From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by mx.groups.io with SMTP id smtpd.web08.1654.1646353140871639052 for ; Thu, 03 Mar 2022 16:19:01 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=m8h+xz/P; spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: min.m.xu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1646353140; x=1677889140; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=Yi7HiTniv3IuLykIQsT77lCVfQIvg2ASpMeP+Q+8lvI=; b=m8h+xz/PnGN5MJ+ZDuo8MqdAy5717NlvEb90mmD+l2ZUzkljm4erbEJq V4VQF+L+XHkB8ejHr7leyuMspBkxHcnKORYr/S5H9G9tc6ahmnyagRBHy uqomTgmXu8lG74iX2iP5t+hY4tcH7OdBdg9+qbtwF0rO3V/jqVX6SJd2L jSxyWXHRCG/mnUhxyf1ZiM06pD+4I3JiP5eWGLEUlw/oOQaH01mtNhcu4 wg33ksfA3f9XxwBDPt3o3/tgdQ7Ttb46yswj+uzEJ7JktuUlC76alPvtu Fa1wO20qMna4OGMO6rmioIIYDqVnnO/h+xco2MJxrTsAXSIsX/8sLbzzD A==; X-IronPort-AV: E=McAfee;i="6200,9189,10275"; a="253783433" X-IronPort-AV: E=Sophos;i="5.90,153,1643702400"; d="scan'208";a="253783433" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Mar 2022 16:19:00 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.90,153,1643702400"; d="scan'208";a="508802265" Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83]) by orsmga002.jf.intel.com with ESMTP; 03 Mar 2022 16:19:00 -0800 Received: from fmsmsx611.amr.corp.intel.com (10.18.126.91) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21; Thu, 3 Mar 2022 16:18:59 -0800 Received: from fmsmsx604.amr.corp.intel.com (10.18.126.84) by fmsmsx611.amr.corp.intel.com (10.18.126.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21; Thu, 3 Mar 2022 16:18:59 -0800 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx604.amr.corp.intel.com (10.18.126.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21 via Frontend Transport; Thu, 3 Mar 2022 16:18:59 -0800 Received: from NAM04-MW2-obe.outbound.protection.outlook.com (104.47.73.174) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.21; Thu, 3 Mar 2022 16:18:59 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bfMEJYaLiueXQmz7z1oYZ0QmKsntimxfgWs+d44GEjElHnsPNh18l8h3b9tN+6x47Jn6SdFpN7pUjknvf4WMdfjrsxro/887IA/QXEhVJijZlan5PcoJInnsEiEF7wqtK2yWCsJ9hgnfl8JdT/OhkuPBjhw1tn5tSkMLbeGRLntB4UqovsPVwmWfbGxFScETveGQia6/BPAofKmrAKulCuC9D4+0J0KBzA5ADJoIVpp1HQ6ApkeOiXVJtuDPswUtAdwg9OCCV4ldE82v5G+lxB34vVZHTdhU6IMNCiUz5WRGj4XSv7uRpfoHyEHGh2SSb+mSDn0gLHgh6+9QqTY+AQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=co2gz2uvvPZXCgzW8Tuv+uOmzx0cVsDczNNG0rHq4v0=; b=jVE8hZi4jtt9L0QHGD+CWCIPexZyzcW3R4QzpJzESlXN6jmC9xx2gc1Bg3PZ4HqErD5NQGyDF+fIqwOFDn+ZOvew12s42yKvWU3EjUwa/v3CBpVMIs+IVNE0ci72JXGyANgJX6cAAvdf4AghmsjDhJ1XPr29dHvTnsG3FuApwTjlTgvaKCfEZcIrJ6bN6GjHm2FfjJEV7yCDPzBtLLlSkpz5Qmx+H0THhsezSk4/tkV4wPog4Ii0c7itNdu5AA9PqI1xt/unzNSNg8VN+NcRauGwHT9Uy1YnGJIM16UKwvtBsRDHX3llm4JXq78Y1iL5ZDghhYL8LcizRiI8rxGi4w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from PH0PR11MB5064.namprd11.prod.outlook.com (2603:10b6:510:3b::15) by CH0PR11MB5755.namprd11.prod.outlook.com (2603:10b6:610:103::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5038.14; Fri, 4 Mar 2022 00:18:56 +0000 Received: from PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::98f5:edb6:aee6:6886]) by PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::98f5:edb6:aee6:6886%7]) with mapi id 15.20.5038.015; Fri, 4 Mar 2022 00:18:56 +0000 From: "Min Xu" To: "Wang, Jian J" , "devel@edk2.groups.io" CC: "Wu, Hao A" , Brijesh Singh , "Aktas, Erdem" , James Bottomley , "Yao, Jiewen" , Tom Lendacky , Gerd Hoffmann Subject: Re: [PATCH V7 25/37] MdeModulePkg: EFER should not be changed in TDX Thread-Topic: [PATCH V7 25/37] MdeModulePkg: EFER should not be changed in TDX Thread-Index: AQHYLHP4d6RXasB54UGVMuR9kb/Ucqys/+cAgABJ83A= Date: Fri, 4 Mar 2022 00:18:56 +0000 Message-ID: References: <639b222086067437c7613d942f36adf0636376b0.1646031165.git.min.m.xu@intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.6.401.20 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 080b9e6a-03d5-44e6-aa5f-08d9fd74927f x-ms-traffictypediagnostic: CH0PR11MB5755:EE_ x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: UUcaAMLlDequT0WwXkDSBJIMUq+UH9+VWnDVpGui6a7NDIJyW1xpQ7+69gJEJzej9s3eeXG2smdkghjERRY8yskC1l6chsFoQ7DCCf2ENATe9sRG9usSOqqXMi+BO33DdrC+uxQPwcH3HyPxZmNrJRMD/SsWQoU1ivozjUtq92rluD9jnVIstHlHxVds53EGCy2wLmtZv7lP/qpW0cvg3w7XGPK2Y+gqBSH/dk0DKMR4lLj88SfssL6PQxd2fG4yOAgqAsKlL7m6WQjv0wuKzI/G1pTo/6Ytp46AA0OYUazpL0JqR7WUzqA9w2J+8c7bPn+6gCJ4ZPmOzURjfJ7xT1/TtIlwC7X10OWgAX/0mEzO42BCfm3ZCFjyqc44nGSUrCBLa6DNIipCh2PVWeWPR7K+Q6EwYO6Kamp1ohEq33k30NSjMiQCv7fcyvvNevLPFejF5m1cZYKJ+Znd5Md10IRqUWF+rM/gLeuEcGjaFqONxBJndIxzKg6gUw4ydBngnSF0/JXh+JFiAJquFF/Un9bbjYQ7KzmkyIAOGmnPLIWWysovYFegooHnYxFOL05TAUGVX+ut9WZ/4jaU6Yv3eWNqmz23LVm1W3rxKoMZjJ+0WAXPTbH3pq7Ti83JM9gkZ8Wk6dAvxhgaBFOHUxMsRy1IJUSuegIjw7fgV4D2Prf2XWtsiVT0hCURm0r6ZZOefZr5fb/gIs8PD4TTdzPQUJSU007zkOEgvPT3ltBH+8rbX5RtkXBs46Bb0QPtzrfmU+V7QV9frb1lJRFCeVYFvnDEtAZUXV9yDxxsksRZMtw= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB5064.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(66556008)(8676002)(66476007)(66446008)(64756008)(66946007)(76116006)(4744005)(8936002)(316002)(54906003)(110136005)(966005)(33656002)(86362001)(508600001)(9686003)(6506007)(7696005)(26005)(71200400001)(2906002)(38100700002)(122000001)(5660300002)(4326008)(52536014)(186003)(82960400001)(38070700005)(55016003);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?H+uvtGE1TcHLGyg8crVrzyLbNjZgKBcLgL1hQhLybDU7o/pcHSaQcg40oMjs?= =?us-ascii?Q?uCW6hY8dU8JNqLuzBJJR9Es8UiCrD1ClOsziVWYgi1JRX2Rj6kiIecSGsiVn?= =?us-ascii?Q?7j5/Wx02iF16aoLGrRy1twWK1/MwU67kj1oVdxvRWTkMNZUvr9ZYeG0FhSa6?= =?us-ascii?Q?xpsgpYS20J4wUkBwMdJmgT1svlbU0tVcemhQqsa7k2D/DIAcZqz9vayenFPQ?= =?us-ascii?Q?XMzjU7eT85B5YSlVdGu7pf9iz/JRZglOCPsclO21uxYN2uAKcP4R7lJS4OLM?= =?us-ascii?Q?s2A9WQcUcp19EfW9CynL62tX/ouJtDf3MCDFesaHJSu7SpDicOycFnTL+CVW?= =?us-ascii?Q?r1vkWRwPQOOF0ZfDPmogBl+b9UYXqUatxSQSrvNKHcub7jObFZnNI+b/4141?= =?us-ascii?Q?HXAZtMCzaDa/j+uovR4gxyquormlVxG6JLqXP1BiIRPvvoJatomCyOd66T7u?