From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web11.1590.1632357507911524422 for ; Wed, 22 Sep 2021 17:38:28 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=ycRcEfmA; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: min.m.xu@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10115"; a="223379813" X-IronPort-AV: E=Sophos;i="5.85,315,1624345200"; d="scan'208";a="223379813" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Sep 2021 17:38:26 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.85,315,1624345200"; d="scan'208";a="484781855" Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by orsmga008.jf.intel.com with ESMTP; 22 Sep 2021 17:38:26 -0700 Received: from fmsmsx612.amr.corp.intel.com (10.18.126.92) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Wed, 22 Sep 2021 17:38:26 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx612.amr.corp.intel.com (10.18.126.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Wed, 22 Sep 2021 17:38:25 -0700 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Frontend Transport; Wed, 22 Sep 2021 17:38:25 -0700 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.104) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.12; Wed, 22 Sep 2021 17:38:25 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=i/bxOdY1yo6zHw023V0/ZjwGv3oCSlGa6kdXV63dhc2DUv0rIHDUqcSC0e2S5P98Hg915ffrGULK+YzlSAkow9nQUfb5CBUb6P5Gm+7I61jT53TVk8AnKgKiu9FeF2AqmnSjQIBJ/hVJZe6QUIru+P2Fm5DBAHq9z8zA9q/Gzb3xjKN+/iocvmND2IxXNy9/sOJ8/1Tez19wkYPQUkVXItAZzM5XimBYDDx3N1wYaKzYWpHyiuskMlol+7Ie9FAhVqe5NfALP/vvP9HTnkiOnmCV3VrHKIWpy0kyn+qxGG2IZyrOlBUry+dVpUMMvMIIRgH0HYLXbg8iBwiJatV/Mw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=SdTF7Lgn8CwehSySP0adXpRHdRYb9EQLrN7v+jkt4mI=; b=DVR0mgcKML13jA8Nt0Si6gFTiRW29gXlaDJ/g6xBUVDV4Hn2X3o/D5BDOQQC6LF1GZWv8gZCeEmb6d0DLg6BYnCAFDwBlGMab0K1pbcCQP/Lr4HThFZE4V4mkfacZ3upbS4paUhXRkfgBR7JqLJ9oyyCGqYIsbTjFSSpOWfX5DqahMvm+9yATr0VX2VD+AtuWbvzU8ndEh02M69R8pM3DbDuHBbj6hE3J9ooaiYPS+5tyQeobY0te91xPAgYpGsbZ9oomj/qijS2vKT9/bDPgVqs6isziSE/YliqS7VQfPi83gIqYvYDyCLc2OsuM7FC+Qd08mXVTU9aEg9LthHGww== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SdTF7Lgn8CwehSySP0adXpRHdRYb9EQLrN7v+jkt4mI=; b=ycRcEfmAF1CaTJoQvMYXzUuxrXChp1tJL2t97G6yKc2Y8gm9rekUyquWv9qge3NW49K4RsMfZNo3PoT0d9jyhrqQgUI7UvDJHMiNSv3grNtJBQ+03iFsV4i2SwhE6umRM6tNIHb5a3zaTaltIHcQpSjBl4N4+ZnV831psnWIyA4= Received: from PH0PR11MB5064.namprd11.prod.outlook.com (2603:10b6:510:3b::15) by PH0PR11MB4917.namprd11.prod.outlook.com (2603:10b6:510:32::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.13; Thu, 23 Sep 2021 00:38:24 +0000 Received: from PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::c93:200e:5aeb:e11b]) by PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::c93:200e:5aeb:e11b%3]) with mapi id 15.20.4415.029; Thu, 23 Sep 2021 00:38:24 +0000 From: "Min Xu" To: Gerd Hoffmann CC: "devel@edk2.groups.io" , Ard Biesheuvel , "Justen, Jordan L" , Brijesh Singh , Erdem Aktas , James Bottomley , "Yao, Jiewen" , Tom Lendacky Subject: Re: [PATCH V7 1/1] OvmfPkg: Enable TDX in ResetVector Thread-Topic: [PATCH V7 1/1] OvmfPkg: Enable TDX in ResetVector Thread-Index: AQHXrsfvMPrievJgoEGG0tDgpJPsrauvry6AgAAIPYA= Date: Thu, 23 Sep 2021 00:38:24 +0000 