public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [PATCH V2 00/10] Introduce TDVF Config-B (basic) in OvmfPkg
@ 2022-01-25  6:33 Min Xu
  2022-01-25  6:33 ` [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch Min Xu
                   ` (9 more replies)
  0 siblings, 10 replies; 35+ messages in thread
From: Min Xu @ 2022-01-25  6:33 UTC (permalink / raw)
  To: devel
  Cc: Min Xu, Michael D Kinney, Brijesh Singh, Erdem Aktas,
	James Bottomley, Jiewen Yao, Tom Lendacky, Gerd Hoffmann,
	Leif Lindholm, Ard Biesheuvel, Abner Chang, Daniel Schaefer,
	Ray Ni

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

Intel's Trust Domain Extensions (Intel TDX) refers to an Intel technology
that extends Virtual Machines Extensions (VMX) and Multi-Key Total Memory
Encryption (MKTME) with a new kind of virutal machines guest called a
Trust Domain (TD). A TD is desinged to run in a CPU mode that protects the
confidentiality of TD memory contents and the TD's CPU state from other
software, including the hosting Virtual-Machine Monitor (VMM), unless
explicitly shared by the TD itself.

There are 2 configurations for TDVF to upstream. See below link for
the definitions of the 2 configurations.
https://edk2.groups.io/g/devel/message/76367

This patch-set is to enable the basic feature of Config-B in OvmfPkg.
 - Add a standalone IntelTdxX64.dsc to a TDX specific directory for a
   *full* feature TDVF. (Align with existing SEV)
 - IntelTdxX64.dsc includes TDX/normal OVMF basic boot capability. The
   final binary can run on TDX/normal OVMF.
 - PEI phase is skipped.

By design in Config-B there should be more advanced features, such as:
 - RTMR based measurement and measure boot.
 - Remove unnecessary drivers to reduce attack surface, such as
   network stack.

To make the code review more efficiency, Config-B is split into 2 waves:
 - Basic feature of Config-B
 - Advanced feature of Config-B

Code at: https://github.com/mxu9/edk2/tree/tdvf_wave3.v2

Please be noted:
This patch-set is based on the code base of tdvf_wave2.v5 which is at:
https://github.com/mxu9/edk2/tree/tdvf_wave2.v5

v2 changes:
 - In v1 PEI phase is skipped during boot process. But the code is still
   in the image. It is not a good way. So in v2 the code of PEI is
   removed as well.
 - In v1 PrePiLib in EmbeddedPkg are updated to meet the requirement of
   TDVF-Config-B. This is because PrePiLib in EmbeddedPkg is designed for
   the situation of PEI-less boot. So after PEI is removed, this change
   is not needed anymore.
 - In v1 only Tdx guest can be brought up. Now v2 brings up both Legacy
   guest and Tdx guest.
 - Platform initialization in TdxStartup is refactored with the
   PlatformInitLib.
 - OvmfPkg/IntelTdx/Sec is introduced. It is a simplied version of
   OvmfPkg/Sec.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Abner Chang <abner.chang@hpe.com>
Cc: Daniel Schaefer <daniel.schaefer@hpe.com>
Cc: Ray Ni <ray.ni@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>

Min Xu (10):
  EmbeddedPkg: Fix a build error in FwVol.c in X64 arch
  UefiCpuPkg: Add PcdTdxWorkAreaBase
  OvmfPkg: Add TdxWorkArea definition
  OvmfPkg: Add PrePiHobListPointerLibTdx
  OvmfPkg: Update EFI_HOB_PLATFORM_INFO with more platform settings
  OvmfPkg: Add TdxStartupLib
  OvmfPkg/IntelTdx: Add Sec to bring up both Legacy and Tdx guest
  OvmfPkg: Update TdxDxe to set TDX PCDs
  OvmfPkg: Update DxeAcpiTimerLib to read HostBridgeDevId in
    PlatformInfoHob
  OvmfPkg: Introduce IntelTdxX64 for TDVF Config-B

 EmbeddedPkg/Library/PrePiLib/FwVol.c          |   6 +-
 OvmfPkg/Include/IndustryStandard/IntelTdx.h   |  17 +
 OvmfPkg/Include/Library/TdxStartupLib.h       |  34 +
 OvmfPkg/Include/WorkArea.h                    |  15 +
 OvmfPkg/IntelTdx/IntelTdxX64.dsc              | 718 ++++++++++++++
 OvmfPkg/IntelTdx/IntelTdxX64.fdf              | 402 ++++++++
 .../PrePiHobListPointer.c                     |  57 ++
 .../PrePiHobListPointerLibTdx.inf             |  29 +
 OvmfPkg/IntelTdx/Sec/IntelTdx.c               | 508 ++++++++++
 OvmfPkg/IntelTdx/Sec/IntelTdx.h               |  46 +
 OvmfPkg/IntelTdx/Sec/SecMain.c                | 200 ++++
 OvmfPkg/IntelTdx/Sec/SecMain.inf              |  73 ++
 OvmfPkg/IntelTdx/Sec/X64/SecEntry.nasm        | 151 +++
 OvmfPkg/IntelTdx/TdxStartupLib/DxeLoad.c      | 218 ++++
 OvmfPkg/IntelTdx/TdxStartupLib/Hob.c          | 130 +++
 OvmfPkg/IntelTdx/TdxStartupLib/TdxStartup.c   | 240 +++++
 .../TdxStartupLib/TdxStartupInternal.h        |  55 ++
 .../IntelTdx/TdxStartupLib/TdxStartupLib.inf  |  86 ++
 .../TdxStartupLib/TdxStartupLibNull.inf       |  40 +
 .../IntelTdx/TdxStartupLib/TdxStartupNull.c   |  19 +
 .../IntelTdx/TdxStartupLib/X64/PageTables.h   | 206 ++++
 .../TdxStartupLib/X64/VirtualMemory.c         | 935 ++++++++++++++++++
 .../Library/AcpiTimerLib/DxeAcpiTimerLib.c    |  23 +-
 .../Library/AcpiTimerLib/DxeAcpiTimerLib.inf  |   4 +
 OvmfPkg/OvmfPkg.dec                           |   4 +
 OvmfPkg/TdxDxe/TdxDxe.c                       |  71 +-
 OvmfPkg/TdxDxe/TdxDxe.inf                     |   5 +
 UefiCpuPkg/UefiCpuPkg.dec                     |   4 +
 28 files changed, 4288 insertions(+), 8 deletions(-)
 create mode 100644 OvmfPkg/Include/Library/TdxStartupLib.h
 create mode 100644 OvmfPkg/IntelTdx/IntelTdxX64.dsc
 create mode 100644 OvmfPkg/IntelTdx/IntelTdxX64.fdf
 create mode 100644 OvmfPkg/IntelTdx/PrePiHobListPointerLibTdx/PrePiHobListPointer.c
 create mode 100644 OvmfPkg/IntelTdx/PrePiHobListPointerLibTdx/PrePiHobListPointerLibTdx.inf
 create mode 100644 OvmfPkg/IntelTdx/Sec/IntelTdx.c
 create mode 100644 OvmfPkg/IntelTdx/Sec/IntelTdx.h
 create mode 100644 OvmfPkg/IntelTdx/Sec/SecMain.c
 create mode 100644 OvmfPkg/IntelTdx/Sec/SecMain.inf
 create mode 100644 OvmfPkg/IntelTdx/Sec/X64/SecEntry.nasm
 create mode 100644 OvmfPkg/IntelTdx/TdxStartupLib/DxeLoad.c
 create mode 100644 OvmfPkg/IntelTdx/TdxStartupLib/Hob.c
 create mode 100644 OvmfPkg/IntelTdx/TdxStartupLib/TdxStartup.c
 create mode 100644 OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupInternal.h
 create mode 100644 OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupLib.inf
 create mode 100644 OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupLibNull.inf
 create mode 100644 OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupNull.c
 create mode 100644 OvmfPkg/IntelTdx/TdxStartupLib/X64/PageTables.h
 create mode 100644 OvmfPkg/IntelTdx/TdxStartupLib/X64/VirtualMemory.c

-- 
2.29.2.windows.2


^ permalink raw reply	[flat|nested] 35+ messages in thread

* [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch
  2022-01-25  6:33 [PATCH V2 00/10] Introduce TDVF Config-B (basic) in OvmfPkg Min Xu
@ 2022-01-25  6:33 ` Min Xu
  2022-01-25 15:09   ` [edk2-devel] " Abner Chang
  2022-01-25  6:33 ` [PATCH V2 02/10] UefiCpuPkg: Add PcdTdxWorkAreaBase Min Xu
                   ` (8 subsequent siblings)
  9 siblings, 1 reply; 35+ messages in thread
From: Min Xu @ 2022-01-25  6:33 UTC (permalink / raw)
  To: devel; +Cc: Min Xu, Leif Lindholm, Ard Biesheuvel, Abner Chang,
	Daniel Schaefer

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

CompressedDataLength is declared as UINTN which is UINT64 in X64 arch.
But the second parameter of UefiDecompressGetInfo() is declared as
UINT32. So a build error is triggered. To declare CompressedDataLength
as UINT32 to fix the build error.

Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Abner Chang <abner.chang@hpe.com>
Cc: Daniel Schaefer <daniel.schaefer@hpe.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 EmbeddedPkg/Library/PrePiLib/FwVol.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/EmbeddedPkg/Library/PrePiLib/FwVol.c b/EmbeddedPkg/Library/PrePiLib/FwVol.c
index 92ae68f0d382..0a6d6925b7ea 100644
--- a/EmbeddedPkg/Library/PrePiLib/FwVol.c
+++ b/EmbeddedPkg/Library/PrePiLib/FwVol.c
@@ -291,7 +291,7 @@ FfsProcessSection (
   UINT16                    SectionAttribute;
   UINT32                    AuthenticationStatus;
   CHAR8                     *CompressedData;
-  UINTN                     CompressedDataLength;
+  UINT32                    CompressedDataLength;
 
   *OutputBuffer = NULL;
   ParsedLength  = 0;
@@ -320,7 +320,7 @@ FfsProcessSection (
           }
 
           CompressedData       = (CHAR8 *)((EFI_COMPRESSION_SECTION2 *)Section + 1);
-          CompressedDataLength = (UINT32)SectionLength - sizeof (EFI_COMPRESSION_SECTION2);
+          CompressedDataLength = SectionLength - sizeof (EFI_COMPRESSION_SECTION2);
         } else {
           CompressionSection = (EFI_COMPRESSION_SECTION *)Section;
           SectionLength      = SECTION_SIZE (Section);
@@ -330,7 +330,7 @@ FfsProcessSection (
           }
 
           CompressedData       = (CHAR8 *)((EFI_COMPRESSION_SECTION *)Section + 1);
-          CompressedDataLength = (UINT32)SectionLength - sizeof (EFI_COMPRESSION_SECTION);
+          CompressedDataLength = SectionLength - sizeof (EFI_COMPRESSION_SECTION);
         }
 
         Status = UefiDecompressGetInfo (
-- 
2.29.2.windows.2


^ permalink raw reply related	[flat|nested] 35+ messages in thread

* [PATCH V2 02/10] UefiCpuPkg: Add PcdTdxWorkAreaBase
  2022-01-25  6:33 [PATCH V2 00/10] Introduce TDVF Config-B (basic) in OvmfPkg Min Xu
  2022-01-25  6:33 ` [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch Min Xu
@ 2022-01-25  6:33 ` Min Xu
  2022-01-27 13:24   ` Gerd Hoffmann
  2022-01-25  6:33 ` [PATCH V2 03/10] OvmfPkg: Add TdxWorkArea definition Min Xu
                   ` (7 subsequent siblings)
  9 siblings, 1 reply; 35+ messages in thread
From: Min Xu @ 2022-01-25  6:33 UTC (permalink / raw)
  To: devel
  Cc: Min Xu, Ard Biesheuvel, Jordan Justen, Brijesh Singh, Erdem Aktas,
	James Bottomley, Jiewen Yao, Tom Lendacky, Gerd Hoffmann, Ray Ni

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

Add PcdTdxWorkAreaBase to indicate the area of memory where
the TDX work area block lives.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Ray Ni <ray.ni@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 UefiCpuPkg/UefiCpuPkg.dec | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec
index 7de66fde674c..87cd20e0aa36 100644
--- a/UefiCpuPkg/UefiCpuPkg.dec
+++ b/UefiCpuPkg/UefiCpuPkg.dec
@@ -178,6 +178,10 @@
   # @Prompt Configure the SEV-ES work area base
   gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize|0x0|UINT32|0x30002006
 
+  ## Area of memory where the TDX work area block lives.
+  # @Prompt Configure the TDX work area base
+  gUefiCpuPkgTokenSpaceGuid.PcdTdxWorkAreaBase|0x0|UINT32|0x30002007
+
 [PcdsFixedAtBuild, PcdsPatchableInModule]
   ## This value is the CPU Local APIC base address, which aligns the address on a 4-KByte boundary.
   # @Prompt Configure base address of CPU Local APIC
-- 
2.29.2.windows.2


^ permalink raw reply related	[flat|nested] 35+ messages in thread

* [PATCH V2 03/10] OvmfPkg: Add TdxWorkArea definition
  2022-01-25  6:33 [PATCH V2 00/10] Introduce TDVF Config-B (basic) in OvmfPkg Min Xu
  2022-01-25  6:33 ` [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch Min Xu
  2022-01-25  6:33 ` [PATCH V2 02/10] UefiCpuPkg: Add PcdTdxWorkAreaBase Min Xu
@ 2022-01-25  6:33 ` Min Xu
  2022-01-27 13:25   ` Gerd Hoffmann
  2022-01-25  6:33 ` [PATCH V2 04/10] OvmfPkg: Add PrePiHobListPointerLibTdx Min Xu
                   ` (6 subsequent siblings)
  9 siblings, 1 reply; 35+ messages in thread
From: Min Xu @ 2022-01-25  6:33 UTC (permalink / raw)
  To: devel
  Cc: Min Xu, Michael D Kinney, Brijesh Singh, Erdem Aktas,
	James Bottomley, Jiewen Yao, Tom Lendacky, Gerd Hoffmann

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

Add the TDX work area definition.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 OvmfPkg/Include/WorkArea.h | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/OvmfPkg/Include/WorkArea.h b/OvmfPkg/Include/WorkArea.h
index ce60d97aa886..f5b07f18054b 100644
--- a/OvmfPkg/Include/WorkArea.h
+++ b/OvmfPkg/Include/WorkArea.h
@@ -63,9 +63,24 @@ typedef struct _SEV_WORK_AREA {
   SEC_SEV_ES_WORK_AREA                       SevEsWorkArea;
 } SEV_WORK_AREA;
 
+//
+// The TDX work area definition
+//
+typedef struct _SEC_TDX_WORK_AREA {
+  UINT32    PageTableReady;
+  UINT32    Gpaw;
+  UINT64    HobList;
+} SEC_TDX_WORK_AREA;
+
+typedef struct _TDX_WORK_AREA {
+  CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER    Header;
+  SEC_TDX_WORK_AREA                          SecTdxWorkArea;
+} TDX_WORK_AREA;
+
 typedef union {
   CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER    Header;
   SEV_WORK_AREA                              SevWorkArea;
+  TDX_WORK_AREA                              TdxWorkArea;
 } OVMF_WORK_AREA;
 
 #endif
-- 
2.29.2.windows.2


^ permalink raw reply related	[flat|nested] 35+ messages in thread

* [PATCH V2 04/10] OvmfPkg: Add PrePiHobListPointerLibTdx
  2022-01-25  6:33 [PATCH V2 00/10] Introduce TDVF Config-B (basic) in OvmfPkg Min Xu
                   ` (2 preceding siblings ...)
  2022-01-25  6:33 ` [PATCH V2 03/10] OvmfPkg: Add TdxWorkArea definition Min Xu
@ 2022-01-25  6:33 ` Min Xu
  2022-01-25  6:33 ` [PATCH V2 05/10] OvmfPkg: Update EFI_HOB_PLATFORM_INFO with more platform settings Min Xu
                   ` (5 subsequent siblings)
  9 siblings, 0 replies; 35+ messages in thread
From: Min Xu @ 2022-01-25  6:33 UTC (permalink / raw)
  To: devel
  Cc: Min Xu, Michael D Kinney, Brijesh Singh, Erdem Aktas,
	James Bottomley, Jiewen Yao, Tom Lendacky, Gerd Hoffmann

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

This library sets / gets the Hob list pointer in TDX_WORK_AREA.
This is because it is designed to be used in SEC where the value of
global variable cannot be saved, so the Hob list pointer is saved
in TDX_WORK_AREA.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 .../PrePiHobListPointer.c                     | 57 +++++++++++++++++++
 .../PrePiHobListPointerLibTdx.inf             | 29 ++++++++++
 2 files changed, 86 insertions(+)
 create mode 100644 OvmfPkg/IntelTdx/PrePiHobListPointerLibTdx/PrePiHobListPointer.c
 create mode 100644 OvmfPkg/IntelTdx/PrePiHobListPointerLibTdx/PrePiHobListPointerLibTdx.inf

diff --git a/OvmfPkg/IntelTdx/PrePiHobListPointerLibTdx/PrePiHobListPointer.c b/OvmfPkg/IntelTdx/PrePiHobListPointerLibTdx/PrePiHobListPointer.c
new file mode 100644
index 000000000000..d0fc240f873b
--- /dev/null
+++ b/OvmfPkg/IntelTdx/PrePiHobListPointerLibTdx/PrePiHobListPointer.c
@@ -0,0 +1,57 @@
+/** @file
+*
+*  Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+*  SPDX-License-Identifier: BSD-2-Clause-Patent
+*
+**/
+
+#include <PiPei.h>
+#include <Library/PrePiHobListPointerLib.h>
+#include <Library/DebugLib.h>
+#include <Library/HobLib.h>
+#include <WorkArea.h>
+
+/**
+  Returns the pointer to the HOB list.
+
+  This function returns the pointer to first HOB in the list.
+
+  @return The pointer to the HOB list.
+
+**/
+VOID *
+EFIAPI
+PrePeiGetHobList (
+  VOID
+  )
+{
+  TDX_WORK_AREA  *TdxWorkArea;
+
+  TdxWorkArea = (TDX_WORK_AREA *)(UINTN)FixedPcdGet32 (PcdTdxWorkAreaBase);
+  ASSERT (TdxWorkArea != NULL);
+  ASSERT (TdxWorkArea->SecTdxWorkArea.HobList != 0);
+
+  return (VOID *)(UINTN)TdxWorkArea->SecTdxWorkArea.HobList;
+}
+
+/**
+  Updates the pointer to the HOB list.
+
+  @param  HobList       Hob list pointer to store
+
+**/
+EFI_STATUS
+EFIAPI
+PrePeiSetHobList (
+  IN  VOID  *HobList
+  )
+{
+  TDX_WORK_AREA  *TdxWorkArea;
+
+  TdxWorkArea = (TDX_WORK_AREA *)(UINTN)FixedPcdGet32 (PcdTdxWorkAreaBase);
+  ASSERT (TdxWorkArea != NULL);
+
+  TdxWorkArea->SecTdxWorkArea.HobList = (UINTN)HobList;
+
+  return EFI_SUCCESS;
+}
diff --git a/OvmfPkg/IntelTdx/PrePiHobListPointerLibTdx/PrePiHobListPointerLibTdx.inf b/OvmfPkg/IntelTdx/PrePiHobListPointerLibTdx/PrePiHobListPointerLibTdx.inf
new file mode 100644
index 000000000000..809c157ec5d0
--- /dev/null
+++ b/OvmfPkg/IntelTdx/PrePiHobListPointerLibTdx/PrePiHobListPointerLibTdx.inf
@@ -0,0 +1,29 @@
+#/** @file
+#
+#  Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+#**/
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = PrePiHobListPointerLibTdx
+  FILE_GUID                      = 28297DB9-4CE7-4679-80E6-0270B215A2F2
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = PrePiHobListPointerLib
+
+[Sources]
+  PrePiHobListPointer.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  OvmfPkg/OvmfPkg.dec
+  EmbeddedPkg/EmbeddedPkg.dec
+  UefiCpuPkg/UefiCpuPkg.dec
+
+[Pcd]
+  gUefiCpuPkgTokenSpaceGuid.PcdTdxWorkAreaBase
+
+[LibraryClasses]
+  PcdLib
-- 
2.29.2.windows.2