= =?us-ascii?Q?NaPRfZeWDAiAORtZtuGE/Mk9RT+Sp320FsJ8byAd0yl9muEQdMEX2Zy+9zlf?= =?us-ascii?Q?hCyntCLvkapZlSRAl4ZyXOfc0PuMftdjTf5vVjufSsgIkHhpp7Y/RGcmgOcI?= =?us-ascii?Q?ZEu/FTuXbY4fcOHdPKATu5NYuLZ9XII49JXhsFY92PFck/dXyCR50goEXwcM?= =?us-ascii?Q?LlaDuW4FY2H5QR5oDKixSYy20sH8bJ8e7SsCRTIv7d0HSBTuHotAtBb3MsQb?= =?us-ascii?Q?irkj7WvHgTOF9scGusmEYYZqSmU6lrzSgCfuOKuPS1iL1rpas4PuBgQgMKhI?= =?us-ascii?Q?yWaawWzJefTV5SN7znenQYcynVBnBIw4L9dlj2pKW43WE8LzGg2AWy8IjSb8?= =?us-ascii?Q?5HDtZW+v+7uhHP1BbcQuvTXNMm8sP9v+olkNhzbpps6kOMZQf33bR+JBMHRt?= =?us-ascii?Q?Sbq7YZ/lDYSMi1rPbAIi9TysUMlBD0h3lfBBgDXjuwL39oRnanma0ceUEFhb?= =?us-ascii?Q?AOdvu/qMA+cxkPUcsApa0IXZU/PmOM3wTfzKJrpoN693LO92uapAWiNOOqPC?= =?us-ascii?Q?Y/s+5nC5Ali918AQalHGLS4OcrGa92zN+OlKqISFPNC0A2PuPTD6F5xyJHtB?= =?us-ascii?Q?Uth/i49rs04YBjFcwaTfvL/q7QVp/vLVQJvyKgym4i4pvv/3Q6qTgr+2fatz?= =?us-ascii?Q?99MxroHBwIVveWI2/hfVDBaHPrjURxt5ya9tSANj1Tlef8jxsRbTJHoBjXhu?= =?us-ascii?Q?cAKnAhR6hKVXmvXFpnOS9KDY2A5JG/GC9vkEvS+RAsSgHJSuF9v43WIRpr9i?= =?us-ascii?Q?ZA1p2jJRF7bZ0hvfwpj5mZRDftxUFClJP2681rUL90jxjZI3D7+RiOaysJlx?= =?us-ascii?Q?CUm0QFQY0gD/gjqbK/5MUe4/GgpO3a+x0rw1KTbKHbn30i7yHZrehoi9c0cj?= =?us-ascii?Q?vZPe783jXKOG+RDJ55OAKWQPDAyGy5PH2JMaMb6MYAZBoznujU3D2WnPwgKj?= =?us-ascii?Q?aCTj5ZHDHoiKN1jI5WSPIn+39i5UaT6+ePh4jfm9whrOjUKTtqIPK3LWGcN/?= =?us-ascii?Q?W9WckBbBfIxWv0Oz/jzJU86OXzdEA2niVajYRh1TGIxKfAMwFiLjTNfMLAUw?= =?us-ascii?Q?HXyb1NIlsiwR9NwfTKqmO3dLE2xU3jTg4sEEAKXS+malE5fvORuWt8knwp3R?= =?us-ascii?Q?XYidi7px5GVYdSDG++7/QsI=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5064.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 080b9e6a-03d5-44e6-aa5f-08d9fd74927f X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Mar 2022 00:18:56.4260 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: AndwJAJN5y7hB/6goQozwmoR409Fh6sp5Vy2kSLtt3cDlPScvDrbrVu6C6h3MZnvEuYL7iaIs4GmAQeGR4SLLw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR11MB5755 Return-Path: min.m.xu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable On March 3, 2022 11:12 AM, Wang Jian wrote: >=20 > Hi Min, >=20 > I think the PCD should not be dynamic. Dynamic PCD is used for those > features which can be changed at boot time. But, for Intel processor, it > should always stay as FALSE. So there's no need to make it dynamic. > FixedAtBuild should be fine. >=20 I realize this PCD is not necessary. According to [TDX] Sec 10.1.5, IA32_EF= ER.NXE is initialized to 1. So in the function EnableExecuteDisableBit @ Md= eModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c, we can check if BIT11 is se= t before calling AsmWriteMsr64. It looks like: VOID EnableExecuteDisableBit ( VOID ) { UINT64 MsrRegisters; MsrRegisters =3D AsmReadMsr64 (0xC0000080); if ((MsrRegisters & BIT11) =3D=3D 0) { MsrRegisters |=3D BIT11; AsmWriteMsr64 (0xC0000080, MsrRegisters); } } [TDX] https://www.intel.com/content/dam/develop/external/us/en/documents/td= x-module-1.0-public-spec-v0.931.pdf Thanks Min