Message-ID: References: <12721dade1f2f9905cc34271d9abec24650442ff.1632214561.git.min.m.xu@intel.com> <20210922074929.e5iwf24t6wyndgbu@sirius.home.kraxel.org> In-Reply-To: <20210922074929.e5iwf24t6wyndgbu@sirius.home.kraxel.org> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.6.200.16 authentication-results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: bd5fda07-48f5-4130-0ebf-08d97e2a7390 x-ms-traffictypediagnostic: PH0PR11MB4917: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: jZXoB3x7sgN6EtLywGpFjqlXAFKFzxZT7c9nAc3i+dydMPLJbLI1FspyJmJ8k2W3Vh5hKXkb8a57N4dTQK2JBUyKIb22N1f0UzuwYgy5ARujRYHuRJ2HoIlpPzn/XiRijwyvORYtIVd1+3w7o4DHBIiMUYggad1VTx4FEYhSs+wsFI7Sj/p1zx6lYJkJ1WrjlvApm9+gTUZD9tY9PFnlq7tEzbHYkbZhDkqlumu96lFodUi+0UGLZHgAfxgN7HN5NpV9BMBmDnrAlh92ytt1VuQSV/B2ywInaaCSuofYgSw/xxILj9XWi+aNgSsOp4Trb8gQyTMDPrKvhv/O1S/5Cy8sxc+z5EQCey2S+8CcnN/Uka4W0JybHYgd/so2PuzLVAM+dLuTfclbQrJt3QKB3zo7bvDFgU9uXeHzQidXlTiWET+9rFXng6HjUgWeC/mW5hJwyGLoKZfYCdGostKhiGzOPdHlVSoKHDG0X4EtaeSPoTU0kaZ/+oQmE9Ch45i48HXwEKth4fDBd5qrycIQn8MYd5IrZl8PdTHgrxPafYVB/8Kr8avoCvEF1i1Kdsz7hoDO/R9s8/rgY6lWVByRPfKH86OFLDERDT+dlMoJSMnxY8oEwV1dH0n5kiGHlEtFzk3yMUlr5wDJisxFheahbQFzzgcidN6hW5nuSg0bp8Icyr7KdxTmLJuERAVm3WnHlJke3kLtzcuI6yUlXVcR+g== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB5064.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(52536014)(64756008)(9686003)(66446008)(6506007)(86362001)(8676002)(7696005)(8936002)(2906002)(38070700005)(186003)(122000001)(38100700002)(54906003)(71200400001)(316002)(5660300002)(6916009)(4326008)(55016002)(76116006)(66476007)(83380400001)(66946007)(66556008)(508600001)(33656002)(26005);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?FWP1AlSZXDT2eAwHS4jQhZ1ejAuI1auv7gupQnDLIwZgdyPbhvSu56GNOyHQ?= =?us-ascii?Q?rghou+P9i/qKSaHNO259vevhNTXtGij7v3MD1lpxgbBUApBsYFKINUefQM13?= =?us-ascii?Q?hi15/P3KLcnmle7flL1OQ64j8sdun8qp/NhD55ipuKCAspAvVcSP4lKs0mr5?= =?us-ascii?Q?bLa9i6A7KS4v6FCkevJE0stfO6uIMaJUmudvpl0YIWGi1JTcvb5Ke0ajpOE3?= =?us-ascii?Q?tXO9MhzMUviRSv8jZLb0rPYn4GiGXt5Wq//FbjSPeqlwENgk7WF1EZhTk6AX?= =?us-ascii?Q?esQP3SvCmf/9SV5AuFtRw1ynigq/3fK25VeRpsHmtqddl5ekkEm2jDv2OAYW?= =?us-ascii?Q?SHs335Xp+Ww8GCXV2gZM0KhTPGyNeeuzrdl6rFnGieL3sUOP+/SLaJFbuwXv?= =?us-ascii?Q?MTwS9bu0xXkEe+e66KQdtQSxccruufbeJPeBwppkjDuIf5n+LRC47gbROxjU?= =?us-ascii?Q?YrMDDN6AtSx5aGF0uS9uKTC4aoiHNmzY4ssZI3lnFFIMkVrBTHSK2nOpfk/G?= =?us-ascii?Q?hYDpHJBitPVVQbSs5fOeZY3IZWJMdapUQdMnIX1qaRjM7TglKOU//sBWh2EP?= =?us-ascii?Q?bZktdGtHeHPAxXcHoOfAKLohr42t2YV7ISTceSR/w+Al/K76Ks8i6uUH9ad9?= =?us-ascii?Q?IVYGuaPNyLhDawTLkMupj5memjYUBUMnMghCnI3MeZaOuwRE6zDxbwnOLG+/?= =?us-ascii?Q?xIFViGe1lLDDXQW/BP4dNXyd95QIMqtHDcjH0LvLI/OvR/kaIIvCmmq+v/8w?= =?us-ascii?Q?ZC/XMmqgDhWuCyhJqp75ZYrf89u/9YhIhsMpj16/lN+XwokXGO5kXGLZ3GPn?= =?us-ascii?Q?Zs5krLUWoQlMTJFKbhV8jgVDsIHlq/TOZ2wV/vzIdTp6C+dpVsCZDjb64zSD?= =?us-ascii?Q?QCuY844Emgf2gdFm7dFsjkkgafAUkmtEs2RmRel+g3TLNk4+GTlkgl5js88I?= =?us-ascii?Q?2jf2PuCD9JHMHmdnzBgaeUeo84yjFb9jeMh771iGbJNBFJoduOPYAo6t6lgY?= =?us-ascii?Q?fCIdF44NGtx4fUX+8XQzkwmjHuPtET3J6Q6w474v+ngHNnlXHIqQa+2k8MrX?= =?us-ascii?Q?w8eAfN3B7tLK0yypTGT9N7bxHsS8ZmY9/sIsnUz700W7KYexarm5jcifLuAu?= =?us-ascii?Q?bZemWOvllM6xGcW13PrrKxyoGTdu/C2vIIb7t0vYuM1t8wyErp1OIQqdCqt7?= =?us-ascii?Q?ulWu4Q6wwPQfW5MExwaTPjS0CoMtn6WEGRhDfsRcUnplFQjbrVXeQ537Q+U7?