^ permalink raw reply related	[flat|nested] 35+ messages in thread

* [PATCH V2 05/10] OvmfPkg: Update EFI_HOB_PLATFORM_INFO with more platform settings
  2022-01-25  6:33 [PATCH V2 00/10] Introduce TDVF Config-B (basic) in OvmfPkg Min Xu
                   ` (3 preceding siblings ...)
  2022-01-25  6:33 ` [PATCH V2 04/10] OvmfPkg: Add PrePiHobListPointerLibTdx Min Xu
@ 2022-01-25  6:33 ` Min Xu
  2022-01-27 13:32   ` Gerd Hoffmann
  2022-01-25  6:33 ` [PATCH V2 06/10] OvmfPkg: Add TdxStartupLib Min Xu
                   ` (4 subsequent siblings)
  9 siblings, 1 reply; 35+ messages in thread
From: Min Xu @ 2022-01-25  6:33 UTC (permalink / raw)
  To: devel
  Cc: Min Xu, Michael D Kinney, Brijesh Singh, Erdem Aktas,
	James Bottomley, Jiewen Yao, Tom Lendacky, Gerd Hoffmann

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

This patch-sets is to bring up Legacy guest and Tdx guest without
PEI phase. So platform initialization has to be done in SEC phase.
It is similar with the work of OvmfPkg/PlatformPei. In
OvmfPkg/PlatformPei some PCDs are set during platform initialization,
such as PcdPciMmio64Base. But in PEI-less boot, PCDs cannot be set.
So these values are saved in EFI_HOB_PLATFORM_INFO. Then in the early
stage of DXE phase this hob will be parsed and PCDs are set accordingly.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 OvmfPkg/Include/IndustryStandard/IntelTdx.h | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/OvmfPkg/Include/IndustryStandard/IntelTdx.h b/OvmfPkg/Include/IndustryStandard/IntelTdx.h
index 44155adefd58..a37ad28f7bf4 100644
--- a/OvmfPkg/Include/IndustryStandard/IntelTdx.h
+++ b/OvmfPkg/Include/IndustryStandard/IntelTdx.h
@@ -65,6 +65,23 @@ typedef struct {
 typedef struct {
   EFI_HOB_GUID_TYPE    GuidHeader;
   UINT16               HostBridgePciDevId;
+  BOOLEAN              PcdSetNxForStack;
+  UINT8                SystemStates[6];
+
+  UINT64               PcdConfidentialComputingGuestAttr;
+  BOOLEAN              PcdIa32EferChangeAllowed;
+  UINT64               PcdTdxSharedBitMask;
+
+  UINT64               PcdPciMmio64Base;
+  UINT64               PcdPciMmio64Size;
+  UINT32               PcdPciMmio32Base;
+  UINT32               PcdPciMmio32Size;
+  UINT64               PcdPciIoBase;
+  UINT64               PcdPciIoSize;
+
+  UINT64               PcdEmuVariableNvStoreReserved;
+  UINT32               PcdCpuBootLogicalProcessorNumber;
+  UINT32               PcdCpuMaxLogicalProcessorNumber;
 } EFI_HOB_PLATFORM_INFO;
 
 #pragma pack()
-- 
2.29.2.windows.2


^ permalink raw reply related	[flat|nested] 35+ messages in thread

* [PATCH V2 06/10] OvmfPkg: Add TdxStartupLib
  2022-01-25  6:33 [PATCH V2 00/10] Introduce TDVF Config-B (basic) in OvmfPkg Min Xu
                   ` (4 preceding siblings ...)
  2022-01-25  6:33 ` [PATCH V2 05/10] OvmfPkg: Update EFI_HOB_PLATFORM_INFO with more platform settings Min Xu
@ 2022-01-25  6:33 ` Min Xu
  2022-01-25  6:33 ` [PATCH V2 07/10] OvmfPkg/IntelTdx: Add Sec to bring up both Legacy and Tdx guest Min Xu
                   ` (3 subsequent siblings)
  9 siblings, 0 replies; 35+ messages in thread
From: Min Xu @ 2022-01-25  6:33 UTC (permalink / raw)
  To: devel
  Cc: Min Xu, Michael D Kinney, Brijesh Singh, Erdem Aktas,
	James Bottomley, Jiewen Yao, Tom Lendacky, Gerd Hoffmann

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

TdxStarupLib provides a function (TdxStartup ()) which brings up both
Legacy and Tdx guest from SEC phase to DXE phase. PEI phase is skipped
so that the attack surfaces are reduced as much as possible.

TdxStartup() does below tasks:
1. Contruct the FW hoblist.
   Since PEI is skipped, we must find a memory region which is the
   largest one below 4GB. Then this memory region will be used as the
   firmware hoblist.
2. Initialize the platform.
3. Build various Hobs, such as SecFv Hob, DxeFv Hob, Stack Hob, etc.
4. At last DXE Core is located / loaded and transfer control to it.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 OvmfPkg/Include/Library/TdxStartupLib.h       |  34 +
 OvmfPkg/IntelTdx/TdxStartupLib/DxeLoad.c      | 218 ++++
 OvmfPkg/IntelTdx/TdxStartupLib/Hob.c          | 130 +++
 OvmfPkg/IntelTdx/TdxStartupLib/TdxStartup.c   | 240 +++++
 .../TdxStartupLib/TdxStartupInternal.h        |  55 ++
 .../IntelTdx/TdxStartupLib/TdxStartupLib.inf  |  86 ++
 .../TdxStartupLib/TdxStartupLibNull.inf       |  40 +
 .../IntelTdx/TdxStartupLib/TdxStartupNull.c   |  19 +
 .../IntelTdx/TdxStartupLib/X64/PageTables.h   | 206 ++++
 .../TdxStartupLib/X64/VirtualMemory.c         | 935 ++++++++++++++++++
 OvmfPkg/OvmfPkg.dec                           |   4 +
 11 files changed, 1967 insertions(+)
 create mode 100644 OvmfPkg/Include/Library/TdxStartupLib.h
 create mode 100644 OvmfPkg/IntelTdx/TdxStartupLib/DxeLoad.c
 create mode 100644 OvmfPkg/IntelTdx/TdxStartupLib/Hob.c
 create mode 100644 OvmfPkg/IntelTdx/TdxStartupLib/TdxStartup.c
 create mode 100644 OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupInternal.h
 create mode 100644 OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupLib.inf
 create mode 100644 OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupLibNull.inf
 create mode 100644 OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupNull.c
 create mode 100644 OvmfPkg/IntelTdx/TdxStartupLib/X64/PageTables.h
 create mode 100644 OvmfPkg/IntelTdx/TdxStartupLib/X64/VirtualMemory.c

