) revision of the specs which > explicitly excludes unaccepted memory. From section 2.3.4: >=20 > Paging mode is enabled and any memory space defined by the UEFI > memory map is identity mapped (virtual address equals physical > address), although the attributes of certain regions may not have > all read, write, and execute attributes or be unmarked for purposes > of platform protection. The mappings to other regions, such as those > for unaccepted memory, are undefined and may vary from > implementation to implementation. >=20 > So implementing lazy accept should bring the initial memory footprint dow= n > because page tables for unaccepted memory are not needed in SEC/PEI. We > can lazily allocate them in DXE instead when accepting memory (either all > memory, or just enough to load the linux kernel and have linux accept the > remaining memory). So as the first step I will submit the patch-set without MP in SEC. Lazy ac= cept will be a separate patch-set after that. In the Lazy accept there are changes in multiply places, such as accept ini= tial memory, publish pei memory, transfer to DXE hob list, DXE Core GCD ser= vices, Shell(memmap). Also we have to consider accept more memory in Pool/P= age functions when OOM occurs. Thanks Min