From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web09.8508.1634134026620571711 for ; Wed, 13 Oct 2021 07:07:07 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=m5GnnQwu; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: min.m.xu@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10135"; a="250851613" X-IronPort-AV: E=Sophos;i="5.85,371,1624345200"; d="scan'208";a="250851613" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Oct 2021 07:06:44 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.85,371,1624345200"; d="scan'208";a="524639142" Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by orsmga001.jf.intel.com with ESMTP; 13 Oct 2021 07:06:43 -0700 Received: from fmsmsx607.amr.corp.intel.com (10.18.126.87) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Wed, 13 Oct 2021 07:06:43 -0700 Received: from fmsmsx608.amr.corp.intel.com (10.18.126.88) by fmsmsx607.amr.corp.intel.com (10.18.126.87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Wed, 13 Oct 2021 07:06:29 -0700 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx608.amr.corp.intel.com (10.18.126.88) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Frontend Transport; Wed, 13 Oct 2021 07:06:29 -0700 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.171) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.12; Wed, 13 Oct 2021 07:06:14 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gLIzoKcp+FfwVygpRQTmyRI8rJPQv6YHkoptKRtmq6viesOHJiu+iWiacw/VOMzKfzhnSBeNR9JnLAWoKv/S4cOJZaaxNJUfKB696oz6BDsodrXeTnTbwp8jR0jH+hkYpqGIfPCQEjwGXcFLr/34+LJWxDSlsg1je5gfIlUK1ZftDNuk0Im3GJqYYn/tjxBmxZ15BXFooyKGzAfys7B1EGc0O44/wBTtrBhidJAcUXzkHhgKtVAc3VZU0+KbQ/oXmDS2CVsGMeXhSS0C7IGggdlxGugySFuAuMlSP4YpOktkuqOalLIVzoKs0e5x3SKjcaZL9wykOoc1v2iMTjJoLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JiOVHrZ867ngrEOvgfD1finNNL3tl4gQFksvLnB+aYI=; b=h6SXvskBqhVKu4tZoDgAbYQGQM9qLPXnOTkaK0qjfBEqpfho5xsdh6WlFrolCYSpBj6IIMd2yUv+aw+A7NJDo/FgC73hMmgqJxorGdKZqE+kc3ipsDKCBk69vT+KMNTcMStSSowf7oLh2IEjopag+vHC4BcUdaNrOh7fsRl4d07tsXCLjUlGMEmc8ZnmRYR8PziPaTUE8XvHUdxt+OulBPci7HKBkOGTexNnjvD3BNIOIBMJTFThykehRcdg2h2n+Qu3XLSQnu00D/nHUH+aGPl90mlVfYUoT150g5V4SjVnxviVaIb+j2rha1gE2M2eUuS7mwQuk93wg73uF6DG7A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JiOVHrZ867ngrEOvgfD1finNNL3tl4gQFksvLnB+aYI=; b=m5GnnQwuM678Ds/obbNvM7DEgzVLFrAEp33/OFh7dsAS8ynCDIKMlbP2dM+hHydSGJXHvGoI/8lYHV+OshoVWV+TP+V0fxOhuARpER/rxts6LqnSpvQzCuErYsj8uwX4TAA+Y1cDALKjfD422OLJJqmTMca+1bwNAa+SGJYpa7I= Received: from PH0PR11MB5064.namprd11.prod.outlook.com (2603:10b6:510:3b::15) by PH0PR11MB5903.namprd11.prod.outlook.com (2603:10b6:510:144::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4587.20; Wed, 13 Oct 2021 14:06:13 +0000 Received: from PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::7deb:6c36:73c2:f0d4]) by PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::7deb:6c36:73c2:f0d4%3]) with mapi id 15.20.4608.016; Wed, 13 Oct 2021 14:06:13 +0000 From: "Min Xu" To: Gerd Hoffmann , "devel@edk2.groups.io" CC: "Dong, Eric" , "Ni, Ray" , "Kumar, Rahul1" , Brijesh Singh , Erdem Aktas , James Bottomley , "Yao, Jiewen" , Tom Lendacky Subject: Re: [edk2-devel] [PATCH V2 07/28] UefiCpuPkg: Support TDX in BaseXApicX2ApicLib Thread-Topic: [edk2-devel] [PATCH V2 07/28] UefiCpuPkg: Support TDX in BaseXApicX2ApicLib Thread-Index: AQHXuZrDhmgNWK86YUawJX7XyijwsavPMRWAgAHOKXA= Date: Wed, 13 Oct 2021 14:06:13 +0000 Message-ID: References: <0dcb1ac3ad788cc7a4fd293fcf183b6ea9bdffb9.1633401643.git.min.m.xu@intel.com> <20211012101557.j5xjtrlyofj3tadb@sirius.home.kraxel.org> In-Reply-To: <20211012101557.j5xjtrlyofj3tadb@sirius.home.kraxel.org> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.6.200.16 authentication-results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 5d0f6f1c-e54a-488a-8dd9-08d98e529dd8 x-ms-traffictypediagnostic: PH0PR11MB5903: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: m07aCZVSel6KXNu5tFshDewu4Qwl0ND5VayaH0d+Fuu9rSipFc0LrNyUcQMW+YZz2t+cyAu2gqxrDKoVJ70txzASCtmCIe0HoiQj9I3AhEYu6O7BIo3SikxTbi6JZNOs95BsY0mrk8amptSLR42TYZuEAokwQ4ULxce5WIGqBBYslzIki/F7Dmc9i3YRFAyL6uDJuA6JEsvdrkS/dhFmOwMSoORou66b48o1oleh3g/NVjbnTsbYmhstG+YuRVYpE26kldytM4+et9dWl09DmX2X0tDkhyiRABaPm8Zi+xfIVQcbZX3OczGZjrQDN8+pCw/zozNbnR34NZ5x97DH3C6aRfYO+fTyWd/7huMxrbO6MuXgfmSfVFmvkDC41kMOijPTwuIf9V8k4Wj4WtUsuskJIant6wwHQp1MCJ9P1zLdHF51QYrum8sW7BjG1E9wgGvk5YH8RIOyBEGXe25mZvNI/d83PJT6VP/CUgZRGOjW9PcxxUA+H9F2/sMcZgLAKhAst+mAVFkRK8qH4hDHdBPAIRYDsRRkFkln5EpuPAlNLhZ5jDvWMuDjHu6HV2sA9lov4XppPeSQUY956P2G8cmoMK7si015PHcpl2vRU+UutAeGdCIm7EFOzcFIWpgsDaXeiGAN1K+QTugIbARDmKanzWEQsVA6As2lJQBcVWY0v1csey9knu83o4qpBaz7p+GAIRmcijw+zLwY9XKw/f9TeVJfNq1WpirKYX5IfOm4Znvt58Q4kkR+D7KqG2JYZSWqRVdwdWUPn324wisBzcW2Ay91qeAGc9FNSbatSIA= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB5064.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(366004)(8676002)(966005)(66556008)(66476007)(19627235002)(71200400001)(64756008)(38070700005)(83380400001)(76116006)(508600001)(66946007)(52536014)(38100700002)(66446008)(33656002)(316002)(82960400001)(86362001)(4326008)(110136005)(26005)(5660300002)(6506007)(7696005)(122000001)(2906002)(55016002)(54906003)(8936002)(9686003)(186003);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?OymFW5x8aQseOQDmEqTL1lTBXSzP4Q56vZ7L+j6ju3xgFWFKzWl+7T0JCeXb?= =?us-ascii?Q?IeCLi02ye360rLUliGGKLCJKGT5EV41BgNlYrPueTpxUuk7+tYJE99M/7ZI1?= =?us-ascii?Q?gjE37sXJrsJsuyK273S/rzr27zKzotHOCY3oXBWWTp7B0vBANj2c+Ewghei+?= =?us-ascii?Q?R0nzBQcqMe6gUeMzECXBdPdq3kMhNmB2pnioU+GLBFHjKX3ysXFjUCRqQipL?= =?us-ascii?Q?pNSUsIsvfakcErAjGM6mk01/oJaIz2ukd08VyoB7YzSkmBqc3yDM/bX8jwxX?= =?us-ascii?Q?vLecjDUP/noWlnXFet26fmQtzZ7gWQP3I856kcJ/jBN7DitmwRMh5usMdqQR?= =?us-ascii?Q?hzwLiXsfIENCkCZ2bH202oFIRo4rvC+hCtoVUSX2OqkWW9bf48YDE39NU2TB?= =?us-ascii?Q?ZpTrT6n/YLLsckKyr8GrRrJeStgPvlI+FzO2ficzidVW4IKYyIWT1i0fG8BE?= =?us-ascii?Q?6xYQHi0qCU5GJYK8SYaX7eSBfyfJiXccZMZ0Cfh1jODEORJE0L2rXJkAA3ya?