diff --git a/OvmfPkg/Include/Library/TdxStartupLib.h b/OvmfPkg/Include/Library/TdxStartupLib.h
new file mode 100644
index 000000000000..a72866d90ca9
--- /dev/null
+++ b/OvmfPkg/Include/Library/TdxStartupLib.h
@@ -0,0 +1,34 @@
+/** @file
+
+  Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef TDX_STARTUP_LIB_H_
+#define TDX_STARTUP_LIB_H_
+
+#include <Library/BaseLib.h>
+#include <Uefi/UefiBaseType.h>
+#include <Uefi/UefiSpec.h>
+#include <Pi/PiPeiCis.h>
+#include <Library/DebugLib.h>
+#include <Protocol/DebugSupport.h>
+
+/**
+ * This function brings up the Tdx guest from SEC phase to DXE phase.
+ * PEI phase is skipped because most of the components in PEI phase
+ * is not needed for Tdx guest, for example, MP Services, TPM etc.
+ * In this way, the attack surfaces are reduced as much as possible.
+ *
+ * @param Context   The pointer to the SecCoreData
+ * @return VOID     This function never returns
+ */
+VOID
+EFIAPI
+TdxStartup (
+  IN VOID  *Context
+  );
+
+#endif
diff --git a/OvmfPkg/IntelTdx/TdxStartupLib/DxeLoad.c b/OvmfPkg/IntelTdx/TdxStartupLib/DxeLoad.c
new file mode 100644
index 000000000000..41bd98573b48
--- /dev/null
+++ b/OvmfPkg/IntelTdx/TdxStartupLib/DxeLoad.c
@@ -0,0 +1,218 @@
+/** @file
+  Responsibility of this file is to load the DXE Core from a Firmware Volume.
+
+Copyright (c) 2016 HP Development Company, L.P.
+Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "TdxStartupInternal.h"
+#include <Library/DebugLib.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/PcdLib.h>
+#include <Guid/MemoryTypeInformation.h>
+#include <Guid/MemoryAllocationHob.h>
+#include <Guid/PcdDataBaseSignatureGuid.h>
+#include <Register/Intel/Cpuid.h>
+#include <Library/PrePiLib.h>
+#include "X64/PageTables.h"
+#include <Library/ReportStatusCodeLib.h>
+
+#define STACK_SIZE  0x20000
+
+/**
+   Transfers control to DxeCore.
+
+   This function performs a CPU architecture specific operations to execute
+   the entry point of DxeCore
+
+   @param DxeCoreEntryPoint         The entry point of DxeCore.
+
+**/
+VOID
+HandOffToDxeCore (
+  IN EFI_PHYSICAL_ADDRESS  DxeCoreEntryPoint
+  )
+{
+  VOID   *BaseOfStack;
+  VOID   *TopOfStack;
+  UINTN  PageTables;
+
+  //
+  // Clear page 0 and mark it as allocated if NULL pointer detection is enabled.
+  //
+  if (IsNullDetectionEnabled ()) {
+    ClearFirst4KPage (GetHobList ());
+    BuildMemoryAllocationHob (0, EFI_PAGES_TO_SIZE (1), EfiBootServicesData);
+  }
+
+  //
+  // Allocate 128KB for the Stack
+  //
+  BaseOfStack = AllocatePages (EFI_SIZE_TO_PAGES (STACK_SIZE));
+  ASSERT (BaseOfStack != NULL);
+
+  //
+  // Compute the top of the stack we were allocated. Pre-allocate a UINTN
+  // for safety.
+  //
+  TopOfStack = (VOID *)((UINTN)BaseOfStack + EFI_SIZE_TO_PAGES (STACK_SIZE) * EFI_PAGE_SIZE - CPU_STACK_ALIGNMENT);
+  TopOfStack = ALIGN_POINTER (TopOfStack, CPU_STACK_ALIGNMENT);
+
+  DEBUG ((DEBUG_INFO, "BaseOfStack=0x%x, TopOfStack=0x%x\n", BaseOfStack, TopOfStack));
+
+  //
+  // Create page table and save PageMapLevel4 to CR3
+  //
+  PageTables = CreateIdentityMappingPageTables (
+                 (EFI_PHYSICAL_ADDRESS)(UINTN)BaseOfStack,
+                 STACK_SIZE
+                 );
+  if (PageTables == 0) {
+    DEBUG ((DEBUG_ERROR, "Failed to create idnetity mapping page tables.\n"));
+    CpuDeadLoop ();
+  }
+
+  AsmWriteCr3 (PageTables);
+
+  //
+  // Update the contents of BSP stack HOB to reflect the real stack info passed to DxeCore.
+  //
+  UpdateStackHob ((EFI_PHYSICAL_ADDRESS)(UINTN)BaseOfStack, STACK_SIZE);
+
+  DEBUG ((DEBUG_INFO, "SwitchStack then Jump to DxeCore\n"));
+  //
+  // Transfer the control to the entry point of DxeCore.
+  //
+  SwitchStack (
+    (SWITCH_STACK_ENTRY_POINT)(UINTN)DxeCoreEntryPoint,
+    GetHobList (),
+    NULL,
+    TopOfStack
+    );
+}
+
+/**
+   Searches DxeCore in all firmware Volumes and loads the first
+   instance that contains DxeCore.
+
+   @return FileHandle of DxeCore to load DxeCore.
+
+**/
+EFI_STATUS
+FindDxeCore (
+  IN INTN                         FvInstance,
+  IN OUT     EFI_PEI_FILE_HANDLE  *FileHandle
+  )
+{
+  EFI_STATUS         Status;
+  EFI_PEI_FV_HANDLE  VolumeHandle;
+
+  if (FileHandle == NULL) {
+    ASSERT (FALSE);
+    return EFI_INVALID_PARAMETER;
+  }
+
+  *FileHandle = NULL;
+
+  //
+  // Caller passed in a specific FV to try, so only try that one
+  //
+  Status = FfsFindNextVolume (FvInstance, &VolumeHandle);
+  if (!EFI_ERROR (Status)) {
+    Status = FfsFindNextFile (EFI_FV_FILETYPE_FIRMWARE_VOLUME_IMAGE, VolumeHandle, FileHandle);
+    if (*FileHandle) {
+      // Assume the FV that contains multiple compressed FVs.
+      // So decompress the compressed FVs
+      Status = FfsProcessFvFile (*FileHandle);
+      ASSERT_EFI_ERROR (Status);
+      Status = FfsAnyFvFindFirstFile (EFI_FV_FILETYPE_DXE_CORE, &VolumeHandle, FileHandle);
+    }
+  }
+
+  return Status;
+}
+
+/**
+   This function finds DXE Core in the firmware volume and transfer the control to
+   DXE core.
+
+   @return EFI_SUCCESS              DXE core was successfully loaded.
+   @return EFI_OUT_OF_RESOURCES     There are not enough resources to load DXE core.
+
+**/
+EFI_STATUS
+EFIAPI
+DxeLoadCore (
+  IN INTN  FvInstance
+  )
+{
+  EFI_STATUS            Status;
+  EFI_FV_FILE_INFO      DxeCoreFileInfo;
+  EFI_PHYSICAL_ADDRESS  DxeCoreAddress;
+  UINT64                DxeCoreSize;
+  EFI_PHYSICAL_ADDRESS  DxeCoreEntryPoint;
+  EFI_PEI_FILE_HANDLE   FileHandle;
+  VOID                  *PeCoffImage;
+
+  //
+  // Look in all the FVs present and find the DXE Core FileHandle
+  //
+  Status = FindDxeCore (FvInstance, &FileHandle);
+
+  if (EFI_ERROR (Status)) {
+    ASSERT (FALSE);
+    return Status;
+  }
+
+  //
+  // Load the DXE Core from a Firmware Volume.
+  //
+  Status = FfsFindSectionData (EFI_SECTION_PE32, FileHandle, &PeCoffImage);
+  if (EFI_ERROR (Status)) {
+    return Status;
+  }
+
+  Status = LoadPeCoffImage (PeCoffImage, &DxeCoreAddress, &DxeCoreSize, &DxeCoreEntryPoint);
+  ASSERT_EFI_ERROR (Status);
+
+  //
+  // Extract the DxeCore GUID file name.
+  //
+  Status = FfsGetFileInfo (FileHandle, &DxeCoreFileInfo);
+  ASSERT_EFI_ERROR (Status);
+
+  //
+  // Add HOB for the DXE Core
+  //
+  BuildModuleHob (
+    &DxeCoreFileInfo.FileName,
+    DxeCoreAddress,
+    ALIGN_VALUE (DxeCoreSize, EFI_PAGE_SIZE),
+    DxeCoreEntryPoint
+    );
+
+  DEBUG ((
+    DEBUG_INFO | DEBUG_LOAD,
+    "Loading DXE CORE at 0x%11p EntryPoint=0x%11p\n",
+    (VOID *)(UINTN)DxeCoreAddress,
+    FUNCTION_ENTRY_POINT (DxeCoreEntryPoint)
+    ));
+
+  // Transfer control to the DXE Core
+  // The hand off state is simply a pointer to the HOB list
+  //
+  HandOffToDxeCore (DxeCoreEntryPoint);
+
+  //
+  // If we get here, then the DXE Core returned.  This is an error
+  // DxeCore should not return.
+  //
+  ASSERT (FALSE);
+  CpuDeadLoop ();
+
+  return EFI_OUT_OF_RESOURCES;
+}
diff --git a/OvmfPkg/IntelTdx/TdxStartupLib/Hob.c b/OvmfPkg/IntelTdx/TdxStartupLib/Hob.c
new file mode 100644
index 000000000000..bc30de7387f1
--- /dev/null
+++ b/OvmfPkg/IntelTdx/TdxStartupLib/Hob.c
@@ -0,0 +1,130 @@
+/** @file
+  Main SEC phase code. Handles initial TDX Hob List Processing
+
+  Copyright (c) 2008, Intel Corporation. All rights reserved.<BR>
+  (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/HobLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/PrePiLib.h>
+#include <Library/QemuFwCfgLib.h>
+#include <IndustryStandard/Tdx.h>
+#include <IndustryStandard/UefiTcgPlatform.h>
+#include <Library/PlatformInitLib.h>
+#include "TdxStartupInternal.h"
+
+/**
+ * Construct the HobList in SEC phase.
+ *
+ * @return EFI_SUCCESS      Successfully construct the firmware hoblist.
+ * @return EFI_NOT_FOUND    Cannot find a memory region to be the fw hoblist.
+ */
+EFI_STATUS
+EFIAPI
+ConstructSecHobList (
+  )
+{
+  UINT32  LowMemorySize;
+  UINT32  LowMemoryStart;
+
+  EFI_HOB_HANDOFF_INFO_TABLE  *HobList;
+
+  LowMemorySize = PlatformGetSystemMemorySizeBelow4gb ();
+  ASSERT (LowMemorySize != 0);
+  LowMemoryStart = FixedPcdGet32 (PcdOvmfDxeMemFvBase) + FixedPcdGet32 (PcdOvmfDxeMemFvSize);
+  LowMemorySize -= LowMemoryStart;
+
+  DEBUG ((DEBUG_INFO, "LowMemory Start and End: %x, %x\n", LowMemoryStart, LowMemoryStart + LowMemorySize));
+  HobList = HobConstructor (
+              (VOID *)(UINTN)LowMemoryStart,
+              LowMemorySize,
+              (VOID *)(UINTN)LowMemoryStart,
+              (VOID *)(UINTN)(LowMemoryStart + LowMemorySize)
+              );
+
+  SetHobList ((VOID *)(UINT64)HobList);
+
+  return EFI_SUCCESS;
+}
+
+/**
+ * This function is to find a memory region which is the largest one below 4GB.
+ * It will be used as the firmware hoblist.
+ *
+ * @param VmmHobList    Vmm passed hoblist which constains the memory information.
+ * @return EFI_SUCCESS  Successfully construct the firmware hoblist.
+ */
+EFI_STATUS
+EFIAPI
+ConstructFwHobList (
+  IN CONST VOID  *VmmHobList
+  )
+{
+  EFI_PEI_HOB_POINTERS  Hob;
+  EFI_PHYSICAL_ADDRESS  PhysicalEnd;
+  UINT64                ResourceLength;
+  EFI_PHYSICAL_ADDRESS  LowMemoryStart;
+  UINT64                LowMemoryLength;
+
+  ASSERT (VmmHobList != NULL);
+
+  Hob.Raw = (UINT8 *)VmmHobList;
+
+  LowMemoryLength = 0;
+  LowMemoryStart  = 0;
+
+  //
+  // Parse the HOB list until end of list or matching type is found.
+  //
+  while (!END_OF_HOB_LIST (Hob)) {
+    if (Hob.Header->HobType == EFI_HOB_TYPE_RESOURCE_DESCRIPTOR) {
+      if (Hob.ResourceDescriptor->ResourceType == EFI_RESOURCE_SYSTEM_MEMORY) {
+        PhysicalEnd    = Hob.ResourceDescriptor->PhysicalStart + Hob.ResourceDescriptor->ResourceLength;
+        ResourceLength = Hob.ResourceDescriptor->ResourceLength;
+
+        if (PhysicalEnd <= BASE_4GB) {
+          if (ResourceLength > LowMemoryLength) {
+            LowMemoryStart  = Hob.ResourceDescriptor->PhysicalStart;
+            LowMemoryLength = ResourceLength;
+          }
+        } else {
+          break;
+        }
+      }
+    }
+
+    Hob.Raw = GET_NEXT_HOB (Hob);
+  }
+
+  if (LowMemoryLength == 0) {
+    DEBUG ((DEBUG_ERROR, "Cannot find a memory region under 4GB for Fw hoblist.\n"));
+    return EFI_NOT_FOUND;
+  }
+
+  //
+  // HobLib doesn't like HobStart at address 0 so adjust is needed
+  //
+  if (LowMemoryStart == 0) {
+    LowMemoryStart  += EFI_PAGE_SIZE;
+    LowMemoryLength -= EFI_PAGE_SIZE;
+  }
+
+  DEBUG ((DEBUG_INFO, "LowMemory Start and End: %x, %x\n", LowMemoryStart, LowMemoryStart + LowMemoryLength));
+  HobConstructor (
+    (VOID *)LowMemoryStart,
+    LowMemoryLength,
+    (VOID *)LowMemoryStart,
+    (VOID *)(LowMemoryStart + LowMemoryLength)
+    );
+
+  SetHobList ((VOID *)(UINT64)LowMemoryStart);
+
+  return EFI_SUCCESS;
+}
diff --git a/OvmfPkg/IntelTdx/TdxStartupLib/TdxStartup.c b/OvmfPkg/IntelTdx/TdxStartupLib/TdxStartup.c
new file mode 100644
index 000000000000..16984bd7ff14
--- /dev/null
+++ b/OvmfPkg/IntelTdx/TdxStartupLib/TdxStartup.c
@@ -0,0 +1,240 @@
+/** @file
+
+  Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/DebugLib.h>
+#include <Protocol/DebugSupport.h>
+#include <Library/TdxLib.h>
+#include <IndustryStandard/Tdx.h>
+#include <Library/PrePiLib.h>
+#include <Library/TdxStartupLib.h>
+#include <Library/PlatformInitLib.h>
+#include <ConfidentialComputingGuestAttr.h>
+#include "TdxStartupInternal.h"
+
+#define GET_GPAW_INIT_STATE(INFO)  ((UINT8) ((INFO) & 0x3f))
+
+EFI_MEMORY_TYPE_INFORMATION  mDefaultMemoryTypeInformation[] = {
+  { EfiACPIMemoryNVS,       0x004 },
+  { EfiACPIReclaimMemory,   0x008 },
+  { EfiReservedMemoryType,  0x004 },
+  { EfiRuntimeServicesData, 0x024 },
+  { EfiRuntimeServicesCode, 0x030 },
+  { EfiBootServicesCode,    0x180 },
+  { EfiBootServicesData,    0xF00 },
+  { EfiMaxMemoryType,       0x000 }
+};
+
+EFI_STATUS
+EFIAPI
+InitializePlatform (
+  EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
+  )
+{
+  EFI_STATUS  Status;
+  UINT16      HostBridgeDeviceId;
+  UINT32      MaxCpuCount;
+  UINT16      BootCpuCount;
+  UINT32      Uc32Base;
+  UINT32      PciBase;
+  UINT32      PciSize;
+  UINT64      Pci64Base;
+  UINT64      Pci64Size;
+  UINT64      PciIoBase;
+  UINT64      PciIoSize;
+  BOOLEAN     SetNxStatus;
+  UINT64      FirstNonAddress;
+  UINT8       PhysMemAddressWidth;
+  UINT32      LowerMemorySize;
+
+  DEBUG ((DEBUG_INFO, "InitializePlatform in Pei-less boot\n"));
+  PlatformDebugDumpCmos ();
+
+  Pci64Base = 0;
+  Pci64Size = 0;
+
+  FirstNonAddress                   = PlatformGetFirstNonAddress (&Pci64Base, &Pci64Size, 0x800000000);
+  PlatformInfoHob->PcdPciMmio64Base = Pci64Base;
+  PlatformInfoHob->PcdPciMmio64Size = Pci64Size;
+
+  PhysMemAddressWidth = PlatformAddressWidthInitialization (FirstNonAddress);
+
+  DEBUG ((DEBUG_INFO, "PhysMemAddressWidth=0x%x, Pci64Base=0x%llx, Pci64Size=0x%llx\n", PhysMemAddressWidth, Pci64Base, Pci64Size));
+
+  HostBridgeDeviceId                  = PlatformQueryHostBridgeDid ();
+  PlatformInfoHob->HostBridgePciDevId = HostBridgeDeviceId;
+  DEBUG ((DEBUG_INFO, "HostBridgeDeviceId = 0x%x\n", HostBridgeDeviceId));
+
+  MaxCpuCount  = 0;
+  BootCpuCount = 0;
+  PlatformMaxCpuCountInitialization (HostBridgeDeviceId, 64, &MaxCpuCount, &BootCpuCount);
+
+  PlatformInfoHob->PcdCpuMaxLogicalProcessorNumber  = MaxCpuCount;
+  PlatformInfoHob->PcdCpuBootLogicalProcessorNumber = BootCpuCount;
+  DEBUG ((DEBUG_INFO, "MaxCpuCount=%d, BootCpuCount=%d\n", MaxCpuCount, BootCpuCount));
+
+  LowerMemorySize = PlatformGetSystemMemorySizeBelow4gb ();
+  Uc32Base        = PlatformQemuUc32BaseInitialization (HostBridgeDeviceId, LowerMemorySize);
+  DEBUG ((DEBUG_INFO, "Uc32Base = 0x%x, LowerMemorySize = 0x%x\n", Uc32Base, LowerMemorySize));
+
+  if (TdIsEnabled ()) {
+    PlatformTdxPublishRamRegions ();
+  } else {
+    PlatformInitializeRamRegions (Uc32Base, HostBridgeDeviceId, FALSE, 0, FALSE, LowerMemorySize, 0);
+  }
+
+  //
+  // Create Memory Type Information HOB
+  //
+  BuildGuidDataHob (
+    &gEfiMemoryTypeInformationGuid,
+    mDefaultMemoryTypeInformation,
+    sizeof (mDefaultMemoryTypeInformation)
+    );
+
+  PciBase   = 0;
+  PciSize   = 0;
+  PciIoBase = 0;
+  PciIoSize = 0;
+  PlatformMemMapInitialization (HostBridgeDeviceId, Uc32Base, &PciBase, &PciSize, &PciIoBase, &PciIoSize);
+  PlatformInfoHob->PcdPciMmio32Base = PciBase;
+  PlatformInfoHob->PcdPciMmio32Size = PciSize;
+  PlatformInfoHob->PcdPciIoBase     = PciIoBase;
+  PlatformInfoHob->PcdPciIoSize     = PciIoSize;
+
+  Status = PlatformNoexecDxeInitialization (&SetNxStatus);
+  if (!EFI_ERROR (Status)) {
+    PlatformInfoHob->PcdSetNxForStack = SetNxStatus;
+  }
+
+  if (TdIsEnabled ()) {
+    PlatformInfoHob->PcdConfidentialComputingGuestAttr = CCAttrIntelTdx;
+    PlatformInfoHob->PcdIa32EferChangeAllowed          = FALSE;
+    PlatformInfoHob->PcdTdxSharedBitMask               = TdSharedPageMask ();
+    PlatformInfoHob->PcdSetNxForStack                  = TRUE;
+  }
+
+  PlatformMiscInitialization (HostBridgeDeviceId, PhysMemAddressWidth);
+
+  return EFI_SUCCESS;
+}
+
+/**
+ * This function brings up the Tdx guest from SEC phase to DXE phase.
+ * PEI phase is skipped because most of the components in PEI phase
+ * is not needed for Tdx guest, for example, MP Services, TPM etc.
+ * In this way, the attack surfaces are reduced as much as possible.
+ *
+ * @param Context   The pointer to the SecCoreData
+ * @return VOID     This function never returns
+ */
+VOID
+EFIAPI
+TdxStartup (
+  IN VOID  *Context
+  )
+{
+  EFI_SEC_PEI_HAND_OFF        *SecCoreData;
+  EFI_FIRMWARE_VOLUME_HEADER  *BootFv;
+  EFI_STATUS                  Status;
+  EFI_HOB_PLATFORM_INFO       PlatformInfoHob;
+  UINT32                      DxeCodeBase;
+  UINT32                      DxeCodeSize;
+  TD_RETURN_DATA              TdReturnData;
+  VOID                        *VmmHobList;
+
+  Status      = EFI_SUCCESS;
+  BootFv      = NULL;
+  VmmHobList  = NULL;
+  SecCoreData = (EFI_SEC_PEI_HAND_OFF *)Context;
+
+  ZeroMem (&PlatformInfoHob, sizeof (PlatformInfoHob));
+
+  if (TdIsEnabled ()) {
+    VmmHobList = (VOID *)(UINTN)FixedPcdGet32 (PcdOvmfSecGhcbBase);
+    Status     = TdCall (TDCALL_TDINFO, 0, 0, 0, &TdReturnData);
+    ASSERT (Status == EFI_SUCCESS);
+
+    DEBUG ((
+      DEBUG_INFO,
+      "Tdx started with(Hob: 0x%x, Gpaw: 0x%x, Cpus: %d)\n",
+      (UINT32)(UINTN)VmmHobList,
+      GET_GPAW_INIT_STATE (TdReturnData.TdInfo.Gpaw),
+      TdReturnData.TdInfo.NumVcpus
+      ));
+
+    Status = ConstructFwHobList (VmmHobList);
+  } else {
+    DEBUG ((DEBUG_INFO, "Ovmf started\n"));
+    Status = ConstructSecHobList ();
+  }
+
+  if (EFI_ERROR (Status)) {
+    ASSERT (FALSE);
+    CpuDeadLoop ();
+  }
+
+  DEBUG ((DEBUG_INFO, "HobList: %p\n", GetHobList ()));
+
+  //
+  // Initialize the Platform
+  //
+  Status = InitializePlatform (&PlatformInfoHob);
+  if (EFI_ERROR (Status)) {
+    ASSERT (FALSE);
+    CpuDeadLoop ();
+  }
+
+  BuildGuidDataHob (&gUefiOvmfPkgTdxPlatformGuid, &PlatformInfoHob, sizeof (EFI_HOB_PLATFORM_INFO));
+
+  //
+  // SecFV
+  //
+  BootFv = (EFI_FIRMWARE_VOLUME_HEADER *)SecCoreData->BootFirmwareVolumeBase;
+  BuildFvHob ((UINTN)BootFv, BootFv->FvLength);
+
+  //
+  // DxeFV
+  //
+  DxeCodeBase = PcdGet32 (PcdBfvBase);
+  DxeCodeSize = PcdGet32 (PcdBfvRawDataSize) - (UINT32)BootFv->FvLength;
+  BuildFvHob (DxeCodeBase, DxeCodeSize);
+
+  DEBUG ((DEBUG_INFO, "SecFv : %p, 0x%x\n", BootFv, BootFv->FvLength));
+  DEBUG ((DEBUG_INFO, "DxeFv : %x, 0x%x\n", DxeCodeBase, DxeCodeSize));
+
+  BuildStackHob ((UINTN)SecCoreData->StackBase, SecCoreData->StackSize <<= 1);
+
+  BuildResourceDescriptorHob (
+    EFI_RESOURCE_SYSTEM_MEMORY,
+    EFI_RESOURCE_ATTRIBUTE_PRESENT |
+    EFI_RESOURCE_ATTRIBUTE_INITIALIZED |
+    EFI_RESOURCE_ATTRIBUTE_UNCACHEABLE |
+    EFI_RESOURCE_ATTRIBUTE_WRITE_COMBINEABLE |
+    EFI_RESOURCE_ATTRIBUTE_WRITE_THROUGH_CACHEABLE |
+    EFI_RESOURCE_ATTRIBUTE_WRITE_BACK_CACHEABLE |
+    EFI_RESOURCE_ATTRIBUTE_TESTED,
+    (UINT64)SecCoreData->TemporaryRamBase,
+    (UINT64)SecCoreData->TemporaryRamSize
+    );
+
+  //
+  // Load the DXE Core and transfer control to it.
+  // Only DxeFV is in the compressed section.
+  //
+  Status = DxeLoadCore (1);
+
+  //
+  // Never arrive here.
+  //
+  ASSERT (FALSE);
+  CpuDeadLoop ();
+}
diff --git a/OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupInternal.h b/OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupInternal.h
new file mode 100644
index 000000000000..b475f6ba223c
--- /dev/null
+++ b/OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupInternal.h
@@ -0,0 +1,55 @@
+/** @file
+
+  Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef TDX_STARTUP_INTERNAL_LIB_H_
+#define TDX_STARTUP_INTERNAL_LIB_H_
+
+#include <PiPei.h>
+#include <Library/BaseLib.h>
+#include <Uefi/UefiSpec.h>
+#include <Uefi/UefiBaseType.h>
+#include <IndustryStandard/IntelTdx.h>
+
+EFI_STATUS
+EFIAPI
+DxeLoadCore (
+  IN INTN  FvInstance
+  );
+
+VOID
+EFIAPI
+TransferHobList (
+  IN CONST VOID  *HobStart
+  );
+
+/**
+ * This function is to find a memory region which is the largest one below 4GB.
+ * It will be used as the firmware hoblist.
+ *
+ * @param VmmHobList        Vmm passed hoblist which constains the memory information.
+ * @return EFI_SUCCESS      Successfully construct the firmware hoblist.
+ * @return EFI_NOT_FOUND    Cannot find a memory region to be the fw hoblist.
+ */
+EFI_STATUS
+EFIAPI
+ConstructFwHobList (
+  IN CONST VOID  *VmmHobList
+  );
+
+/**
+ *  Construct the HobList in SEC phase.
+ *
+ * @return EFI_SUCCESS      Successfully construct the firmware hoblist.
+ * @return EFI_NOT_FOUND    Cannot find a memory region to be the fw hoblist.
+ */
+EFI_STATUS
+EFIAPI
+ConstructSecHobList (
+  );
+
+#endif
diff --git a/OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupLib.inf b/OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupLib.inf
new file mode 100644
index 000000000000..ce8a28a916c3
--- /dev/null
+++ b/OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupLib.inf
@@ -0,0 +1,86 @@
+#/** @file
+# Component description file for TDX Pre PI Library
+#
+# LIbrary helps you build a platform that skips PEI and loads DXE Core
+# directly. Helps building HOBs, reading data from the FV, and doing
+# decompression.
+#
+#  Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2008, Apple Inc. All rights reserved.<BR>
+#
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+#
+#**/
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = TdxStartupLib
+  FILE_GUID                      = 8FA74135-F841-40A4-86C8-69C923D2E85F
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = TdxStartupLib|SEC
+
+#
+#  VALID_ARCHITECTURES           = X64
+#
+
+[Sources]
+  TdxStartup.c
+  Hob.c
+  DxeLoad.c
+
+[Sources.X64]
+  X64/VirtualMemory.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  UefiCpuPkg/UefiCpuPkg.dec
+  OvmfPkg/OvmfPkg.dec
+  EmbeddedPkg/EmbeddedPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  DebugLib
+  BaseMemoryLib
+  PcdLib
+  UefiCpuLib
+  DebugAgentLib
+  IoLib
+  LocalApicLib
+  SynchronizationLib
+  HobLib
+  TdxLib
+  MemoryAllocationLib
+  PrePiLib
+  QemuFwCfgLib
+  PlatformInitLib
+
+[Guids]
+  gEfiHobMemoryAllocModuleGuid
+  gEfiHobMemoryAllocStackGuid
+  gUefiOvmfPkgTdxPlatformGuid
+  gEfiMemoryTypeInformationGuid
+  gPcdDataBaseHobGuid
+
+[Pcd]
+  gUefiOvmfPkgTokenSpaceGuid.PcdCfvBase
+  gUefiOvmfPkgTokenSpaceGuid.PcdCfvRawDataOffset
+  gUefiOvmfPkgTokenSpaceGuid.PcdCfvRawDataSize
+  gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase
+  gUefiOvmfPkgTokenSpaceGuid.PcdBfvRawDataOffset
+  gUefiOvmfPkgTokenSpaceGuid.PcdBfvRawDataSize
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbSize
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase
+  gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplBuildPageTables       ## CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard               ## CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable              ## SOMETIMES_CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy ## SOMETIMES_CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy       ## SOMETIMES_CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask    ## CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask    ## CONSUMES
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvSize
diff --git a/OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupLibNull.inf b/OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupLibNull.inf
new file mode 100644
index 000000000000..e79d266d58ca
--- /dev/null
+++ b/OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupLibNull.inf
@@ -0,0 +1,40 @@
+#/** @file
+# Component description file for TDX Pre PI Library
+#
+# LIbrary helps you build a platform that skips PEI and loads DXE Core
+# directly. Helps building HOBs, reading data from the FV, and doing
+# decompression.
+#
+#  Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2008, Apple Inc. All rights reserved.<BR>
+#
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+#
+#**/
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = TdxStartupLibNull
+  FILE_GUID                      = 79DD2160-D5E0-48CD-AA87-479EACEE8393
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = TdxStartupLib|SEC
+
+#
+#  VALID_ARCHITECTURES           = X64
+#
+
+[Sources]
+  TdxStartupNull.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  OvmfPkg/OvmfPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+
+[Pcd]
diff --git a/OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupNull.c b/OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupNull.c
new file mode 100644
index 000000000000..8c00e813c1f6
--- /dev/null
+++ b/OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupNull.c
@@ -0,0 +1,19 @@
+/** @file
+  Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/TdxStartupLib.h>
+
+VOID
+EFIAPI
+TdxStartup (
+  IN VOID  *Context
+  )
+{
+  ASSERT (FALSE);
+  CpuDeadLoop ();
+}
diff --git a/OvmfPkg/IntelTdx/TdxStartupLib/X64/PageTables.h b/OvmfPkg/IntelTdx/TdxStartupLib/X64/PageTables.h
new file mode 100644
index 000000000000..a0d0d3547bfa
--- /dev/null
+++ b/OvmfPkg/IntelTdx/TdxStartupLib/X64/PageTables.h
@@ -0,0 +1,206 @@
+/** @file
+  x64 Long Mode Virtual Memory Management Definitions
+
+  References:
+    1) IA-32 Intel(R) Architecture Software Developer's Manual Volume 1:Basic Architecture, Intel
+    2) IA-32 Intel(R) Architecture Software Developer's Manual Volume 2:Instruction Set Reference, Intel
+    3) IA-32 Intel(R) Architecture Software Developer's Manual Volume 3:System Programmer's Guide, Intel
+    4) AMD64 Architecture Programmer's Manual Volume 2: System Programming
+
+Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
+
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef PAGE_TABLES_H_
+#define PAGE_TABLES_H_
+
+#define SYS_CODE64_SEL  0x38
+
+#pragma pack(1)
+
+typedef union {
+  struct {
+    UINT32    LimitLow    : 16;
+    UINT32    BaseLow     : 16;
+    UINT32    BaseMid     : 8;
+    UINT32    Type        : 4;
+    UINT32    System      : 1;
+    UINT32    Dpl         : 2;
+    UINT32    Present     : 1;
+    UINT32    LimitHigh   : 4;
+    UINT32    Software    : 1;
+    UINT32    Reserved    : 1;
+    UINT32    DefaultSize : 1;
+    UINT32    Granularity : 1;
+    UINT32    BaseHigh    : 8;
+  } Bits;
+  UINT64    Uint64;
+} IA32_GDT;
+
+typedef struct {
+  IA32_IDT_GATE_DESCRIPTOR    Ia32IdtEntry;
+  UINT32                      Offset32To63;
+  UINT32                      Reserved;
+} X64_IDT_GATE_DESCRIPTOR;
+
+//
+// Page-Map Level-4 Offset (PML4) and
+// Page-Directory-Pointer Offset (PDPE) entries 4K & 2MB
+//
+
+typedef union {
+  struct {
+    UINT64    Present              : 1;  // 0 = Not present in memory, 1 = Present in memory
+    UINT64    ReadWrite            : 1;  // 0 = Read-Only, 1= Read/Write
+    UINT64    UserSupervisor       : 1;  // 0 = Supervisor, 1=User
+    UINT64    WriteThrough         : 1;  // 0 = Write-Back caching, 1=Write-Through caching
+    UINT64    CacheDisabled        : 1;  // 0 = Cached, 1=Non-Cached
+    UINT64    Accessed             : 1;  // 0 = Not accessed, 1 = Accessed (set by CPU)
+    UINT64    Reserved             : 1;  // Reserved
+    UINT64    MustBeZero           : 2;  // Must Be Zero
+    UINT64    Available            : 3;  // Available for use by system software
+    UINT64    PageTableBaseAddress : 40; // Page Table Base Address
+    UINT64    AvabilableHigh       : 11; // Available for use by system software
+    UINT64    Nx                   : 1;  // No Execute bit
+  } Bits;
+  UINT64    Uint64;
+} PAGE_MAP_AND_DIRECTORY_POINTER;
+
+//
+// Page Table Entry 4KB
+//
+typedef union {
+  struct {
+    UINT64    Present              : 1;  // 0 = Not present in memory, 1 = Present in memory
+    UINT64    ReadWrite            : 1;  // 0 = Read-Only, 1= Read/Write
+    UINT64    UserSupervisor       : 1;  // 0 = Supervisor, 1=User
+    UINT64    WriteThrough         : 1;  // 0 = Write-Back caching, 1=Write-Through caching
+    UINT64    CacheDisabled        : 1;  // 0 = Cached, 1=Non-Cached
+    UINT64    Accessed             : 1;  // 0 = Not accessed, 1 = Accessed (set by CPU)
+    UINT64    Dirty                : 1;  // 0 = Not Dirty, 1 = written by processor on access to page
+    UINT64    PAT                  : 1;  //
+    UINT64    Global               : 1;  // 0 = Not global page, 1 = global page TLB not cleared on CR3 write
+    UINT64    Available            : 3;  // Available for use by system software
+    UINT64    PageTableBaseAddress : 40; // Page Table Base Address
+    UINT64    AvabilableHigh       : 11; // Available for use by system software
+    UINT64    Nx                   : 1;  // 0 = Execute Code, 1 = No Code Execution
+  } Bits;
+  UINT64    Uint64;
+} PAGE_TABLE_4K_ENTRY;
+
+//
+// Page Table Entry 2MB
+//
+typedef union {
+  struct {
+    UINT64    Present              : 1;  // 0 = Not present in memory, 1 = Present in memory
+    UINT64    ReadWrite            : 1;  // 0 = Read-Only, 1= Read/Write
+    UINT64    UserSupervisor       : 1;  // 0 = Supervisor, 1=User
+    UINT64    WriteThrough         : 1;  // 0 = Write-Back caching, 1=Write-Through caching
+    UINT64    CacheDisabled        : 1;  // 0 = Cached, 1=Non-Cached
+    UINT64    Accessed             : 1;  // 0 = Not accessed, 1 = Accessed (set by CPU)
+    UINT64    Dirty                : 1;  // 0 = Not Dirty, 1 = written by processor on access to page
+    UINT64    MustBe1              : 1;  // Must be 1
+    UINT64    Global               : 1;  // 0 = Not global page, 1 = global page TLB not cleared on CR3 write
+    UINT64    Available            : 3;  // Available for use by system software
+    UINT64    PAT                  : 1;  //
+    UINT64    MustBeZero           : 8;  // Must be zero;
+    UINT64    PageTableBaseAddress : 31; // Page Table Base Address
+    UINT64    AvabilableHigh       : 11; // Available for use by system software
+    UINT64    Nx                   : 1;  // 0 = Execute Code, 1 = No Code Execution
+  } Bits;
+  UINT64    Uint64;
+} PAGE_TABLE_ENTRY;
+
+//
+// Page Table Entry 1GB
+//
+typedef union {
+  struct {
+    UINT64    Present              : 1;  // 0 = Not present in memory, 1 = Present in memory
+    UINT64    ReadWrite            : 1;  // 0 = Read-Only, 1= Read/Write
+    UINT64    UserSupervisor       : 1;  // 0 = Supervisor, 1=User
+    UINT64    WriteThrough         : 1;  // 0 = Write-Back caching, 1=Write-Through caching
+    UINT64    CacheDisabled        : 1;  // 0 = Cached, 1=Non-Cached
