From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 by mx.groups.io with SMTP id smtpd.web12.3937.1630568973694003950
 for <devel@edk2.groups.io>;
 Thu, 02 Sep 2021 00:49:34 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=UxfvKNVX;
 spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: min.m.xu@intel.com)
X-IronPort-AV: E=McAfee;i="6200,9189,10094"; a="241289668"
X-IronPort-AV: E=Sophos;i="5.84,371,1620716400"; 
   d="scan'208";a="241289668"
Received: from orsmga003.jf.intel.com ([10.7.209.27])
  by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Sep 2021 00:49:32 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.84,371,1620716400"; 
   d="scan'208";a="429048262"
Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15])
  by orsmga003.jf.intel.com with ESMTP; 02 Sep 2021 00:49:32 -0700
Received: from orsmsx603.amr.corp.intel.com (10.22.229.16) by
 ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.12; Thu, 2 Sep 2021 00:49:31 -0700
Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by
 orsmsx603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.12 via Frontend Transport; Thu, 2 Sep 2021 00:49:31 -0700
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (104.47.66.48) by
 edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2242.10; Thu, 2 Sep 2021 00:49:31 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=KSrWdX6nDg7oU1pK1z7yClu+RNuOhI3b3O22STdI7ni//EoAGQahVjIhK7EBlldpu9npYi20T0a2pSrztPp/Z69+4HAHYTG9KAcFVIk95zuCftLbV5mrlrGzR02eEwwpw/qXA2Z2TOa00GDV14eSvs8q+81qt39g2XA0Pa1BxCP+L6uGahg01x+trJkcvpKUz3qzFtjzbpvwUKgkl5RnvRW9+BKDSrCYhLdR5GiCcndghtwP6CcWWLnALvXUCvaKswnTlZ/id+htkdWQrNFlq2Wp/EhJ7iFsqY1h1n2MpR4PBIsQ2U2Iy+01Cdr7zugiyQNfBnasqC2x9OCH1fVLKw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=sgbhCEDT+5nuNMvU81F65uIKpe9UbU50WLMSO2V8W5I=;
 b=ZdQW8NJkKfayHylteUlp+C+agFgMQv5yKPSsqVhKjamfsvCByiD6ugFRUh1cvbqoPJ82EdmncEPdaNgbWuDBhAH9vnx3/jTwHBCTDhpwZDu1C7HONLKC6SG0nFwsXHNE0NONP33cn7b/F3gMzYQDKamWSFUptpPHMzOHzGGP2XbVtoTyaOBTeSM5zZ2KTQJmjZj3nubReZj8rJOq048pJ+qC5IzhWM7WZ007+Wov1Vofdkt8iCKj6BeAEQXofeeS0m1K8Tr05j0DU9UWz5aJlPOnquRuhm1tzYrVrpGbdJqrGlESGcPx0vNkDA4MuzkOs7uDisNSaahdqbAIVehOgg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com;
 s=selector2-intel-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=sgbhCEDT+5nuNMvU81F65uIKpe9UbU50WLMSO2V8W5I=;
 b=UxfvKNVXcobS8x1K5TRQD6F+2xy2QjR7UQFwR5EOWdT8bSELKnZiwAaewjtR7EqjyLBx+R/u8/jwVxtih1yUtqsLEPPR8pgY8gVQi4hXuKmQ/AGII0ni/vF3OEZ2IQEqsm2sBtNEk6ceq2dXjR9+gX2BF1cAeP6qYWzb48b4fJ4=
Received: from PH0PR11MB5064.namprd11.prod.outlook.com (2603:10b6:510:3b::15)
 by PH0PR11MB5093.namprd11.prod.outlook.com (2603:10b6:510:3e::23) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.20; Thu, 2 Sep
 2021 07:49:25 +0000
Received: from PH0PR11MB5064.namprd11.prod.outlook.com
 ([fe80::c93:200e:5aeb:e11b]) by PH0PR11MB5064.namprd11.prod.outlook.com
 ([fe80::c93:200e:5aeb:e11b%3]) with mapi id 15.20.4415.029; Thu, 2 Sep 2021
 07:49:25 +0000
From: "Min Xu" <min.m.xu@intel.com>
To: "kraxel@redhat.com" <kraxel@redhat.com>
CC: "devel@edk2.groups.io" <devel@edk2.groups.io>, Ard Biesheuvel
	<ardb+tianocore@kernel.org>, "Justen, Jordan L" <jordan.l.justen@intel.com>,
	Brijesh Singh <brijesh.singh@amd.com>, Erdem Aktas <erdemaktas@google.com>,
	James Bottomley <jejb@linux.ibm.com>, "Yao, Jiewen" <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>