= =?us-ascii?Q?MLiTZiModkEeSGAMzPEQgFJq8RO0VCjZwHRsbsv1V5vnb6I/51RQgxR4F96/?= =?us-ascii?Q?RNXhIE/e45vUtWTbm4r+yXhBMQQqKu1/HguBcRXETVYmfE8ZyYqGgWQB//k/?= =?us-ascii?Q?5qgiOpHZUU+OVSnVcUIaAlsKDQO50SHyUp9u77lvJ/bOonxBnya+0XJtPOSA?= =?us-ascii?Q?EIwv6rfFkd1hzt9ZhGspBzfxtwSD2btgrLnVTRVJm2M3zgQA068Fn6OqyuYz?= =?us-ascii?Q?e/DdUkquCaFe8RzU8iWZzjQePMcKWIbs/6L3PmiAtVQ/nT9iepzekyW0ISgL?= =?us-ascii?Q?2IZU+6IXO49eGZla1h+qrsbeMJEUz62MJr/uR4bi6jQo5wJm/yhQdDI57lsC?= =?us-ascii?Q?frps5+68GDn0UD+/TCFI9IpgWiboOAG1+q7E0fjmm4Rkf3nWKF2GzCu6s2Yx?= =?us-ascii?Q?F34ZZb3pM1FzpqDZ7JG/dsI+wh0mLNps6gxBARYsupY9mhtUSonAyKjes0Kp?= =?us-ascii?Q?+ynShHsYjDt4TXUt8q1We7nblKKpz5YS/GtNrcVRWObjEh7y7loTERfIl7jS?= =?us-ascii?Q?fC/bUUJScaqYM65S3V5ymdxoG8YUzkbIv/kOztQvLps674Fg7OXe2kukBJoa?= =?us-ascii?Q?4XaoxlNm0TxvLgdBv+LYO7ceyDlaoO0qioKEsP52G+o9bv1JZCnAhf4JSuTR?= =?us-ascii?Q?EjOmVzMpmnBD6ehklskEAb9dZQ0fMQC+ilvIevcPBjhBMF++09aompFGY0yW?= =?us-ascii?Q?acShBRF7ChlIf4MdSCEeAPS+xvDpD7x11pBVet7jY03Tjk5DsXgZ2GXD26aC?= =?us-ascii?Q?zB58eiLhB1TFJnRAnEcgIG5y?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5064.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5d0f6f1c-e54a-488a-8dd9-08d98e529dd8 X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Oct 2021 14:06:13.5148 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 6tReFcMKSsShWq3jjocpnE+EkHb+l8MDrgtkcQDAkolKnHqjaGbq8Yjvz7IGxTQoOCR2aRZNB1r7TwB+MQ2qaw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5903 Return-Path: min.m.xu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable On October 12, 2021 6:16 PM, Gerd Hoffman wrote: > Hi, >=20 > > + do { > > + AsmCpuid (0, &LargestEax, &Ebx, &Ecx, &Edx); >=20 > Use ConfidentialComputing PCD ? BaseXApicX2ApicLib (LocalApicLib) is included by the drivers/libs not only = in DXE phase, but also in SEC/PEI. For example, SecPeiCpuExceptionHandlerLi= b is included in SEC/PEI_CORE/PEIM. In SEC phase ConfidentialComputing PCD = has not been set. So it cannot be used in SEC phase to determine if it is T= DX guest or not. That's why CPUID is used in BaseXApicX2ApicLib so that it works in SEC/PEI/= DXE phases. >=20 > > +BOOLEAN > > +EFIAPI > > +AccessMsrNative ( >=20 > I'd suggest to reverse the logic, i.e. have a AccessMsrTdxCall() which re= turns > true in case (a) tdx is active and (b) the msr is not on the white list f= or native > access ... >=20 > > +{ > > + UINT64 Val; > > + UINT64 Status; > > + if (!AccessMsrNative (MsrIndex) && BaseXApicIsTdxGuest ()) { >=20 > ... the just use "if (AccessMsrTdxCall(MsrIndex)) { ..." here. >=20 Ok, It will be updated in the next version. > Beside that: Are the apic msr registers the only ones which can be acces= sed > directly? TDX: https://software.intel.com/content/dam/develop/external/us/en/document= s/tdx-module-1.0-public-spec-v0.931.pdf Section 10.7 MSR Handling Section 18.1 Table 18.2 MSR Virtualization=20 X2APIC MSR Registers which can be accessed natively is in above table. >=20 Thanks! Min