+    UINT64    Accessed             : 1;  // 0 = Not accessed, 1 = Accessed (set by CPU)
+    UINT64    Dirty                : 1;  // 0 = Not Dirty, 1 = written by processor on access to page
+    UINT64    MustBe1              : 1;  // Must be 1
+    UINT64    Global               : 1;  // 0 = Not global page, 1 = global page TLB not cleared on CR3 write
+    UINT64    Available            : 3;  // Available for use by system software
+    UINT64    PAT                  : 1;  //
+    UINT64    MustBeZero           : 17; // Must be zero;
+    UINT64    PageTableBaseAddress : 22; // Page Table Base Address
+    UINT64    AvabilableHigh       : 11; // Available for use by system software
+    UINT64    Nx                   : 1;  // 0 = Execute Code, 1 = No Code Execution
+  } Bits;
+  UINT64    Uint64;
+} PAGE_TABLE_1G_ENTRY;
+
+#pragma pack()
+
+#define CR0_WP  BIT16
+
+#define IA32_PG_P   BIT0
+#define IA32_PG_RW  BIT1
+#define IA32_PG_PS  BIT7
+
+#define PAGING_PAE_INDEX_MASK  0x1FF
+
+#define PAGING_4K_ADDRESS_MASK_64  0x000FFFFFFFFFF000ull
+#define PAGING_2M_ADDRESS_MASK_64  0x000FFFFFFFE00000ull
+#define PAGING_1G_ADDRESS_MASK_64  0x000FFFFFC0000000ull
+
+#define PAGING_L1_ADDRESS_SHIFT  12
+#define PAGING_L2_ADDRESS_SHIFT  21
+#define PAGING_L3_ADDRESS_SHIFT  30
+#define PAGING_L4_ADDRESS_SHIFT  39
+
+#define PAGING_PML4E_NUMBER  4
+
+#define PAGE_TABLE_POOL_ALIGNMENT   BASE_2MB
+#define PAGE_TABLE_POOL_UNIT_SIZE   SIZE_2MB
+#define PAGE_TABLE_POOL_UNIT_PAGES  EFI_SIZE_TO_PAGES (PAGE_TABLE_POOL_UNIT_SIZE)
+#define PAGE_TABLE_POOL_ALIGN_MASK  \
+  (~(EFI_PHYSICAL_ADDRESS)(PAGE_TABLE_POOL_ALIGNMENT - 1))
+
+typedef struct {
+  VOID     *NextPool;
+  UINTN    Offset;
+  UINTN    FreePages;
+} PAGE_TABLE_POOL;
+
+UINTN
+CreateIdentityMappingPageTables (
+  IN EFI_PHYSICAL_ADDRESS  StackBase,
+  IN UINTN                 StackSize
+  );
+
+/**
+  Clear legacy memory located at the first 4K-page.
+
+  This function traverses the whole HOB list to check if memory from 0 to 4095
+  exists and has not been allocated, and then clear it if so.
+
+  @param HobStart         The start of HobList passed to DxeCore.
+
+**/
+VOID
+ClearFirst4KPage (
+  IN  VOID  *HobStart
+  );
+
+/**
+  Return configure status of NULL pointer detection feature.
+
+  @return TRUE   NULL pointer detection feature is enabled
+  @return FALSE  NULL pointer detection feature is disabled
+**/
+BOOLEAN
+IsNullDetectionEnabled (
+  VOID
+  );
+
+#endif
diff --git a/OvmfPkg/IntelTdx/TdxStartupLib/X64/VirtualMemory.c b/OvmfPkg/IntelTdx/TdxStartupLib/X64/VirtualMemory.c
new file mode 100644
index 000000000000..4aeeb0d3de5b
--- /dev/null
+++ b/OvmfPkg/IntelTdx/TdxStartupLib/X64/VirtualMemory.c
@@ -0,0 +1,935 @@
+/** @file
+  x64-specifc functionality for Page Table Setup.
+
+Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Uefi/UefiBaseType.h>
+#include <Uefi/UefiSpec.h>
+#include <Pi/PiBootMode.h>
+#include <Pi/PiHob.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseLib.h>
+#include <Library/HobLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/PcdLib.h>
+#include <Guid/MemoryTypeInformation.h>
+#include <Guid/MemoryAllocationHob.h>
+#include <Register/Intel/Cpuid.h>
+#include <IndustryStandard/IntelTdx.h>
+#include "PageTables.h"
+
+//
+// Global variable to keep track current available memory used as page table.
+//
+PAGE_TABLE_POOL  *mPageTablePool = NULL;
+
+UINTN  mLevelShift[5] = {
+  0,
+  PAGING_L1_ADDRESS_SHIFT,
+  PAGING_L2_ADDRESS_SHIFT,
+  PAGING_L3_ADDRESS_SHIFT,
+  PAGING_L4_ADDRESS_SHIFT
+};
+
+UINT64  mLevelMask[5] = {
+  0,
+  PAGING_4K_ADDRESS_MASK_64,
+  PAGING_2M_ADDRESS_MASK_64,
+  PAGING_1G_ADDRESS_MASK_64,
+  PAGING_1G_ADDRESS_MASK_64
+};
+
+UINT64  mLevelSize[5] = {
+  0,
+  SIZE_4KB,
+  SIZE_2MB,
+  SIZE_1GB,
+  SIZE_512GB
+};
+
+BOOLEAN
+IsSetNxForStack (
+  VOID
+  )
+{
+  EFI_HOB_GUID_TYPE      *GuidHob;
+  EFI_HOB_PLATFORM_INFO  *PlatformInfo;
+
+  GuidHob = GetFirstGuidHob (&gUefiOvmfPkgTdxPlatformGuid);
+  if (GuidHob == NULL) {
+    ASSERT (FALSE);
+    return FALSE;
+  }
+
+  PlatformInfo = (EFI_HOB_PLATFORM_INFO *)GET_GUID_HOB_DATA (GuidHob);
+
+  return PlatformInfo->PcdSetNxForStack;
+}
+
+/**
+  Clear legacy memory located at the first 4K-page, if available.
+
+  This function traverses the whole HOB list to check if memory from 0 to 4095
+  exists and has not been allocated, and then clear it if so.
+
+  @param HobStart                  The start of HobList passed to DxeCore.
+
+**/
+VOID
+ClearFirst4KPage (
+  IN  VOID  *HobStart
+  )
+{
+  EFI_PEI_HOB_POINTERS  RscHob;
+  EFI_PEI_HOB_POINTERS  MemHob;
+  BOOLEAN               DoClear;
+
+  RscHob.Raw = HobStart;
+  MemHob.Raw = HobStart;
+  DoClear    = FALSE;
+
+  //
+  // Check if page 0 exists and free
+  //
+  while ((RscHob.Raw = GetNextHob (
+                         EFI_HOB_TYPE_RESOURCE_DESCRIPTOR,
+                         RscHob.Raw
+                         )) != NULL)
+  {
+    if ((RscHob.ResourceDescriptor->ResourceType == EFI_RESOURCE_SYSTEM_MEMORY) &&
+        (RscHob.ResourceDescriptor->PhysicalStart == 0))
+    {
+      DoClear = TRUE;
+      //
+      // Make sure memory at 0-4095 has not been allocated.
+      //
+      while ((MemHob.Raw = GetNextHob (
+                             EFI_HOB_TYPE_MEMORY_ALLOCATION,
+                             MemHob.Raw
+                             )) != NULL)
+      {
+        if (MemHob.MemoryAllocation->AllocDescriptor.MemoryBaseAddress
+            < EFI_PAGE_SIZE)
+        {
+          DoClear = FALSE;
+          break;
+        }
+
+        MemHob.Raw = GET_NEXT_HOB (MemHob);
+      }
+
+      break;
+    }
+
+    RscHob.Raw = GET_NEXT_HOB (RscHob);
+  }
+
+  if (DoClear) {
+    DEBUG ((DEBUG_INFO, "Clearing first 4K-page!\r\n"));
+    SetMem (NULL, EFI_PAGE_SIZE, 0);
+  }
+
+  return;
+}
+
+/**
+  Return configure status of NULL pointer detection feature.
+
+  @return TRUE   NULL pointer detection feature is enabled
+  @return FALSE  NULL pointer detection feature is disabled
+
+**/
+BOOLEAN
+IsNullDetectionEnabled (
+  VOID
+  )
+{
+  return ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT0) != 0);
+}
+
+/**
+  The function will check if Execute Disable Bit is available.
+
+  @retval TRUE      Execute Disable Bit is available.
+  @retval FALSE     Execute Disable Bit is not available.
+
+**/
+BOOLEAN
+IsExecuteDisableBitAvailable (
+  VOID
+  )
+{
+  UINT32   RegEax;
+  UINT32   RegEdx;
+  BOOLEAN  Available;
+
+  Available = FALSE;
+  AsmCpuid (0x80000000, &RegEax, NULL, NULL, NULL);
+  if (RegEax >= 0x80000001) {
+    AsmCpuid (0x80000001, NULL, NULL, NULL, &RegEdx);
+    if ((RegEdx & BIT20) != 0) {
+      //
+      // Bit 20: Execute Disable Bit available.
+      //
+      Available = TRUE;
+    }
+  }
+
+  return Available;
+}
+
+/**
+  Check if Execute Disable Bit (IA32_EFER.NXE) should be enabled or not.
+
+  @retval TRUE    IA32_EFER.NXE should be enabled.
+  @retval FALSE   IA32_EFER.NXE should not be enabled.
+
+**/
+BOOLEAN
+IsEnableNonExecNeeded (
+  VOID
+  )
+{
+  if (!IsExecuteDisableBitAvailable ()) {
+    return FALSE;
+  }
+
+  //
+  // XD flag (BIT63) in page table entry is only valid if IA32_EFER.NXE is set.
+  // Features controlled by Following PCDs need this feature to be enabled.
+  //
+  return (IsSetNxForStack () ||
+          FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) != 0 ||
+          PcdGet32 (PcdImageProtectionPolicy) != 0);
+}
+
+/**
+  Enable Execute Disable Bit.
+
+**/
+VOID
+EnableExecuteDisableBit (
+  VOID
+  )
+{
+  UINT64  MsrRegisters;
+
+  MsrRegisters  = AsmReadMsr64 (0xC0000080);
+  MsrRegisters |= BIT11;
+  AsmWriteMsr64 (0xC0000080, MsrRegisters);
+}
+
+/**
+  The function will check if page table entry should be splitted to smaller
+  granularity.
+
+  @param Address      Physical memory address.
+  @param Size         Size of the given physical memory.
+  @param StackBase    Base address of stack.
+  @param StackSize    Size of stack.
+
+  @retval TRUE      Page table should be split.
+  @retval FALSE     Page table should not be split.
+**/
+BOOLEAN
+ToSplitPageTable (
+  IN EFI_PHYSICAL_ADDRESS  Address,
+  IN UINTN                 Size,
+  IN EFI_PHYSICAL_ADDRESS  StackBase,
+  IN UINTN                 StackSize
+  )
+{
+  if (IsNullDetectionEnabled () && (Address == 0)) {
+    return TRUE;
+  }
+
+  if (FixedPcdGetBool (PcdCpuStackGuard)) {
+    if ((StackBase >= Address) && (StackBase < (Address + Size))) {
+      return TRUE;
+    }
+  }
+
+  if (IsSetNxForStack ()) {
+    if ((Address < StackBase + StackSize) && ((Address + Size) > StackBase)) {
+      return TRUE;
+    }
+  }
+
+  return FALSE;
+}
+
+/**
+  Initialize a buffer pool for page table use only.
+
+  To reduce the potential split operation on page table, the pages reserved for
+  page table should be allocated in the times of PAGE_TABLE_POOL_UNIT_PAGES and
+  at the boundary of PAGE_TABLE_POOL_ALIGNMENT. So the page pool is always
+  initialized with number of pages greater than or equal to the given PoolPages.
+
+  Once the pages in the pool are used up, this method should be called again to
+  reserve at least another PAGE_TABLE_POOL_UNIT_PAGES. But usually this won't
+  happen in practice.
+
+  @param PoolPages  The least page number of the pool to be created.
+
+  @retval TRUE    The pool is initialized successfully.
+  @retval FALSE   The memory is out of resource.
+**/
+BOOLEAN
+InitializePageTablePool (
+  IN UINTN  PoolPages
+  )
+{
+  VOID  *Buffer;
+
+  DEBUG ((DEBUG_INFO, "InitializePageTablePool PoolPages=%d\n", PoolPages));
+
+  //
+  // Always reserve at least PAGE_TABLE_POOL_UNIT_PAGES, including one page for
+  // header.
+  //
+  PoolPages += 1;   // Add one page for header.
+  PoolPages  = ((PoolPages - 1) / PAGE_TABLE_POOL_UNIT_PAGES + 1) *
+               PAGE_TABLE_POOL_UNIT_PAGES;
+  Buffer = AllocateAlignedPages (PoolPages, PAGE_TABLE_POOL_ALIGNMENT);
+  if (Buffer == NULL) {
+    DEBUG ((DEBUG_ERROR, "ERROR: Out of aligned pages\r\n"));
+    return FALSE;
+  }
+
+  //
+  // Link all pools into a list for easier track later.
+  //
+  if (mPageTablePool == NULL) {
+    mPageTablePool           = Buffer;
+    mPageTablePool->NextPool = mPageTablePool;
+  } else {
+    ((PAGE_TABLE_POOL *)Buffer)->NextPool = mPageTablePool->NextPool;
+    mPageTablePool->NextPool              = Buffer;
+    mPageTablePool                        = Buffer;
+  }
+
+  //
+  // Reserve one page for pool header.
+  //
+  mPageTablePool->FreePages = PoolPages - 1;
+  mPageTablePool->Offset    = EFI_PAGES_TO_SIZE (1);
+
+  return TRUE;
+}
+
+/**
+  This API provides a way to allocate memory for page table.
+
+  This API can be called more than once to allocate memory for page tables.
+
+  Allocates the number of 4KB pages and returns a pointer to the allocated
+  buffer. The buffer returned is aligned on a 4KB boundary.
+
+  If Pages is 0, then NULL is returned.
+  If there is not enough memory remaining to satisfy the request, then NULL is
+  returned.
+
+  @param  Pages                 The number of 4 KB pages to allocate.
+
+  @return A pointer to the allocated buffer or NULL if allocation fails.
+
+**/
+VOID *
+AllocatePageTableMemory (
+  IN UINTN  Pages
+  )
+{
+  VOID  *Buffer;
+
+  if (Pages == 0) {
+    return NULL;
+  }
+
+  DEBUG ((DEBUG_INFO, "AllocatePageTableMemory. mPageTablePool=%p, Pages=%d\n", mPageTablePool, Pages));
+  //
+  // Renew the pool if necessary.
+  //
+  if ((mPageTablePool == NULL) ||
+      (Pages > mPageTablePool->FreePages))
+  {
+    if (!InitializePageTablePool (Pages)) {
+      return NULL;
+    }
+  }
+
+  Buffer = (UINT8 *)mPageTablePool + mPageTablePool->Offset;
+
+  mPageTablePool->Offset    += EFI_PAGES_TO_SIZE (Pages);
+  mPageTablePool->FreePages -= Pages;
+
+  DEBUG ((
+    DEBUG_INFO,
+    "%a:%a: Buffer=0x%Lx Pages=%ld\n",
+    gEfiCallerBaseName,
+    __FUNCTION__,
+    Buffer,
+    Pages
+    ));
+
+  return Buffer;
+}
+
+/**
+  Split 2M page to 4K.
+
+  @param[in]      PhysicalAddress       Start physical address the 2M page covered.
+  @param[in, out] PageEntry2M           Pointer to 2M page entry.
+  @param[in]      StackBase             Stack base address.
+  @param[in]      StackSize             Stack size.
+
+**/
+VOID
+Split2MPageTo4K (
+  IN EFI_PHYSICAL_ADDRESS  PhysicalAddress,
+  IN OUT UINT64            *PageEntry2M,
+  IN EFI_PHYSICAL_ADDRESS  StackBase,
+  IN UINTN                 StackSize
+  )
+{
+  EFI_PHYSICAL_ADDRESS  PhysicalAddress4K;
+  UINTN                 IndexOfPageTableEntries;
+  PAGE_TABLE_4K_ENTRY   *PageTableEntry;
+
+  DEBUG ((DEBUG_INFO, "Split2MPageTo4K\n"));
+
+  PageTableEntry = AllocatePageTableMemory (1);
+
+  if (PageTableEntry == NULL) {
+    ASSERT (FALSE);
+    return;
+  }
+
+  //
+  // Fill in 2M page entry.
+  //
+  *PageEntry2M = (UINT64)(UINTN)PageTableEntry | IA32_PG_P | IA32_PG_RW;
+
+  PhysicalAddress4K = PhysicalAddress;
+  for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512; IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K += SIZE_4KB) {
+    //
+    // Fill in the Page Table entries
+    //
+    PageTableEntry->Uint64         = (UINT64)PhysicalAddress4K;
+    PageTableEntry->Bits.ReadWrite = 1;
+
+    if ((IsNullDetectionEnabled () && (PhysicalAddress4K == 0)) ||
+        (FixedPcdGetBool (PcdCpuStackGuard) && (PhysicalAddress4K == StackBase)))
+    {
+      PageTableEntry->Bits.Present = 0;
+    } else {
+      PageTableEntry->Bits.Present = 1;
+    }
+
+    if (  IsSetNxForStack ()
+       && (PhysicalAddress4K >= StackBase)
+       && (PhysicalAddress4K < StackBase + StackSize))
+    {
+      //
+      // Set Nx bit for stack.
+      //
+      PageTableEntry->Bits.Nx = 1;
+    }
+  }
+}
+
+/**
+  Split 1G page to 2M.
+
+  @param[in]      PhysicalAddress       Start physical address the 1G page covered.
+  @param[in, out] PageEntry1G           Pointer to 1G page entry.
+  @param[in]      StackBase             Stack base address.
+  @param[in]      StackSize             Stack size.
+
+**/
+VOID
+Split1GPageTo2M (
+  IN EFI_PHYSICAL_ADDRESS  PhysicalAddress,
+  IN OUT UINT64            *PageEntry1G,
+  IN EFI_PHYSICAL_ADDRESS  StackBase,
+  IN UINTN                 StackSize
+  )
+{
+  EFI_PHYSICAL_ADDRESS  PhysicalAddress2M;
+  UINTN                 IndexOfPageDirectoryEntries;
+  PAGE_TABLE_ENTRY      *PageDirectoryEntry;
+
+  PageDirectoryEntry = AllocatePageTableMemory (1);
+
+  if (PageDirectoryEntry == NULL) {
+    ASSERT (FALSE);
+    return;
+  }
+
+  //
+  // Fill in 1G page entry.
+  //
+  *PageEntry1G = (UINT64)(UINTN)PageDirectoryEntry | IA32_PG_P | IA32_PG_RW;
+
+  PhysicalAddress2M = PhysicalAddress;
+  for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M += SIZE_2MB) {
+    if (ToSplitPageTable (PhysicalAddress2M, SIZE_2MB, StackBase, StackSize)) {
+      //
+      // Need to split this 2M page that covers NULL or stack range.
+      //
+      Split2MPageTo4K (PhysicalAddress2M, (UINT64 *)PageDirectoryEntry, StackBase, StackSize);
+    } else {
+      //
+      // Fill in the Page Directory entries
+      //
+      PageDirectoryEntry->Uint64         = (UINT64)PhysicalAddress2M;
+      PageDirectoryEntry->Bits.ReadWrite = 1;
+      PageDirectoryEntry->Bits.Present   = 1;
+      PageDirectoryEntry->Bits.MustBe1   = 1;
+    }
+  }
+}
+
+/**
+  Set one page of page table pool memory to be read-only.
+
+  @param[in] PageTableBase    Base address of page table (CR3).
+  @param[in] Address          Start address of a page to be set as read-only.
+  @param[in] Level4Paging     Level 4 paging flag.
+
+**/
+VOID
+SetPageTablePoolReadOnly (
+  IN  UINTN                 PageTableBase,
+  IN  EFI_PHYSICAL_ADDRESS  Address,
+  IN  BOOLEAN               Level4Paging
+  )
+{
+  UINTN                 Index;
+  UINTN                 EntryIndex;
+  EFI_PHYSICAL_ADDRESS  PhysicalAddress;
+  UINT64                *PageTable;
+  UINT64                *NewPageTable;
+  UINT64                PageAttr;
+  UINTN                 Level;
+  UINT64                PoolUnitSize;
+
+  if (PageTableBase == 0) {
+    ASSERT (FALSE);
+    return;
+  }
+
+  //
+  // Since the page table is always from page table pool, which is always
+  // located at the boundary of PcdPageTablePoolAlignment, we just need to
+  // set the whole pool unit to be read-only.
+  //
+  Address = Address & PAGE_TABLE_POOL_ALIGN_MASK;
+
+  PageTable    = (UINT64 *)(UINTN)PageTableBase;
+  PoolUnitSize = PAGE_TABLE_POOL_UNIT_SIZE;
+
+  for (Level = (Level4Paging) ? 4 : 3; Level > 0; --Level) {
+    Index  = ((UINTN)RShiftU64 (Address, mLevelShift[Level]));
+    Index &= PAGING_PAE_INDEX_MASK;
+
+    PageAttr = PageTable[Index];
+    if ((PageAttr & IA32_PG_PS) == 0) {
+      //
+      // Go to next level of table.
+      //
+      PageTable = (UINT64 *)(UINTN)(PageAttr & PAGING_4K_ADDRESS_MASK_64);
+      continue;
+    }
+
+    if (PoolUnitSize >= mLevelSize[Level]) {
+      //
+      // Clear R/W bit if current page granularity is not larger than pool unit
+      // size.
+      //
+      if ((PageAttr & IA32_PG_RW) != 0) {
+        while (PoolUnitSize > 0) {
+          //
+          // PAGE_TABLE_POOL_UNIT_SIZE and PAGE_TABLE_POOL_ALIGNMENT are fit in
+          // one page (2MB). Then we don't need to update attributes for pages
+          // crossing page directory. ASSERT below is for that purpose.
+          //
+          ASSERT (Index < EFI_PAGE_SIZE/sizeof (UINT64));
+
+          PageTable[Index] &= ~(UINT64)IA32_PG_RW;
+          PoolUnitSize     -= mLevelSize[Level];
+
+          ++Index;
+        }
+      }
+
+      break;
+    } else {
+      //
+      // The smaller granularity of page must be needed.
+      //
+      ASSERT (Level > 1);
+
+      NewPageTable = AllocatePageTableMemory (1);
+
+      if (NewPageTable == NULL) {
+        ASSERT (FALSE);
+        return;
+      }
+
+      PhysicalAddress = PageAttr & mLevelMask[Level];
+      for (EntryIndex = 0;
+           EntryIndex < EFI_PAGE_SIZE/sizeof (UINT64);
+           ++EntryIndex)
+      {
+        NewPageTable[EntryIndex] = PhysicalAddress |
+                                   IA32_PG_P | IA32_PG_RW;
+        if (Level > 2) {
+          NewPageTable[EntryIndex] |= IA32_PG_PS;
+        }
+
+        PhysicalAddress += mLevelSize[Level - 1];
+      }
+
+      PageTable[Index] = (UINT64)(UINTN)NewPageTable |
+                         IA32_PG_P | IA32_PG_RW;
+      PageTable = NewPageTable;
+    }
+  }
+}
+
+/**
+  Prevent the memory pages used for page table from been overwritten.
+
+  @param[in] PageTableBase    Base address of page table (CR3).
+  @param[in] Level4Paging     Level 4 paging flag.
+
+**/
+VOID
+EnablePageTableProtection (
+  IN  UINTN    PageTableBase,
+  IN  BOOLEAN  Level4Paging
+  )
+{
+  PAGE_TABLE_POOL       *HeadPool;
+  PAGE_TABLE_POOL       *Pool;
+  UINT64                PoolSize;
+  EFI_PHYSICAL_ADDRESS  Address;
+
+  DEBUG ((DEBUG_INFO, "EnablePageTableProtection\n"));
+
+  if (mPageTablePool == NULL) {
+    return;
+  }
+
+  //
+  // Disable write protection, because we need to mark page table to be write
+  // protected.
+  //
+  AsmWriteCr0 (AsmReadCr0 () & ~CR0_WP);
+
+  //
+  // SetPageTablePoolReadOnly might update mPageTablePool. It's safer to
+  // remember original one in advance.
+  //
+  HeadPool = mPageTablePool;
+  Pool     = HeadPool;
+  do {
+    Address  = (EFI_PHYSICAL_ADDRESS)(UINTN)Pool;
+    PoolSize = Pool->Offset + EFI_PAGES_TO_SIZE (Pool->FreePages);
+
+    //
+    // The size of one pool must be multiple of PAGE_TABLE_POOL_UNIT_SIZE, which
+    // is one of page size of the processor (2MB by default). Let's apply the
+    // protection to them one by one.
+    //
+    while (PoolSize > 0) {
+      SetPageTablePoolReadOnly (PageTableBase, Address, Level4Paging);
+      Address  += PAGE_TABLE_POOL_UNIT_SIZE;
+      PoolSize -= PAGE_TABLE_POOL_UNIT_SIZE;
+    }
+
+    Pool = Pool->NextPool;
+  } while (Pool != HeadPool);
+
+  //
+  // Enable write protection, after page table attribute updated.
+  //
+  AsmWriteCr0 (AsmReadCr0 () | CR0_WP);
+}
+
+/**
+  Allocates and fills in the Page Directory and Page Table Entries to
+  establish a 1:1 Virtual to Physical mapping.
+
+  @param[in] StackBase  Stack base address.
+  @param[in] StackSize  Stack size.
+
+  @return The address of 4 level page map.
+
+**/
+UINTN
+CreateIdentityMappingPageTables (
+  IN EFI_PHYSICAL_ADDRESS  StackBase,
+  IN UINTN                 StackSize
+  )
+{
+  UINT32                          RegEax;
+  UINT32                          RegEdx;
+  UINT8                           PhysicalAddressBits;
+  EFI_PHYSICAL_ADDRESS            PageAddress;
+  UINTN                           IndexOfPml5Entries;
+  UINTN                           IndexOfPml4Entries;
+  UINTN                           IndexOfPdpEntries;
+  UINTN                           IndexOfPageDirectoryEntries;
+  UINT32                          NumberOfPml5EntriesNeeded;
+  UINT32                          NumberOfPml4EntriesNeeded;
+  UINT32                          NumberOfPdpEntriesNeeded;
+  PAGE_MAP_AND_DIRECTORY_POINTER  *PageMapLevel5Entry;
+  PAGE_MAP_AND_DIRECTORY_POINTER  *PageMapLevel4Entry;
+  PAGE_MAP_AND_DIRECTORY_POINTER  *PageMap;
+  PAGE_MAP_AND_DIRECTORY_POINTER  *PageDirectoryPointerEntry;
+  PAGE_TABLE_ENTRY                *PageDirectoryEntry;
+  UINTN                           TotalPagesNum;
+  UINTN                           BigPageAddress;
+  VOID                            *Hob;
+  BOOLEAN                         Page5LevelSupport;
+  BOOLEAN                         Page1GSupport;
+  PAGE_TABLE_1G_ENTRY             *PageDirectory1GEntry;
+  IA32_CR4                        Cr4;
+
+  //
+  // Set PageMapLevel5Entry to suppress incorrect compiler/analyzer warnings
+  //
+  PageMapLevel5Entry = NULL;
+
+  Page1GSupport = FALSE;
+  if (FixedPcdGetBool (PcdUse1GPageTable)) {
+    AsmCpuid (0x80000000, &RegEax, NULL, NULL, NULL);
+    if (RegEax >= 0x80000001) {
+      AsmCpuid (0x80000001, NULL, NULL, NULL, &RegEdx);
+      if ((RegEdx & BIT26) != 0) {
+        Page1GSupport = TRUE;
+      }
+    }
+  }
+
+  //
+  // Get physical address bits supported.
+  //
+  Hob = GetFirstHob (EFI_HOB_TYPE_CPU);
+  if (Hob == NULL) {
+    ASSERT (FALSE);
+    return 0;
+  }
+
+  PhysicalAddressBits = ((EFI_HOB_CPU *)Hob)->SizeOfMemorySpace;
+
+  //
+  // CPU will already have LA57 enabled so just check CR4
+  Cr4.UintN         = AsmReadCr4 ();
+  Page5LevelSupport = (Cr4.Bits.LA57 ? TRUE : FALSE);
+
+  DEBUG ((
+    DEBUG_INFO,
+    "AddressBits=%u 5LevelPaging=%u 1GPage=%u \n",
+    PhysicalAddressBits,
+    Page5LevelSupport,
+    Page1GSupport
+    ));
+
+  //
+  // Calculate the table entries needed.
+  //
+  NumberOfPml5EntriesNeeded = 1;
+  if (PhysicalAddressBits > 48) {
+    NumberOfPml5EntriesNeeded = (UINT32)LShiftU64 (1, PhysicalAddressBits - 48);
+    PhysicalAddressBits       = 48;
+  }
+
+  NumberOfPml4EntriesNeeded = 1;
+  if (PhysicalAddressBits > 39) {
+    NumberOfPml4EntriesNeeded = (UINT32)LShiftU64 (1, PhysicalAddressBits - 39);
+    PhysicalAddressBits       = 39;
+  }
+
+  NumberOfPdpEntriesNeeded = 1;
+  ASSERT (PhysicalAddressBits > 30);
+  NumberOfPdpEntriesNeeded = (UINT32)LShiftU64 (1, PhysicalAddressBits - 30);
+
+  //
+  // Pre-allocate big pages to avoid later allocations.
+  //
+  if (!Page1GSupport) {
+    TotalPagesNum = ((NumberOfPdpEntriesNeeded + 1) * NumberOfPml4EntriesNeeded + 1) * NumberOfPml5EntriesNeeded + 1;
+  } else {
+    TotalPagesNum = (NumberOfPml4EntriesNeeded + 1) * NumberOfPml5EntriesNeeded + 1;
+  }
+
+  //
+  // Substract the one page occupied by PML5 entries if 5-Level Paging is disabled.
+  //
+  if (!Page5LevelSupport) {
+    TotalPagesNum--;
+  }
+
+  DEBUG ((
+    DEBUG_INFO,
+    "Pml5=%u Pml4=%u Pdp=%u TotalPage=%Lu\n",
+    NumberOfPml5EntriesNeeded,
+    NumberOfPml4EntriesNeeded,
+    NumberOfPdpEntriesNeeded,
+    (UINT64)TotalPagesNum
+    ));
+
+  BigPageAddress = (UINTN)AllocatePageTableMemory (TotalPagesNum);
+  if (BigPageAddress == 0) {
+    ASSERT (FALSE);
+    return 0;
+  }
+
+  DEBUG ((DEBUG_INFO, "BigPageAddress = 0x%llx\n", BigPageAddress));
+
+  //
+  // By architecture only one PageMapLevel4 exists - so lets allocate storage for it.
+  //
+  PageMap = (VOID *)BigPageAddress;
+  if (Page5LevelSupport) {
+    //
+    // By architecture only one PageMapLevel5 exists - so lets allocate storage for it.
+    //
+    PageMapLevel5Entry = PageMap;
+    BigPageAddress    += SIZE_4KB;
+  }
+
+  PageAddress = 0;
+
+  for ( IndexOfPml5Entries = 0
+        ; IndexOfPml5Entries < NumberOfPml5EntriesNeeded
+        ; IndexOfPml5Entries++)
+  {
+    //
+    // Each PML5 entry points to a page of PML4 entires.
+    // So lets allocate space for them and fill them in in the IndexOfPml4Entries loop.
+    // When 5-Level Paging is disabled, below allocation happens only once.
+    //
+    PageMapLevel4Entry = (VOID *)BigPageAddress;
+    BigPageAddress    += SIZE_4KB;
+
+    if (Page5LevelSupport) {
+      //
+      // Make a PML5 Entry
+      //
+      PageMapLevel5Entry->Uint64         = (UINT64)(UINTN)PageMapLevel4Entry;
+      PageMapLevel5Entry->Bits.ReadWrite = 1;
+      PageMapLevel5Entry->Bits.Present   = 1;
+      PageMapLevel5Entry++;
+    }
+
+    for ( IndexOfPml4Entries = 0
+          ; IndexOfPml4Entries < (NumberOfPml5EntriesNeeded == 1 ? NumberOfPml4EntriesNeeded : 512)
+          ; IndexOfPml4Entries++, PageMapLevel4Entry++)
+    {
+      //
+      // Each PML4 entry points to a page of Page Directory Pointer entires.
+      // So lets allocate space for them and fill them in in the IndexOfPdpEntries loop.
+      //
+      PageDirectoryPointerEntry = (VOID *)BigPageAddress;
+      BigPageAddress           += SIZE_4KB;
+
+      //
+      // Make a PML4 Entry
+      //
+      PageMapLevel4Entry->Uint64         = (UINT64)(UINTN)PageDirectoryPointerEntry;
+      PageMapLevel4Entry->Bits.ReadWrite = 1;
+      PageMapLevel4Entry->Bits.Present   = 1;
+
+      if (Page1GSupport) {
+        PageDirectory1GEntry = (VOID *)PageDirectoryPointerEntry;
+
+        for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512; IndexOfPageDirectoryEntries++, PageDirectory1GEntry++, PageAddress += SIZE_1GB) {
+          if (ToSplitPageTable (PageAddress, SIZE_1GB, StackBase, StackSize)) {
+            Split1GPageTo2M (
+              PageAddress,
+              (UINT64 *)PageDirectory1GEntry,
+              StackBase,
+              StackSize
+              );
+          } else {
+            //
+            // Fill in the Page Directory entries
+            //
+            PageDirectory1GEntry->Uint64         = (UINT64)PageAddress;
+            PageDirectory1GEntry->Bits.ReadWrite = 1;
+            PageDirectory1GEntry->Bits.Present   = 1;
+            PageDirectory1GEntry->Bits.MustBe1   = 1;
+          }
+        }
+      } else {
+        for ( IndexOfPdpEntries = 0
+              ; IndexOfPdpEntries < (NumberOfPml4EntriesNeeded == 1 ? NumberOfPdpEntriesNeeded : 512)
+              ; IndexOfPdpEntries++, PageDirectoryPointerEntry++)
+        {
+          //
+          // Each Directory Pointer entries points to a page of Page Directory entires.
+          // So allocate space for them and fill them in in the IndexOfPageDirectoryEntries loop.
+          //
+          PageDirectoryEntry = (VOID *)BigPageAddress;
+          BigPageAddress    += SIZE_4KB;
+
+          //
+          // Fill in a Page Directory Pointer Entries
+          //
+          PageDirectoryPointerEntry->Uint64         = (UINT64)(UINTN)PageDirectoryEntry;
+          PageDirectoryPointerEntry->Bits.ReadWrite = 1;
+          PageDirectoryPointerEntry->Bits.Present   = 1;
+
+          for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PageAddress += SIZE_2MB) {
+            if (ToSplitPageTable (PageAddress, SIZE_2MB, StackBase, StackSize)) {
+              //
+              // Need to split this 2M page that covers NULL or stack range.
+              //
+              Split2MPageTo4K (PageAddress, (UINT64 *)PageDirectoryEntry, StackBase, StackSize);
+            } else {
+              //
+              // Fill in the Page Directory entries
+              //
+              PageDirectoryEntry->Uint64         = (UINT64)PageAddress;
+              PageDirectoryEntry->Bits.ReadWrite = 1;
+              PageDirectoryEntry->Bits.Present   = 1;
+              PageDirectoryEntry->Bits.MustBe1   = 1;
+            }
+          }
+        }
+
+        //
+        // Fill with null entry for unused PDPTE
+        //
+        ZeroMem (PageDirectoryPointerEntry, (512 - IndexOfPdpEntries) * sizeof (PAGE_MAP_AND_DIRECTORY_POINTER));
+      }
+    }
+
+    //
+    // For the PML4 entries we are not using fill in a null entry.
+    //
+    ZeroMem (PageMapLevel4Entry, (512 - IndexOfPml4Entries) * sizeof (PAGE_MAP_AND_DIRECTORY_POINTER));
+  }
+
+  if (Page5LevelSupport) {
+    //
+    // For the PML5 entries we are not using fill in a null entry.
+    //
+    ZeroMem (PageMapLevel5Entry, (512 - IndexOfPml5Entries) * sizeof (PAGE_MAP_AND_DIRECTORY_POINTER));
+  }
+
+  //
+  // Protect the page table by marking the memory used for page table to be
+  // read-only.
+  //
+  EnablePageTableProtection ((UINTN)PageMap, TRUE);
+
+  return (UINTN)PageMap;
+}
diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 161ac9b48c21..97f238396e53 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -121,6 +121,10 @@
   #
   PlatformInitLib|Include/Library/PlatformInitLib.h
 