Subject: Re: [edk2-devel] [PATCH V5 2/2] OvmfPkg/ResetVector: Enable Intel TDX in ResetVector of Ovmf
Thread-Topic: [edk2-devel] [PATCH V5 2/2] OvmfPkg/ResetVector: Enable Intel
 TDX in ResetVector of Ovmf
Thread-Index: AQHXnUe8X7jjLtXUt0aYMxY+W+0FeauLqi4AgAFA1CCAAC5bAIACxYsAgAB76QCAAAT8IA==
Date: Thu, 2 Sep 2021 07:49:25 +0000
Message-ID: <PH0PR11MB5064D2AC9261BB504CF0257BC5CE9@PH0PR11MB5064.namprd11.prod.outlook.com>
References: <cover.1630289827.git.min.m.xu@intel.com>
 <81c97a782bbbf83043854ad8a86d14604918d788.1630289827.git.min.m.xu@intel.com>
 <20210830074058.22gfqmzrha4su6fh@sirius.home.kraxel.org>
 <PH0PR11MB5064CE64BDCBBFA2654308C7C5CC9@PH0PR11MB5064.namprd11.prod.outlook.com>
 <20210831053510.ian6sqpefzmrrfi7@sirius.home.kraxel.org>
 <PH0PR11MB50647D56131D8449A650FC38C5CE9@PH0PR11MB5064.namprd11.prod.outlook.com>
 <20210902071812.2qet62x7npu25rht@sirius.home.kraxel.org>
In-Reply-To: <20210902071812.2qet62x7npu25rht@sirius.home.kraxel.org>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-product: dlpe-windows
dlp-reaction: no-action
dlp-version: 11.5.1.3
authentication-results: redhat.com; dkim=none (message not signed)
 header.d=none;redhat.com; dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 27e82766-2c7a-4275-0bfa-08d96de62f55
x-ms-traffictypediagnostic: PH0PR11MB5093:
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <PH0PR11MB5093D3E1339BA997E28FA99EC5CE9@PH0PR11MB5093.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: F4jUTXTvMzcyNY8k/QuHS70kPVjR2nPb9vXZeqvDo0BkmByzd+bxjDOa2rpNRPc3iLRDqu0Ko0tEh7+xFEhqucqPGsUH+onFZnzHiWBgF5298HHnMXImwBEzeiKo1v+pCPHQQfdz5ecIqbCUzJupJFgjCZiRQMPxXs0orr87R+taVnxG8Zw1UNhOoAUKN9MWnlLXvTyD+/Z+e8hpGEX4jdMS5geoF9UJcnmTBZGTpXyxRgYKPfVb1ZsnbAGyTXrscyZy4EHAW3KcJgJdectZWToNKU6JAl/53NoY9LRuhIjbwcc1esfZmBYaDl2dwT/6471Z4o01VV1EJpK0GmE7cjxCx6KEm4L8Wx+XwtnXvvaCqK8FUJBN54+xlE2x90XTRLr1N+rzaGz124/nrUboNfa1z7SOxM9HUoli3Dcj8fm8L75eUR/vrhtiE4V2BhJmUhVU2xjXmTvYEvDPOCq1QVTAXt9Ux3pxAb7FzZgcFACbDopgWDPQ4qmwT4+VykledY09Pfi+cEflzGUdBeABYm9ZpxZbxPBQiyu9j187B+AsgT8p8yWyxDJLs9/x+iyjV3Qgq2GJoQhK1HgjjxCJ7lpOKc9L3EXUmunvwuLAWoOdL5dTxrSEoe4ggkAiSCFoMGkNX8xdSf0wFTOwbf1cfTVCPodKPVW5LvCrGJsrE4CBBX+F81TadpscSLKFtfMWdDqZNzw4eRJI63mTjRckiw==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB5064.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(26005)(4326008)(64756008)(9686003)(66476007)(66556008)(33656002)(66446008)(122000001)(7696005)(38100700002)(52536014)(6506007)(186003)(8676002)(55016002)(19627235002)(5660300002)(2906002)(38070700005)(508600001)(71200400001)(8936002)(66946007)(316002)(76116006)(86362001)(54906003)(6916009);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?2MlSIfccvbFtXhOnaC0n8BUBLJgvzG4BjWUeIXnldEJN9d1qZcJCW+dkExWp?=
 =?us-ascii?Q?qWUwtGfElvgH8CS8W87NKOAHv3GlGsj0el2OJ8ZIxOb+ZKrQsVNz2tpSWnKw?=
 =?us-ascii?Q?fAwIrbTIClOnrD3lhubK/qxO82FyFqp+5BTvehvYu1IfVfyhccFYgSwsvtXq?=
 =?us-ascii?Q?TFvrOGB0E13FFzpmEiGgX1TfVz0sPUewDKnS0KTUuVWk3jM+masCVDWYn85X?=
 =?us-ascii?Q?0DBVX31YZ8cOxLagqQKxlu5UIMMbhAhN7hG9LKu9lDYun2G9VxPGYGVM46T8?=
 =?us-ascii?Q?RrG+pl59Ik10ocXqDMNwgHXDmAA8tdIXN+WLqTGLVDRAsokZ0ZsPLsl8gpRu?=
 =?us-ascii?Q?Y61ua4fWA0tAz7XEM+Mp5etogHz6eKPiD/k4I3DAYJiNUbvouWniIEVg9yij?=
 =?us-ascii?Q?022uHYpURm0U+dZGmIbGvuK01YmNaPGfyfBK3xXCI5S76JF9f6TjrtmK5+rQ?=
 =?us-ascii?Q?Yn8w77RQ2nFdkqTcwL2O3j5+uJdei35TanVPuXRmyGgsKDdnQ51h7mwURH04?=
 =?us-ascii?Q?pakDHmDUB/VNYvQSFJhpsD0Eo6bm6XyX9W6Q8hgvC1sIEujEnLm4r1S0/dGs?=