= =?us-ascii?Q?oTUmtGPt4rTOJiahMMUTrg7VYbSNs/aoq9i4eCLAB2eus/YyXkRJmwqJeIOq?= =?us-ascii?Q?bKPVMjR5dmvPAuakuCMSjfq6?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5064.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: bd5fda07-48f5-4130-0ebf-08d97e2a7390 X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Sep 2021 00:38:24.0709 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: REg/v+OwKnf8zNneqyWMZ3hHzaJKhVjm57yG5v1FWh7gCIDZHYFbfO+kkKZgfu1ms0PqKmbf3wzi3ZXquJYjww== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4917 Return-Path: min.m.xu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable On September 22, 2021 3:49 PM, Gerd Hoffmann wrote: > Hi, >=20 > > +%ifdef ARCH_X64 > > +; > > +; TDX Metadata offset block > > +; > > +; TdxMetadata.asm is included in ARCH_X64 because Inte TDX is only ; > > +available in ARCH_X64. Below block describes the offset of ; > > +TdxMetadata block in Ovmf image ; ; GUID : > > +e47a6535-984a-4798-865e-4685a7bf8ec2 > > +; > > +tdxMetadataOffsetStart: > > + DD tdxMetadataOffsetStart - TdxMetadataGuid - 16 > > + DW tdxMetadataOffsetEnd - tdxMetadataOffsetStart > > + DB 0x35, 0x65, 0x7a, 0xe4, 0x4a, 0x98, 0x98, 0x47 > > + DB 0x86, 0x5e, 0x46, 0x85, 0xa7, 0xbf, 0x8e, 0xc2 > > +tdxMetadataOffsetEnd: > > + > > +%endif >=20 > This should be switched to common ovmf metadata (see patches 4-7 of the > SEV-SNP series). >=20 > Min: please have a look at these patches. > Hi, Gerd I checked the patches 4-7 of the SEV-SNP series. The common OvmfMetadata is= designed for both SEV and TDX, right?=20 If so, then it means the SEV and TDX metadata will be mixed in this OvmfMet= adata. I am thinking there will always be different fields for SEV and TDX.= For example, SEV has PcdOvmfSecGhcbPageTable but TDX doesn't need that pag= e. If the common OvmfMetadata is consumed by TDX-QEMU, then PcdOvmfSecGhcbP= ageTableBase will be initialized too. That doesn't make sense. I am thinking that SEV and TDX can keep their own Metadata (in separate fil= es, SevMetadata.asm and TdxMetadata.asm) which are pointed by the SEV or TD= X offsets in the GUID-ed chain in ResetVector. In this case, SEV and TDX ca= n design their own metadata flexibly, for example, the attribute, the item = structure, add/remove/update the items, etc. And it will be more friendly t= o the reviewer for the Metadata, at least from the name of the items. >=20 > Brijesh: It might be useful to post the metadata patches as separate seri= es. >=20 > > +; Load the GDT and set the CR0, then jump to Flat 32 protected mode. >=20 > That comment isn't correct, you are already in 32-bit mode. Thanks. It will be updated in the next version. >=20 > > +; Modified: EAX, EBX, CR0, CR4, DS, ES, FS, GS, SS >=20 > CS too ... It will be fixed in the next version. >=20 > > + jmp LINEAR_CODE_SEL:dword > ADDR_OF(jumpToFlat32BitAndLandHere) > > +jumpToFlat32BitAndLandHere: >=20 > ... right here. >=20 > > --- /dev/null > > +++ b/OvmfPkg/ResetVector/Main.asm >=20 > Can you add a separate patch for "copy Main.asm from UefiCpuPkg > unmodified" please? Having the changes for TDX separately is helpful for > review. Sure. It will be separated in the next version. >=20 Thanks! Min