+  ##  @libraryclass  TdxStartupLib
+  #
+  TdxStartupLib|Include/Library/TdxStartupLib.h
+
 [Guids]
   gUefiOvmfPkgTokenSpaceGuid            = {0x93bb96af, 0xb9f2, 0x4eb8, {0x94, 0x62, 0xe0, 0xba, 0x74, 0x56, 0x42, 0x36}}
   gEfiXenInfoGuid                       = {0xd3b46f3b, 0xd441, 0x1244, {0x9a, 0x12, 0x0, 0x12, 0x27, 0x3f, 0xc1, 0x4d}}
-- 
2.29.2.windows.2


^ permalink raw reply related	[flat|nested] 35+ messages in thread

* [PATCH V2 07/10] OvmfPkg/IntelTdx: Add Sec to bring up both Legacy and Tdx guest
  2022-01-25  6:33 [PATCH V2 00/10] Introduce TDVF Config-B (basic) in OvmfPkg Min Xu
                   ` (5 preceding siblings ...)
  2022-01-25  6:33 ` [PATCH V2 06/10] OvmfPkg: Add TdxStartupLib Min Xu
@ 2022-01-25  6:33 ` Min Xu
  2022-01-27 13:42   ` Gerd Hoffmann
  2022-01-25  6:33 ` [PATCH V2 08/10] OvmfPkg: Update TdxDxe to set TDX PCDs Min Xu
                   ` (2 subsequent siblings)
  9 siblings, 1 reply; 35+ messages in thread
From: Min Xu @ 2022-01-25  6:33 UTC (permalink / raw)
  To: devel
  Cc: Min Xu, Michael D Kinney, Brijesh Singh, Erdem Aktas,
	James Bottomley, Jiewen Yao, Tom Lendacky, Gerd Hoffmann