 =?us-ascii?Q?ro6nNkvE/W+OHZI9jYbScmlEwN0HraB0nP/86i+R0Whtwsm8tZa5RpGONfqD?=
 =?us-ascii?Q?VE2cxF/OxI1jEU4/IZdDCdwSpWOrJKxOIQYUALptuMNxPNuuqfOicYvnKJGy?=
 =?us-ascii?Q?zkj3tCCpULgrYl9MGb4WWeynxpIDGvmNi9Em5qRVTJ2tlpmXGPvtK94v1rxn?=
 =?us-ascii?Q?vLLSMoqw1ZRZynkwgI917MZG9fcgj5lMTehOxtOncx8o2nxqxiV9LFiB5MJN?=
 =?us-ascii?Q?XOvttfAmKsUBTQZ+0POJRW55Oq4u31aKgWWA/uTeb40+68Qeq1z+c2hyC5wY?=
 =?us-ascii?Q?dYNShFdwajT1luqEA8FDs42jkTgPKpiTHKU0CRqxMFELA6C8JY6E628p7gGT?=
 =?us-ascii?Q?RQ3Am7jcgD2f5f9eJEK9elD6FgL11phK2OFi4tH/D9907F42bPW5ld8Jqn8y?=
 =?us-ascii?Q?s5gzHsDhpZwK732098guh8r4Fm5/Vl+SqF+cnJWLXknpPjcokX8rYCzWSnWE?=
 =?us-ascii?Q?7TL57tsCqzSIMV0MZ8vFyhALcKttaXKsimwh3w2AQizooDRPPyW0/OFBypw4?=
 =?us-ascii?Q?lV9sod+hRU0DnKQ/WQzaGRPW8OiEFPUm13YSTju5ouEQQuyCmugyGzJu2BGx?=
 =?us-ascii?Q?YQBxau2A+E1Ck1JH2iizXEyE+RN1G31aW9zEDM1pK/oOtSiLUJ1mpIY3MYZn?=
 =?us-ascii?Q?jKmPgZZugoMll5YreRsY5GaXIVMexYux+Bhki3oAC1S9Zh1B+/INAq7+nS1y?=
 =?us-ascii?Q?lZJui4PWW1KUAAlpZHzmTSUh?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5064.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 27e82766-2c7a-4275-0bfa-08d96de62f55
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Sep 2021 07:49:25.2638
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: +hFFY2Hsod9PKnXKX+87nYpKRNsADzSjhrPfSCy5BCsNJm4nO8oZMmQ6VwUXs4XRFPcNo4/NKeyJqzAbaJl92g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5093
Return-Path: min.m.xu@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

On September 2, 2021 3:18 PM, Gerd Hoffmann wrote:
>   Hi,
>=20
> > > Sure.  And I think we should add proper 5-level paging support to
> > > the current ovmf implementation instead of adding hacks to the tdx co=
de.
> > My understanding is that we should first add 5-level paging support in
> OVMF, right?
>=20
> Well, the page table setup should be in common code not tdx code as 5-lev=
el
> paging isn't something tdx-specific.
Agree.
>=20
> I'd suggest to add this to OvmfPkg/ResetVector/Ia32/PageTables64.asm.
> Reserve one more page, setup the tables for 5-level paging by inserting a
> level 5 page directory.
In the current patch a page (defined by PcdOvmfSecGhcbPageTableBase) reserv=
ed in MEMFD
is used as the 5-level page directory.
Now One new page will be reserved in MEMFD to hold the level 5 page directo=
ry. Like below:
0x00C000|0x001000
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpaceG=
uid.PcdOvmfSecGhcbBackupSize

+0x00D000|0x001000
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPml5Base|gUefiOvmfPkgTokenSpaceGuid.PcdO=
vmfPml5Size
>=20
> When using 5-level paging let cr3 point to the first page (level 5 pagedi=
r),
> when using 4-level paging let cr3 point to the second page (level 4 paged=
ir).
Yes. CPUID.(EAX=3D07H, ECX=3D0):ECX[bit 16] will be used to check if 5-leve=
l paging
is supported.
>=20
> Can be part of this patch series, just make it a separate patch for easie=
r
> review.
Sure.
>=20
> Whenever we should enable 5-level paging even in non-tdx mode or use 5-
> level paging only with tdx is a separate question.  We can continue to us=
e 4-
> level paging in non-tdx mode for now and discuss that later.
Agree.=20
>=20
> I'm not sure which implications this would have for booting older kernels=
,
> when handing over control to a OS kernel without 5-level paging support b=
ut
> 5-level paging enabled (non-issue for tdx as this requires a new tdx-awar=
e
> guest kernel anyway ...).

Thanks!=20
Min