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

OvmfPkg/IntelTdx/Sec is a simplied version of OvmfPkg/Sec. There
are below differences between these 2 Sec
 - IntelTdx/Sec only supports Legacy guest and Tdx guest.
 - IntelTdx/Sec calls TdxStartup () to jump from SEC to DXE directly.
 - IntelTdx/Sec only supports X64.
 - IntelTdx/Sec uses MemoryAllocationLib / HobLib / PrePiLib in
   EmbeddedPkg.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 OvmfPkg/IntelTdx/Sec/IntelTdx.c        | 508 +++++++++++++++++++++++++
 OvmfPkg/IntelTdx/Sec/IntelTdx.h        |  46 +++
 OvmfPkg/IntelTdx/Sec/SecMain.c         | 200 ++++++++++
 OvmfPkg/IntelTdx/Sec/SecMain.inf       |  73 ++++
 OvmfPkg/IntelTdx/Sec/X64/SecEntry.nasm | 151 ++++++++
 5 files changed, 978 insertions(+)
 create mode 100644 OvmfPkg/IntelTdx/Sec/IntelTdx.c
 create mode 100644 OvmfPkg/IntelTdx/Sec/IntelTdx.h
 create mode 100644 OvmfPkg/IntelTdx/Sec/SecMain.c
 create mode 100644 OvmfPkg/IntelTdx/Sec/SecMain.inf
 create mode 100644 OvmfPkg/IntelTdx/Sec/X64/SecEntry.nasm

diff --git a/OvmfPkg/IntelTdx/Sec/IntelTdx.c b/OvmfPkg/IntelTdx/Sec/IntelTdx.c
new file mode 100644
index 000000000000..aae64fd155e2
--- /dev/null
+++ b/OvmfPkg/IntelTdx/Sec/IntelTdx.c
@@ -0,0 +1,508 @@
+/** @file
+
+  Copyright (c) 2008, Intel Corporation. All rights reserved.<BR>
+  (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+#include <Uefi/UefiSpec.h>
+#include <Uefi/UefiBaseType.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/PrePiLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <IndustryStandard/UefiTcgPlatform.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/SynchronizationLib.h>
+#include <Library/TdxLib.h>
+#include <IndustryStandard/Tdx.h>
+#include <IndustryStandard/IntelTdx.h>
+#include <WorkArea.h>
+#include "IntelTdx.h"
+
+#define ALIGNED_2MB_MASK  0x1fffff
+
+#define GET_HOB_TYPE(Hob)     ((Hob).Header->HobType)
+#define GET_HOB_LENGTH(Hob)   ((Hob).Header->HobLength)
+#define GET_NEXT_HOB(Hob)     ((Hob).Raw + GET_HOB_LENGTH (Hob))
+#define END_OF_HOB_LIST(Hob)  (GET_HOB_TYPE (Hob) == EFI_HOB_TYPE_END_OF_HOB_LIST)
+
+/**
+  Check TDX is enabled.
+
+  @retval    TRUE   TDX is enabled
+  @retval    FALSE  TDX is not enabled
+**/
+BOOLEAN
+SecTdxIsEnabled (
+  VOID
+  )
+{
+  CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER  *CcWorkAreaHeader;
+
+  CcWorkAreaHeader = (CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER *)FixedPcdGet32 (PcdOvmfWorkAreaBase);
+  return (CcWorkAreaHeader != NULL && CcWorkAreaHeader->GuestType == GUEST_TYPE_INTEL_TDX);
+}
+
+/**
+  This function will be called to accept pages. Only BSP accepts pages.
+
+  TDCALL(ACCEPT_PAGE) supports the accept page size of 4k and 2M. To
+  simplify the implementation, the Memory to be accpeted is splitted
+  into 3 parts:
+  -----------------  <-- StartAddress1 (not 2M aligned)
+  |  part 1       |      Length1 < 2M
+  |---------------|  <-- StartAddress2 (2M aligned)
+  |               |      Length2 = Integer multiples of 2M
+  |  part 2       |
+  |               |
+  |---------------|  <-- StartAddress3
+  |  part 3       |      Length3 < 2M
+  |---------------|
+
+  @param[in] PhysicalAddress   Start physical adress
+  @param[in] PhysicalEnd       End physical address
+
+  @retval    EFI_SUCCESS       Accept memory successfully
+  @retval    Others            Other errors as indicated
+**/
+EFI_STATUS
+EFIAPI
+BspAcceptMemoryResourceRange (
+  IN EFI_PHYSICAL_ADDRESS  PhysicalAddress,
+  IN EFI_PHYSICAL_ADDRESS  PhysicalEnd
+  )
+{
+  EFI_STATUS  Status;
+  UINT32      AcceptPageSize;
+  UINT64      StartAddress1;
+  UINT64      StartAddress2;
+  UINT64      StartAddress3;
+  UINT64      TotalLength;
+  UINT64      Length1;
+  UINT64      Length2;
+  UINT64      Length3;
+  UINT64      Pages;
+
+  AcceptPageSize = FixedPcdGet32 (PcdTdxAcceptPageSize);
+  TotalLength    = PhysicalEnd - PhysicalAddress;
+  StartAddress1  = 0;
+  StartAddress2  = 0;
+  StartAddress3  = 0;
+  Length1        = 0;
+  Length2        = 0;
+  Length3        = 0;
+
+  if (TotalLength == 0) {
+    return EFI_SUCCESS;
+  }
+
+  if ((AcceptPageSize == SIZE_4KB) || (TotalLength <= SIZE_2MB)) {
+    //
+    // if total length is less than 2M, then we accept pages in 4k
+    //
+    StartAddress2  = PhysicalAddress;
+    Length2        = PhysicalEnd - PhysicalAddress;
+    AcceptPageSize = SIZE_4KB;
+  } else if (AcceptPageSize == SIZE_2MB) {
+    //
+    // Total length is bigger than 2M and Page Accept size 2M is supported.
+    //
+    if ((PhysicalAddress & ALIGNED_2MB_MASK) == 0) {
+      //
+      // Start address is 2M aligned
+      //
+      StartAddress2 = PhysicalAddress;
+      Length2       = TotalLength & ~(UINT64)ALIGNED_2MB_MASK;
+
+      if (TotalLength > Length2) {
+        //
+        // There is remaining part 3)
+        //
+        StartAddress3 = StartAddress2 + Length2;
+        Length3       = TotalLength - Length2;
+        ASSERT (Length3 < SIZE_2MB);
+      }
+    } else {
+      //
+      // Start address is not 2M aligned and total length is bigger than 2M.
+      //
+      StartAddress1 = PhysicalAddress;
+      ASSERT (TotalLength > SIZE_2MB);
+      Length1 = SIZE_2MB - (PhysicalAddress & ALIGNED_2MB_MASK);
+      if (TotalLength - Length1 < SIZE_2MB) {
+        //
+        // The Part 2) length is less than 2MB, so let's accept all the
+        // memory in 4K
+        //
+        Length1 = TotalLength;
+      } else {
+        StartAddress2 = PhysicalAddress + Length1;
+        Length2       = (TotalLength - Length1) & ~(UINT64)ALIGNED_2MB_MASK;
+        Length3       = TotalLength - Length1 - Length2;
+        StartAddress3 = Length3 > 0 ? StartAddress2 + Length2 : 0;
+        ASSERT (Length3 < SIZE_2MB);
+      }
+    }
+  }
+
+  DEBUG ((DEBUG_INFO, "TdAccept: 0x%llx - 0x%llx\n", PhysicalAddress, TotalLength));
+  DEBUG ((DEBUG_INFO, "   Part1: 0x%llx - 0x%llx\n", StartAddress1, Length1));
+  DEBUG ((DEBUG_INFO, "   Part2: 0x%llx - 0x%llx\n", StartAddress2, Length2));
+  DEBUG ((DEBUG_INFO, "   Part3: 0x%llx - 0x%llx\n", StartAddress3, Length3));
+  DEBUG ((DEBUG_INFO, "   Page : 0x%x\n", AcceptPageSize));
+
+  Status = EFI_SUCCESS;
+  if (Length1 > 0) {
+    Pages  = Length1 / SIZE_4KB;
+    Status = TdAcceptPages (StartAddress1, Pages, SIZE_4KB);
+    if (EFI_ERROR (Status)) {
+      return Status;
+    }
+  }
+
+  if (Length2 > 0) {
+    Pages  = Length2 / AcceptPageSize;
+    Status = TdAcceptPages (StartAddress2, Pages, AcceptPageSize);
+    if (EFI_ERROR (Status)) {
+      return Status;
+    }
+  }
+
+  if (Length3 > 0) {
+    Pages  = Length3 / SIZE_4KB;
+    Status = TdAcceptPages (StartAddress3, Pages, SIZE_4KB);
+    ASSERT (!EFI_ERROR (Status));
+    if (EFI_ERROR (Status)) {
+      return Status;
+    }
+  }
+
+  return Status;
+}
+
+/**
+  Check the value whether in the valid list.
+
+  @param[in] Value             A value
+  @param[in] ValidList         A pointer to valid list
+  @param[in] ValidListLength   Length of valid list
+
+  @retval  TRUE   The value is in valid list.
+  @retval  FALSE  The value is not in valid list.
+
+**/
+BOOLEAN
+EFIAPI
+IsInValidList (
+  IN UINT32  Value,
+  IN UINT32  *ValidList,
+  IN UINT32  ValidListLength
+  )
+{
+  UINT32  index;
+
+  if (ValidList == NULL) {
+    return FALSE;
+  }
+
+  for (index = 0; index < ValidListLength; index++) {
+    if (ValidList[index] == Value) {
+      return TRUE;
+    }
+  }
+
+  return FALSE;
+}
+
+/**
+  Check the integrity of VMM Hob List.
+
+  @param[in] VmmHobList   A pointer to Hob List
+
+  @retval  TRUE     The Hob List is valid.
+  @retval  FALSE    The Hob List is invalid.
+
+**/
+BOOLEAN
+EFIAPI
+ValidateHobList (
+  IN CONST VOID  *VmmHobList
+  )
+{
+  EFI_PEI_HOB_POINTERS  Hob;
+  UINT32                EFI_BOOT_MODE_LIST[12] = {
+    BOOT_WITH_FULL_CONFIGURATION,
+    BOOT_WITH_MINIMAL_CONFIGURATION,
+    BOOT_ASSUMING_NO_CONFIGURATION_CHANGES,
+    BOOT_WITH_FULL_CONFIGURATION_PLUS_DIAGNOSTICS,
+    BOOT_WITH_DEFAULT_SETTINGS,
+    BOOT_ON_S4_RESUME,
+    BOOT_ON_S5_RESUME,
+    BOOT_WITH_MFG_MODE_SETTINGS,
+    BOOT_ON_S2_RESUME,
+    BOOT_ON_S3_RESUME,
+    BOOT_ON_FLASH_UPDATE,
+    BOOT_IN_RECOVERY_MODE
+  };
+
+  UINT32  EFI_RESOURCE_TYPE_LIST[8] = {
+    EFI_RESOURCE_SYSTEM_MEMORY,
+    EFI_RESOURCE_MEMORY_MAPPED_IO,
+    EFI_RESOURCE_IO,
+    EFI_RESOURCE_FIRMWARE_DEVICE,
+    EFI_RESOURCE_MEMORY_MAPPED_IO_PORT,
+    EFI_RESOURCE_MEMORY_RESERVED,
+    EFI_RESOURCE_IO_RESERVED,
+    EFI_RESOURCE_MAX_MEMORY_TYPE
+  };
+
+  if (VmmHobList == NULL) {
+    DEBUG ((DEBUG_ERROR, "HOB: HOB data pointer is NULL\n"));
+    return FALSE;
+  }
+
+  Hob.Raw = (UINT8 *)VmmHobList;
+
+  //
+  // Parse the HOB list until end of list or matching type is found.
+  //
+  while (!END_OF_HOB_LIST (Hob)) {
+    if (Hob.Header->Reserved != (UINT32)0) {
+      DEBUG ((DEBUG_ERROR, "HOB: Hob header Reserved filed should be zero\n"));
+      return FALSE;
+    }
+
+    if (Hob.Header->HobLength == 0) {
+      DEBUG ((DEBUG_ERROR, "HOB: Hob header LEANGTH should not be zero\n"));
+      return FALSE;
+    }
+
+    switch (Hob.Header->HobType) {
+      case EFI_HOB_TYPE_HANDOFF:
+        if (Hob.Header->HobLength != sizeof (EFI_HOB_HANDOFF_INFO_TABLE)) {
+          DEBUG ((DEBUG_ERROR, "HOB: Hob length is not equal corresponding hob structure. Type: 0x%04x\n", EFI_HOB_TYPE_HANDOFF));
+          return FALSE;
+        }
+
+        if (IsInValidList (Hob.HandoffInformationTable->BootMode, EFI_BOOT_MODE_LIST, 12) == FALSE) {
+          DEBUG ((DEBUG_ERROR, "HOB: Unknow HandoffInformationTable BootMode type. Type: 0x%08x\n", Hob.HandoffInformationTable->BootMode));
+          return FALSE;
+        }
+
+        if ((Hob.HandoffInformationTable->EfiFreeMemoryTop % 4096) != 0) {
+          DEBUG ((DEBUG_ERROR, "HOB: HandoffInformationTable EfiFreeMemoryTop address must be 4-KB aligned to meet page restrictions of UEFI.\
+                               Address: 0x%016lx\n", Hob.HandoffInformationTable->EfiFreeMemoryTop));
+          return FALSE;
+        }
+
+        break;
+
+      case EFI_HOB_TYPE_RESOURCE_DESCRIPTOR:
+        if (Hob.Header->HobLength != sizeof (EFI_HOB_RESOURCE_DESCRIPTOR)) {
+          DEBUG ((DEBUG_ERROR, "HOB: Hob length is not equal corresponding hob structure. Type: 0x%04x\n", EFI_HOB_TYPE_RESOURCE_DESCRIPTOR));
+          return FALSE;
+        }
+
+        if (IsInValidList (Hob.ResourceDescriptor->ResourceType, EFI_RESOURCE_TYPE_LIST, 8) == FALSE) {
+          DEBUG ((DEBUG_ERROR, "HOB: Unknow ResourceDescriptor ResourceType type. Type: 0x%08x\n", Hob.ResourceDescriptor->ResourceType));
+          return FALSE;
+        }
+
+        if ((Hob.ResourceDescriptor->ResourceAttribute & (~(EFI_RESOURCE_ATTRIBUTE_PRESENT |
+                                                            EFI_RESOURCE_ATTRIBUTE_INITIALIZED |
+                                                            EFI_RESOURCE_ATTRIBUTE_TESTED |
+                                                            EFI_RESOURCE_ATTRIBUTE_READ_PROTECTED |
+                                                            EFI_RESOURCE_ATTRIBUTE_WRITE_PROTECTED |
+                                                            EFI_RESOURCE_ATTRIBUTE_EXECUTION_PROTECTED |
+                                                            EFI_RESOURCE_ATTRIBUTE_PERSISTENT |
+                                                            EFI_RESOURCE_ATTRIBUTE_SINGLE_BIT_ECC |
+                                                            EFI_RESOURCE_ATTRIBUTE_MULTIPLE_BIT_ECC |
+                                                            EFI_RESOURCE_ATTRIBUTE_ECC_RESERVED_1 |
+                                                            EFI_RESOURCE_ATTRIBUTE_ECC_RESERVED_2 |
+                                                            EFI_RESOURCE_ATTRIBUTE_UNCACHEABLE |
+                                                            EFI_RESOURCE_ATTRIBUTE_WRITE_COMBINEABLE |
+                                                            EFI_RESOURCE_ATTRIBUTE_WRITE_THROUGH_CACHEABLE |
+                                                            EFI_RESOURCE_ATTRIBUTE_WRITE_BACK_CACHEABLE |
+                                                            EFI_RESOURCE_ATTRIBUTE_16_BIT_IO |
+                                                            EFI_RESOURCE_ATTRIBUTE_32_BIT_IO |
+                                                            EFI_RESOURCE_ATTRIBUTE_64_BIT_IO |
+                                                            EFI_RESOURCE_ATTRIBUTE_UNCACHED_EXPORTED |
+                                                            EFI_RESOURCE_ATTRIBUTE_READ_PROTECTABLE |
+                                                            EFI_RESOURCE_ATTRIBUTE_WRITE_PROTECTABLE |
+                                                            EFI_RESOURCE_ATTRIBUTE_EXECUTION_PROTECTABLE |
+                                                            EFI_RESOURCE_ATTRIBUTE_PERSISTABLE |
+                                                            EFI_RESOURCE_ATTRIBUTE_READ_ONLY_PROTECTED |
+                                                            EFI_RESOURCE_ATTRIBUTE_READ_ONLY_PROTECTABLE |
+                                                            EFI_RESOURCE_ATTRIBUTE_MORE_RELIABLE |
+                                                            EFI_RESOURCE_ATTRIBUTE_ENCRYPTED))) != 0)
+        {
+          DEBUG ((DEBUG_ERROR, "HOB: Unknow ResourceDescriptor ResourceAttribute type. Type: 0x%08x\n", Hob.ResourceDescriptor->ResourceAttribute));
+          return FALSE;
+        }
+
+        break;
+
+      // EFI_HOB_GUID_TYPE is variable length data, so skip check
+      case EFI_HOB_TYPE_GUID_EXTENSION:
+        break;
+
+      case EFI_HOB_TYPE_FV:
+        if (Hob.Header->HobLength != sizeof (EFI_HOB_FIRMWARE_VOLUME)) {
+          DEBUG ((DEBUG_ERROR, "HOB: Hob length is not equal corresponding hob structure. Type: 0x%04x\n", EFI_HOB_TYPE_FV));
+          return FALSE;
+        }
+
+        break;
+
+      case EFI_HOB_TYPE_FV2:
+        if (Hob.Header->HobLength != sizeof (EFI_HOB_FIRMWARE_VOLUME2)) {
+          DEBUG ((DEBUG_ERROR, "HOB: Hob length is not equal corresponding hob structure. Type: 0x%04x\n", EFI_HOB_TYPE_FV2));
+          return FALSE;
+        }
+
+        break;
+
+      case EFI_HOB_TYPE_FV3:
+        if (Hob.Header->HobLength != sizeof (EFI_HOB_FIRMWARE_VOLUME3)) {
+          DEBUG ((DEBUG_ERROR, "HOB: Hob length is not equal corresponding hob structure. Type: 0x%04x\n", EFI_HOB_TYPE_FV3));
+          return FALSE;
+        }
+
+        break;
+
+      case EFI_HOB_TYPE_CPU:
+        if (Hob.Header->HobLength != sizeof (EFI_HOB_CPU)) {
+          DEBUG ((DEBUG_ERROR, "HOB: Hob length is not equal corresponding hob structure. Type: 0x%04x\n", EFI_HOB_TYPE_CPU));
+          return FALSE;
+        }
+
+        for (UINT32 index = 0; index < 6; index++) {
+          if (Hob.Cpu->Reserved[index] != 0) {
+            DEBUG ((DEBUG_ERROR, "HOB: Cpu Reserved field will always be set to zero.\n"));
+            return FALSE;
+          }
+        }
+
+        break;
+
+      default:
+        DEBUG ((DEBUG_ERROR, "HOB: Hob type is not know. Type: 0x%04x\n", Hob.Header->HobType));
+        return FALSE;
+    }
+
+    // Get next HOB
+    Hob.Raw = (UINT8 *)(Hob.Raw + Hob.Header->HobLength);
+  }
+
+  return TRUE;
+}
+
+/**
+  Processing the incoming HobList for the TDX
+
+  Firmware must parse list, and accept the pages of memory before their can be
+  use by the guest.
+
+  @param[in] VmmHobList    The Hoblist pass the firmware
+
+  @retval  EFI_SUCCESS     Process the HobList successfully
+  @retval  Others          Other errors as indicated
+
+**/
+EFI_STATUS
+EFIAPI
+ProcessHobList (
+  IN CONST VOID  *VmmHobList
+  )
+{
+  EFI_STATUS            Status;
+  EFI_PEI_HOB_POINTERS  Hob;
+  EFI_PHYSICAL_ADDRESS  PhysicalEnd;
+
+  Status = EFI_SUCCESS;
+  ASSERT (VmmHobList != NULL);
+  Hob.Raw = (UINT8 *)VmmHobList;
+
+  //
+  // Parse the HOB list until end of list or matching type is found.
+  //
+  while (!END_OF_HOB_LIST (Hob)) {
+    if (Hob.Header->HobType == EFI_HOB_TYPE_RESOURCE_DESCRIPTOR) {
+      DEBUG ((DEBUG_INFO, "\nResourceType: 0x%x\n", Hob.ResourceDescriptor->ResourceType));
+
+      if (Hob.ResourceDescriptor->ResourceType == EFI_RESOURCE_SYSTEM_MEMORY) {
+        DEBUG ((DEBUG_INFO, "ResourceAttribute: 0x%x\n", Hob.ResourceDescriptor->ResourceAttribute));
+        DEBUG ((DEBUG_INFO, "PhysicalStart: 0x%llx\n", Hob.ResourceDescriptor->PhysicalStart));
+        DEBUG ((DEBUG_INFO, "ResourceLength: 0x%llx\n", Hob.ResourceDescriptor->ResourceLength));
+        DEBUG ((DEBUG_INFO, "Owner: %g\n\n", &Hob.ResourceDescriptor->Owner));
+
+        PhysicalEnd = Hob.ResourceDescriptor->PhysicalStart + Hob.ResourceDescriptor->ResourceLength;
+
+        Status = BspAcceptMemoryResourceRange (
+                   Hob.ResourceDescriptor->PhysicalStart,
+                   PhysicalEnd
+                   );
+        if (EFI_ERROR (Status)) {
+          break;
+        }
+      }
+    }
+
+    Hob.Raw = GET_NEXT_HOB (Hob);
+  }
+
+  return Status;
+}
+
+/**
+  In Tdx guest, some information need to be passed from host VMM to guest
+  firmware. For example, the memory resource, etc. These information are
+  prepared by host VMM and put in HobList which is described in TdxMetadata.
+
+  Information in HobList is treated as external input. From the security
+  perspective before it is consumed, it should be validated.
+
+  @retval   EFI_SUCCESS   Successfully process the hoblist
+  @retval   Others        Other error as indicated
+**/
+EFI_STATUS
+EFIAPI
+ProcessTdxHobList (
+  VOID
+  )
+{
+  EFI_STATUS      Status;
+  VOID            *TdHob;
+  TD_RETURN_DATA  TdReturnData;
+
+  TdHob  = (VOID *)(UINTN)FixedPcdGet32 (PcdOvmfSecGhcbBase);
+  Status = TdCall (TDCALL_TDINFO, 0, 0, 0, &TdReturnData);
+  if (EFI_ERROR (Status)) {
+    return Status;
+  }
+
+  DEBUG ((
+    DEBUG_INFO,
+    "Intel Tdx Started with (GPAW: %d, Cpus: %d)\n",
+    TdReturnData.TdInfo.Gpaw,
+    TdReturnData.TdInfo.NumVcpus
+    ));
+
+  //
+  // Validate HobList
+  //
+  if (ValidateHobList (TdHob) == FALSE) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  //
+  // Process Hoblist to accept memory
+  //
+  Status = ProcessHobList (TdHob);
+
+  return Status;
+}
diff --git a/OvmfPkg/IntelTdx/Sec/IntelTdx.h b/OvmfPkg/IntelTdx/Sec/IntelTdx.h
new file mode 100644
index 000000000000..ddd09eff34cd
--- /dev/null
+++ b/OvmfPkg/IntelTdx/Sec/IntelTdx.h
@@ -0,0 +1,46 @@
+/** @file
+
+  Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef SEC_INTEL_TDX_H_
+#define SEC_INTEL_TDX_H_
+
+#include <PiPei.h>
+#include <Library/BaseLib.h>
+#include <Uefi/UefiSpec.h>
+#include <Uefi/UefiBaseType.h>
+#include <IndustryStandard/UefiTcgPlatform.h>
+
+/**
+  Check TDX is enabled.
+
+  @retval    TRUE   TDX is enabled
+  @retval    FALSE  TDX is not enabled
+**/
+BOOLEAN
+SecTdxIsEnabled (
+  VOID
+  );
+
+/**
+  In Tdx guest, some information need to be passed from host VMM to guest
+  firmware. For example, the memory resource, etc. These information are
+  prepared by host VMM and put in HobList which is described in TdxMetadata.
+
+  Information in HobList is treated as external input. From the security
+  perspective before it is consumed, it should be validated.
+
+  @retval   EFI_SUCCESS   Successfully process the hoblist
+  @retval   Others        Other error as indicated
+**/
+EFI_STATUS
+EFIAPI
+ProcessTdxHobList (
+  VOID
+  );
+
+#endif
diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.c b/OvmfPkg/IntelTdx/Sec/SecMain.c
new file mode 100644
index 000000000000..374e7cc7eeb6
--- /dev/null
+++ b/OvmfPkg/IntelTdx/Sec/SecMain.c
@@ -0,0 +1,200 @@
+/** @file
+  Main SEC phase code.  Transitions to PEI.
+
+  Copyright (c) 2008 - 2015, Intel Corporation. All rights reserved.<BR>
+  (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+  Copyright (c) 2020, Advanced Micro Devices, Inc. All rights reserved.<BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+
+#include <Library/PeimEntryPoint.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/PcdLib.h>
+#include <Library/UefiCpuLib.h>
+#include <Library/DebugAgentLib.h>
+#include <Library/IoLib.h>
+#include <Library/PeCoffLib.h>
+#include <Library/PeCoffGetEntryPointLib.h>
+#include <Library/LocalApicLib.h>
+#include <Library/CpuExceptionHandlerLib.h>
+#include <IndustryStandard/Tdx.h>
+#include <Library/TdxLib.h>
+
+#include "IntelTdx.h"
+
+#include <Library/TdxStartupLib.h>
+
+#define SEC_IDT_ENTRY_COUNT  34
+
+typedef struct _SEC_IDT_TABLE {
+  EFI_PEI_SERVICES            *PeiService;
+  IA32_IDT_GATE_DESCRIPTOR    IdtTable[SEC_IDT_ENTRY_COUNT];
+} SEC_IDT_TABLE;
+
+//
+// Template of an IDT entry pointing to 10:FFFFFFE4h.
+//
+IA32_IDT_GATE_DESCRIPTOR  mIdtEntryTemplate = {
+  {                                      // Bits
+    0xffe4,                              // OffsetLow
+    0x10,                                // Selector
+    0x0,                                 // Reserved_0
+    IA32_IDT_GATE_TYPE_INTERRUPT_32,     // GateType
+    0xffff                               // OffsetHigh
+  }
+};
+
+VOID
+EFIAPI
+SecCoreStartupWithStack (
+  IN EFI_FIRMWARE_VOLUME_HEADER  *BootFv,
+  IN VOID                        *TopOfCurrentStack
+  )
+{
+  EFI_SEC_PEI_HAND_OFF  SecCoreData;
+  SEC_IDT_TABLE         IdtTableInStack;
+  IA32_DESCRIPTOR       IdtDescriptor;
+  UINT32                Index;
+  volatile UINT8        *Table;
+
+  if (SecTdxIsEnabled ()) {
+    //
+    // For Td guests, the memory map info is in TdHobLib. It should be processed
+    // first so that the memory is accepted. Otherwise access to the unaccepted
+    // memory will trigger tripple fault.
+    //
+    if (ProcessTdxHobList () != EFI_SUCCESS) {
+      CpuDeadLoop ();
+    }
+  }
+
+  //
+  // To ensure SMM can't be compromised on S3 resume, we must force re-init of
+  // the BaseExtractGuidedSectionLib. Since this is before library contructors
+  // are called, we must use a loop rather than SetMem.
+  //
+  Table = (UINT8 *)(UINTN)FixedPcdGet64 (PcdGuidedExtractHandlerTableAddress);
+  for (Index = 0;
+       Index < FixedPcdGet32 (PcdGuidedExtractHandlerTableSize);
+       ++Index)
+  {
+    Table[Index] = 0;
+  }
+
+  //
+  // Initialize IDT - Since this is before library constructors are called,
+  // we use a loop rather than CopyMem.
+  //
+  IdtTableInStack.PeiService = NULL;
+
+  for (Index = 0; Index < SEC_IDT_ENTRY_COUNT; Index++) {
+    //
+    // Declare the local variables that actually move the data elements as
+    // volatile to prevent the optimizer from replacing this function with
+    // the intrinsic memcpy()
+    //
+    CONST UINT8     *Src;
+    volatile UINT8  *Dst;
+    UINTN           Byte;
+
+    Src = (CONST UINT8 *)&mIdtEntryTemplate;
+    Dst = (volatile UINT8 *)&IdtTableInStack.IdtTable[Index];
+
+    for (Byte = 0; Byte < sizeof (mIdtEntryTemplate); Byte++) {
+      Dst[Byte] = Src[Byte];
+    }
+  }
+
+  IdtDescriptor.Base  = (UINTN)&IdtTableInStack.IdtTable;
+  IdtDescriptor.Limit = (UINT16)(sizeof (IdtTableInStack.IdtTable) - 1);
+
+  ProcessLibraryConstructorList (NULL, NULL);
+
+  //
+  // Load the IDTR.
+  //
+  AsmWriteIdtr (&IdtDescriptor);
+
+  if (SecTdxIsEnabled ()) {
+    //
+    // InitializeCpuExceptionHandlers () should be called in Td guests so that
+    // #VE exceptions can be handled correctly.
+    //
+    InitializeCpuExceptionHandlers (NULL);
+  }
+
+  DEBUG ((
+    DEBUG_INFO,
+    "SecCoreStartupWithStack(0x%x, 0x%x)\n",
+    (UINT32)(UINTN)BootFv,
+    (UINT32)(UINTN)TopOfCurrentStack
+    ));
+
+  //
+  // Initialize floating point operating environment
+  // to be compliant with UEFI spec.
+  //
+  InitializeFloatingPointUnits ();
+
+  //
+  // ASSERT that the Page Tables were set by the reset vector code to
+  // the address we expect.
+  //
+  ASSERT (AsmReadCr3 () == (UINTN)PcdGet32 (PcdOvmfSecPageTablesBase));
+
+  //
+  // |-------------|       <-- TopOfCurrentStack
+  // |   Stack     | 32k
+  // |-------------|
+  // |    Heap     | 32k
+  // |-------------|       <-- SecCoreData.TemporaryRamBase
+  //
+
+  ASSERT (
+    (UINTN)(PcdGet32 (PcdOvmfSecPeiTempRamBase) +
+            PcdGet32 (PcdOvmfSecPeiTempRamSize)) ==
+    (UINTN)TopOfCurrentStack
+    );
+
+  //
+  // Initialize SEC hand-off state
+  //
+  SecCoreData.DataSize = sizeof (EFI_SEC_PEI_HAND_OFF);
+
+  SecCoreData.TemporaryRamSize = (UINTN)PcdGet32 (PcdOvmfSecPeiTempRamSize);
+  SecCoreData.TemporaryRamBase = (VOID *)((UINT8 *)TopOfCurrentStack - SecCoreData.TemporaryRamSize);
+
+  SecCoreData.PeiTemporaryRamBase = SecCoreData.TemporaryRamBase;
+  SecCoreData.PeiTemporaryRamSize = SecCoreData.TemporaryRamSize >> 1;
+
+  SecCoreData.StackBase = (UINT8 *)SecCoreData.TemporaryRamBase + SecCoreData.PeiTemporaryRamSize;
+  SecCoreData.StackSize = SecCoreData.TemporaryRamSize >> 1;
+
+  SecCoreData.BootFirmwareVolumeBase = BootFv;
+  SecCoreData.BootFirmwareVolumeSize = (UINTN)BootFv->FvLength;
+
+  //
+  // Make sure the 8259 is masked before initializing the Debug Agent and the debug timer is enabled
+  //
+  IoWrite8 (0x21, 0xff);
+  IoWrite8 (0xA1, 0xff);
+
+  //
+  // Initialize Local APIC Timer hardware and disable Local APIC Timer
+  // interrupts before initializing the Debug Agent and the debug timer is
+  // enabled.
+  //
+  InitializeApicTimer (0, MAX_UINT32, TRUE, 5);
+  DisableApicTimerInterrupt ();
+
+  TdxStartup (&SecCoreData);
+
+  ASSERT (FALSE);
+  CpuDeadLoop ();
+}
diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.inf b/OvmfPkg/IntelTdx/Sec/SecMain.inf
new file mode 100644
index 000000000000..7815d6ba77cf
--- /dev/null
+++ b/OvmfPkg/IntelTdx/Sec/SecMain.inf
@@ -0,0 +1,73 @@
+## @file
+#  SEC Driver
+#
+#  Copyright (c) 2008 - 2018, Intel Corporation. All rights reserved.<BR>
+#
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = SecMain
+  FILE_GUID                      = 69d96630-eb64-4b33-8491-13a5cf023dcf
+  MODULE_TYPE                    = SEC
+  VERSION_STRING                 = 1.0
+  ENTRY_POINT                    = SecMain
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = X64
+#
+
+[Sources]
+  SecMain.c
+  IntelTdx.c
+  X64/SecEntry.nasm
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  UefiCpuPkg/UefiCpuPkg.dec
+  OvmfPkg/OvmfPkg.dec
+  EmbeddedPkg/EmbeddedPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  DebugLib
+  BaseMemoryLib
+  PcdLib
+  UefiCpuLib
+  DebugAgentLib
+  IoLib
+  PeCoffLib
+  PeCoffGetEntryPointLib
+  PeCoffExtraActionLib
+  ExtractGuidedSectionLib
+  LocalApicLib
+  MemEncryptSevLib
+  CpuExceptionHandlerLib
+  TdxLib
+  TdxStartupLib
+
+[Pcd]
+  gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvSize
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbSize
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
+  gEfiMdePkgTokenSpaceGuid.PcdGuidedExtractHandlerTableAddress
+  gUefiOvmfPkgTokenSpaceGuid.PcdGuidedExtractHandlerTableSize
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDecompressionScratchEnd
+  gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecValidatedStart
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecValidatedEnd
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase
+  gUefiOvmfPkgTokenSpaceGuid.PcdTdxAcceptPageSize
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
diff --git a/OvmfPkg/IntelTdx/Sec/X64/SecEntry.nasm b/OvmfPkg/IntelTdx/Sec/X64/SecEntry.nasm
new file mode 100644
index 000000000000..4528fec309a0
--- /dev/null
+++ b/OvmfPkg/IntelTdx/Sec/X64/SecEntry.nasm
@@ -0,0 +1,151 @@
+;------------------------------------------------------------------------------
+;*
+;*   Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
+;*   SPDX-License-Identifier: BSD-2-Clause-Patent
+;*
+;*    CpuAsm.asm
+;*
+;*   Abstract:
+;*
+;------------------------------------------------------------------------------
+
+#include <Base.h>
+%include "TdxCommondefs.inc"
+
+DEFAULT REL
+SECTION .text
+
+extern ASM_PFX(SecCoreStartupWithStack)
+
+%macro  tdcall  0
+  db  0x66, 0x0f, 0x01, 0xcc
+%endmacro
+
+;
+; SecCore Entry Point
+;
+; Processor is in flat protected mode
+;
+; @param[in]  RAX   Initial value of the EAX register (BIST: Built-in Self Test)
+; @param[in]  DI    'BP': boot-strap processor, or 'AP': application processor
+; @param[in]  RBP   Pointer to the start of the Boot Firmware Volume
+; @param[in]  DS    Selector allowing flat access to all addresses
+; @param[in]  ES    Selector allowing flat access to all addresses
+; @param[in]  FS    Selector allowing flat access to all addresses
+; @param[in]  GS    Selector allowing flat access to all addresses
+; @param[in]  SS    Selector allowing flat access to all addresses
+;
+; @return     None  This routine does not return
+;
+global ASM_PFX(_ModuleEntryPoint)
+ASM_PFX(_ModuleEntryPoint):
+
+    ;
+    ; Guest type is stored in OVMF_WORK_AREA
+    ;
+    %define OVMF_WORK_AREA        FixedPcdGet32 (PcdOvmfWorkAreaBase)
+    %define VM_GUEST_TYPE_TDX     2
+    mov     eax, OVMF_WORK_AREA
+    cmp     byte[eax], VM_GUEST_TYPE_TDX
+    jne     InitStack
+
+    mov     rax, TDCALL_TDINFO
+    tdcall
+
+    ;
+    ; R8  [31:0]  NUM_VCPUS
+    ;     [63:32] MAX_VCPUS
+    ; R9  [31:0]  VCPU_INDEX
+    ; Td Guest set the VCPU0 as the BSP, others are the APs
+    ; APs jump to spinloop and get released by DXE's MpInitLib
+    ;
+    mov     rax, r9
+    and     rax, 0xffff
+    test    rax, rax
+    jne     ParkAp
+
+InitStack:
+
+    ;
+    ; Fill the temporary RAM with the initial stack value.
+    ; The loop below will seed the heap as well, but that's harmless.
+    ;
+    mov     rax, (FixedPcdGet32 (PcdInitValueInTempStack) << 32) | FixedPcdGet32 (PcdInitValueInTempStack)
+                                                              ; qword to store
+    mov     rdi, FixedPcdGet32 (PcdOvmfSecPeiTempRamBase)     ; base address,
+                                                              ;   relative to
+                                                              ;   ES
+    mov     rcx, FixedPcdGet32 (PcdOvmfSecPeiTempRamSize) / 8 ; qword count
+    cld                                                       ; store from base
+                                                              ;   up
+    rep stosq
+
+    ;
+    ; Load temporary RAM stack based on PCDs
+    ;
+    %define SEC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase) + \
+                          FixedPcdGet32 (PcdOvmfSecPeiTempRamSize))
+    mov     rsp, SEC_TOP_OF_STACK
+    nop
+
+    ;
+    ; Setup parameters and call SecCoreStartupWithStack
+    ;   rcx: BootFirmwareVolumePtr
+    ;   rdx: TopOfCurrentStack
+    ;
+    mov     rcx, rbp
+    mov     rdx, rsp
+    sub     rsp, 0x20
+    call    ASM_PFX(SecCoreStartupWithStack)
+
+    ;
+    ; Note: BSP never gets here. APs will be unblocked by DXE
+    ;
+    ; R8  [31:0]  NUM_VCPUS
+    ;     [63:32] MAX_VCPUS
+    ; R9  [31:0]  VCPU_INDEX
+    ;
+ParkAp:
+
+    mov     rbp,  r9
+
+.do_wait_loop:
+    mov     rsp, FixedPcdGet32 (PcdOvmfSecGhcbBackupBase)
+
+    ;
+    ; register itself in [rsp + CpuArrivalOffset]
+    ;
+    mov       rax, 1
+    lock xadd dword [rsp + CpuArrivalOffset], eax
+    inc       eax
+
+.check_arrival_cnt:
+    cmp       eax, r8d
+    je        .check_command
+    mov       eax, dword[rsp + CpuArrivalOffset]
+    jmp       .check_arrival_cnt
+
+.check_command:
+    mov     eax, dword[rsp + CommandOffset]
+    cmp     eax, MpProtectedModeWakeupCommandNoop
+    je      .check_command
+
+    cmp     eax, MpProtectedModeWakeupCommandWakeup
+    je      .do_wakeup
+
+    ; Don't support this command, so ignore
+    jmp     .check_command
+
+.do_wakeup:
+    ;
+    ; BSP sets these variables before unblocking APs
+    ;   RAX:  WakeupVectorOffset
+    ;   RBX:  Relocated mailbox address
+    ;   RBP:  vCpuId
+    ;
+    mov     rax, 0
+    mov     eax, dword[rsp + WakeupVectorOffset]
+    mov     rbx, [rsp + WakeupArgsRelocatedMailBox]
+    nop
+    jmp     rax
+    jmp     $
-- 
2.29.2.windows.2


^ permalink raw reply related	[flat|nested] 35+ messages in thread

* [PATCH V2 08/10] OvmfPkg: Update TdxDxe to set TDX PCDs
  2022-01-25  6:33 [PATCH V2 00/10] Introduce TDVF Config-B (basic) in OvmfPkg Min Xu
                   ` (6 preceding siblings ...)
  2022-01-25  6:33 ` [PATCH V2 07/10] OvmfPkg/IntelTdx: Add Sec to bring up both Legacy and Tdx guest Min Xu
@ 2022-01-25  6:33 ` Min Xu
  2022-01-25  6:33 ` [PATCH V2 09/10] OvmfPkg: Update DxeAcpiTimerLib to read HostBridgeDevId in PlatformInfoHob Min Xu
  2022-01-25  6:33 ` [PATCH V2 10/10] OvmfPkg: Introduce IntelTdxX64 for TDVF Config-B Min Xu
  9 siblings, 0 replies; 35+ messages in thread
From: Min Xu @ 2022-01-25  6:33 UTC (permalink / raw)
  To: devel
  Cc: Min Xu, Michael D Kinney, Brijesh Singh, Erdem Aktas,
	James Bottomley, Jiewen Yao, Tom Lendacky, Gerd Hoffmann

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

TDX_PEI_LESS_BOOT indicates the boot without PEI phase. In this case
settings in EFI_HOB_PLATFORM_INFO should be set to its according PCDs.
TdxDxe driver is workable for both Legacy guest and Tdx guest. It is
because for Legacy guest (in PEI-less boot) there should be a place
to set the PCDs based on EFI_HOB_PLATFORM_INFO hob. TdxDxe driver is
the right place to do this work.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 OvmfPkg/TdxDxe/TdxDxe.c   | 71 +++++++++++++++++++++++++++++++++++++--
 OvmfPkg/TdxDxe/TdxDxe.inf |  5 +++
 2 files changed, 74 insertions(+), 2 deletions(-)

diff --git a/OvmfPkg/TdxDxe/TdxDxe.c b/OvmfPkg/TdxDxe/TdxDxe.c
index 36ef5c510771..be2b5ab388b9 100644
--- a/OvmfPkg/TdxDxe/TdxDxe.c
+++ b/OvmfPkg/TdxDxe/TdxDxe.c
@@ -24,12 +24,70 @@
 #include <Library/HobLib.h>
 #include <Protocol/Cpu.h>
 #include <Library/UefiBootServicesTableLib.h>
+#include <ConfidentialComputingGuestAttr.h>
 #include <IndustryStandard/Tdx.h>
 #include <IndustryStandard/IntelTdx.h>
 #include <Library/TdxLib.h>
 #include <TdxAcpiTable.h>
 #include <Library/MemEncryptTdxLib.h>
 
+VOID
+SetPcdSettings (
+  EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
+  )
+{
+  RETURN_STATUS  PcdStatus;
+
+  PcdStatus = PcdSet16S (PcdOvmfHostBridgePciDevId, PlatformInfoHob->HostBridgePciDevId);
+  ASSERT_RETURN_ERROR (PcdStatus);
+  PcdStatus = PcdSet64S (PcdConfidentialComputingGuestAttr, PlatformInfoHob->PcdConfidentialComputingGuestAttr);
+  ASSERT_RETURN_ERROR (PcdStatus);
+  PcdStatus = PcdSetBoolS (PcdSetNxForStack, PlatformInfoHob->PcdSetNxForStack);
+  ASSERT_RETURN_ERROR (PcdStatus);
+  PcdStatus = PcdSetBoolS (PcdIa32EferChangeAllowed, PlatformInfoHob->PcdIa32EferChangeAllowed);
+  ASSERT_RETURN_ERROR (PcdStatus);
+
+  DEBUG ((
+    DEBUG_INFO,
+    "HostBridgeDevId=0x%x, CCAttr=0x%x, SetNxForStack=%x, Ia32EferChangeAllowed=%x\n",
+    PlatformInfoHob->HostBridgePciDevId,
+    PlatformInfoHob->PcdConfidentialComputingGuestAttr,
+    PlatformInfoHob->PcdSetNxForStack,
+    PlatformInfoHob->PcdIa32EferChangeAllowed
+    ));
+
+  PcdStatus = PcdSet32S (PcdCpuBootLogicalProcessorNumber, PlatformInfoHob->PcdCpuBootLogicalProcessorNumber);
+  ASSERT_RETURN_ERROR (PcdStatus);
+  PcdStatus = PcdSet32S (PcdCpuMaxLogicalProcessorNumber, PlatformInfoHob->PcdCpuMaxLogicalProcessorNumber);
+
+  ASSERT_RETURN_ERROR (PcdStatus);
+  DEBUG ((
+    DEBUG_INFO,
+    "MaxCpuCount=0x%x, BootCpuCount=0x%x\n",
+    PlatformInfoHob->PcdCpuMaxLogicalProcessorNumber,
+    PlatformInfoHob->PcdCpuBootLogicalProcessorNumber
+    ));
+
+  if (TdIsEnabled ()) {
+    PcdStatus = PcdSet64S (PcdTdxSharedBitMask, TdSharedPageMask ());
+    ASSERT_RETURN_ERROR (PcdStatus);
+    DEBUG ((DEBUG_INFO, "TdxSharedBitMask=0x%llx\n", PcdGet64 (PcdTdxSharedBitMask)));
+  } else {
+    PcdStatus = PcdSet64S (PcdPciMmio64Base, PlatformInfoHob->PcdPciMmio64Base);
+    ASSERT_RETURN_ERROR (PcdStatus);
+    PcdStatus = PcdSet64S (PcdPciMmio64Size, PlatformInfoHob->PcdPciMmio64Size);
+    ASSERT_RETURN_ERROR (PcdStatus);
+    PcdStatus = PcdSet64S (PcdPciMmio32Base, PlatformInfoHob->PcdPciMmio32Base);
+    ASSERT_RETURN_ERROR (PcdStatus);
+    PcdStatus = PcdSet64S (PcdPciMmio32Size, PlatformInfoHob->PcdPciMmio32Size);
+    ASSERT_RETURN_ERROR (PcdStatus);
+    PcdStatus = PcdSet64S (PcdPciIoBase, PlatformInfoHob->PcdPciIoBase);
+    ASSERT_RETURN_ERROR (PcdStatus);
+    PcdStatus = PcdSet64S (PcdPciIoSize, PlatformInfoHob->PcdPciIoSize);
+    ASSERT_RETURN_ERROR (PcdStatus);
+  }
+}
+
 /**
   Location of resource hob matching type and starting address
 
@@ -179,10 +237,19 @@ TdxDxeEntryPoint (
     return EFI_UNSUPPORTED;
   }
 
-  SetMmioSharedBit ();
-
   PlatformInfo = (EFI_HOB_PLATFORM_INFO *)GET_GUID_HOB_DATA (GuidHob);
 
+ #ifdef TDX_PEI_LESS_BOOT
+  SetPcdSettings (PlatformInfo);
+
+  if (!TdIsEnabled ()) {
+    return EFI_SUCCESS;
+  }
+
+ #endif
+
+  SetMmioSharedBit ();
+
   //
   // Call TDINFO to get actual number of cpus in domain
   //
diff --git a/OvmfPkg/TdxDxe/TdxDxe.inf b/OvmfPkg/TdxDxe/TdxDxe.inf
index 077769bcf70c..ca51122664fa 100644
--- a/OvmfPkg/TdxDxe/TdxDxe.inf
+++ b/OvmfPkg/TdxDxe/TdxDxe.inf
@@ -60,5 +60,10 @@
   gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio64Size
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId
   gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber
+  gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber
   gUefiCpuPkgTokenSpaceGuid.PcdCpuLocalApicBaseAddress
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFdBaseAddress
+  gEfiMdeModulePkgTokenSpaceGuid.PcdIa32EferChangeAllowed
+  gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
+  gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask
+  gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack
-- 
2.29.2.windows.2


^ permalink raw reply related	[flat|nested] 35+ messages in thread

* [PATCH V2 09/10] OvmfPkg: Update DxeAcpiTimerLib to read HostBridgeDevId in PlatformInfoHob
  2022-01-25  6:33 [PATCH V2 00/10] Introduce TDVF Config-B (basic) in OvmfPkg Min Xu
                   ` (7 preceding siblings ...)
  2022-01-25  6:33 ` [PATCH V2 08/10] OvmfPkg: Update TdxDxe to set TDX PCDs Min Xu
@ 2022-01-25  6:33 ` Min Xu
  2022-01-27 13:48   ` Gerd Hoffmann
  2022-01-25  6:33 ` [PATCH V2 10/10] OvmfPkg: Introduce IntelTdxX64 for TDVF Config-B Min Xu
  9 siblings, 1 reply; 35+ messages in thread
From: Min Xu @ 2022-01-25  6:33 UTC (permalink / raw)
  To: devel
  Cc: Min Xu, Michael D Kinney, Brijesh Singh, Erdem Aktas,
	James Bottomley, Jiewen Yao, Tom Lendacky, Gerd Hoffmann

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

The entrypoint of DxeAcpiTimerLib checks HostBridgeDevId by reading
PcdOvmfHostBridgePciDevId. If the DevId is not set, ASSERT is
triggered. Normally this DevId is set in PlatformPei which is executed
in PEI phase. But Tdvf Config-B skips PEI phase so there is no chance
to set this DevId.

A word-round is that in PEI-less boot HostBridgeDevId is set in
PlatformInfoHob. So we can check if PlatformInfoHob exists and if
HostBridgeDevId is set in this Hob.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 .../Library/AcpiTimerLib/DxeAcpiTimerLib.c    | 23 ++++++++++++++++---
 .../Library/AcpiTimerLib/DxeAcpiTimerLib.inf  |  4 ++++
 2 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.c b/OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.c
index 115846187455..5c7011f2dd3d 100644
--- a/OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.c
+++ b/OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.c
@@ -6,10 +6,16 @@
   SPDX-License-Identifier: BSD-2-Clause-Patent
 **/
 
+#include <Uefi/UefiBaseType.h>
+#include <Uefi/UefiMultiPhase.h>
+#include <Pi/PiBootMode.h>
+#include <Pi/PiHob.h>
+#include <Library/HobLib.h>
 #include <Library/DebugLib.h>
 #include <Library/IoLib.h>
 #include <Library/PcdLib.h>
 #include <Library/PciLib.h>
+#include <IndustryStandard/IntelTdx.h>
 #include <OvmfPlatforms.h>
 
 //
@@ -36,13 +42,24 @@ AcpiTimerLibConstructor (
   VOID
   )
 {
-  UINT16  HostBridgeDevId;
-  UINTN   Pmba;
+  UINT16                 HostBridgeDevId;
+  UINTN                  Pmba;
+  EFI_HOB_GUID_TYPE      *GuidHob;
+  EFI_HOB_PLATFORM_INFO  *PlatformInfo = NULL;
 
   //
   // Query Host Bridge DID to determine platform type
+  // Tdx guest stores the HostBridgePciDevId in a GuidHob.
+  // So we first check if this HOB exists
   //
-  HostBridgeDevId = PcdGet16 (PcdOvmfHostBridgePciDevId);
+  GuidHob = GetFirstGuidHob (&gUefiOvmfPkgTdxPlatformGuid);
+  if (GuidHob != NULL) {
+    PlatformInfo    = (EFI_HOB_PLATFORM_INFO *)GET_GUID_HOB_DATA (GuidHob);
+    HostBridgeDevId = PlatformInfo->HostBridgePciDevId;
+  } else {
+    HostBridgeDevId = PcdGet16 (PcdOvmfHostBridgePciDevId);
+  }
+
   switch (HostBridgeDevId) {
     case INTEL_82441_DEVICE_ID:
       Pmba = POWER_MGMT_REGISTER_PIIX4 (PIIX4_PMBA);
diff --git a/OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf b/OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf
index e29872add3c7..44a4423a9ddd 100644
--- a/OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf
+++ b/OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf
@@ -33,3 +33,7 @@
   BaseLib
   PciLib
   IoLib
+  HobLib
+
+[Guids]
+  gUefiOvmfPkgTdxPlatformGuid                      ## CONSUMES
-- 
2.29.2.windows.2


^ permalink raw reply related	[flat|nested] 35+ messages in thread

* [PATCH V2 10/10] OvmfPkg: Introduce IntelTdxX64 for TDVF Config-B
  2022-01-25  6:33 [PATCH V2 00/10] Introduce TDVF Config-B (basic) in OvmfPkg Min Xu
                   ` (8 preceding siblings ...)
  2022-01-25  6:33 ` [PATCH V2 09/10] OvmfPkg: Update DxeAcpiTimerLib to read HostBridgeDevId in PlatformInfoHob Min Xu
@ 2022-01-25  6:33 ` Min Xu
  9 siblings, 0 replies; 35+ messages in thread
From: Min Xu @ 2022-01-25  6:33 UTC (permalink / raw)
  To: devel
  Cc: Min Xu, Michael D Kinney, Brijesh Singh, Erdem Aktas,
	James Bottomley, Jiewen Yao, Tom Lendacky, Gerd Hoffmann

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

Intel's Trust Domain Extensions (Intel TDX) refers to an Intel technology
that extends Virtual Machines Extensions (VMX) and Multi-Key Total Memory
Encryption (MKTME) with a new kind of virutal machines guest called a
Trust Domain (TD). A TD is desinged to run in a CPU mode that protects the
confidentiality of TD memory contents and the TD's CPU state from other
software, including the hosting Virtual-Machine Monitor (VMM), unless
explicitly shared by the TD itself.

There are 2 configurations for TDVF to upstream. See below link for
the definitions of the 2 configurations.
https://edk2.groups.io/g/devel/message/76367

This patch-set is to enable the basic feature of Config-B in OvmfPkg.
 - Add a standalone IntelTdxX64.dsc to a TDX specific directory for a
   *full* feature TDVF. (Align with existing SEV)
 - IntelTdx.dsc includes Tdx/Legacy OVMF basic boot capability. The
   final binary can run on Tdx/Legacy OVMF.
 - PEI phase is skipped.

By design in Config-B there should be more advanced features, such as:
 - RTMR based measurement and measure boot.
 - Remove unnecessary drivers to reduce attack surface, such as
   network stack.

To make the code review more efficiency, Config-B is split into 2 waves:
 - Basic feature of Config-B
 - Advanced feature of Config-B

This patch contains 2 files (IntelTdxX64.dsc/IntelTdxX64.fdf) which
enable the basic feature of Config-B. In the waves of Advanced feature
of Config-B, we will re-visit these 2 files.

TDX_PEI_LESS_BOOT is defined in IntelTdxX64.dsc to indicate it boots up
without PEI phase.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 OvmfPkg/IntelTdx/IntelTdxX64.dsc | 718 +++++++++++++++++++++++++++++++
 OvmfPkg/IntelTdx/IntelTdxX64.fdf | 402 +++++++++++++++++
 2 files changed, 1120 insertions(+)
 create mode 100644 OvmfPkg/IntelTdx/IntelTdxX64.dsc
 create mode 100644 OvmfPkg/IntelTdx/IntelTdxX64.fdf

diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
new file mode 100644
index 000000000000..40f32d8d8a61
--- /dev/null
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
@@ -0,0 +1,718 @@
+## @file
+#  EFI/Framework Open Virtual Machine Firmware (OVMF) platform
+#
+#  Copyright (c) 2006 - 2021, Intel Corporation. All rights reserved.<BR>
+#  (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+#  Copyright (c) Microsoft Corporation.
+#
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+################################################################################
+#
+# Defines Section - statements that will be processed to create a Makefile.
+#
+################################################################################
+[Defines]
+  PLATFORM_NAME                  = Ovmf
+  PLATFORM_GUID                  = 5a9e7754-d81b-49ea-85ad-69eaa7b1539b
+  PLATFORM_VERSION               = 0.1
+  DSC_SPECIFICATION              = 0x00010005
+  OUTPUT_DIRECTORY               = Build/IntelTdx
+  SUPPORTED_ARCHITECTURES        = X64
+  BUILD_TARGETS                  = NOOPT|DEBUG|RELEASE
+  SKUID_IDENTIFIER               = DEFAULT
+  FLASH_DEFINITION               = OvmfPkg/IntelTdx/IntelTdxX64.fdf
+
+  #
+  # Defines for default states.  These can be changed on the command line.
+  # -D FLAG=VALUE
+  #
+  DEFINE SECURE_BOOT_ENABLE      = FALSE
+
+  #
+  # Device drivers
+  #
+  DEFINE PVSCSI_ENABLE           = TRUE
+  DEFINE MPT_SCSI_ENABLE         = TRUE
+  DEFINE LSI_SCSI_ENABLE         = FALSE
+
+  #
+  # Flash size selection. Setting FD_SIZE_IN_KB on the command line directly to
+  # one of the supported values, in place of any of the convenience macros, is
+  # permitted.
+  #
+!ifdef $(FD_SIZE_1MB)
+  DEFINE FD_SIZE_IN_KB           = 1024
+!else
+!ifdef $(FD_SIZE_2MB)
+  DEFINE FD_SIZE_IN_KB           = 2048
+!else
+!ifdef $(FD_SIZE_4MB)
+  DEFINE FD_SIZE_IN_KB           = 4096
+!else
+  DEFINE FD_SIZE_IN_KB           = 4096
+!endif
+!endif
+!endif
+
+[BuildOptions]
+  GCC:RELEASE_*_*_CC_FLAGS             = -DMDEPKG_NDEBUG
+  INTEL:RELEASE_*_*_CC_FLAGS           = /D MDEPKG_NDEBUG
+  MSFT:RELEASE_*_*_CC_FLAGS            = /D MDEPKG_NDEBUG
+!if $(TOOL_CHAIN_TAG) != "XCODE5" && $(TOOL_CHAIN_TAG) != "CLANGPDB"
+  GCC:*_*_*_CC_FLAGS                   = -mno-mmx -mno-sse
+!endif
+  RELEASE_*_*_GENFW_FLAGS = --zero
+
+  #
+  # Disable deprecated APIs.
+  #
+  MSFT:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES
+  INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES
+  GCC:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
+
+  #
+  # Add TDX_PEI_LESS_BOOT
+  #
+  MSFT:*_*_*_CC_FLAGS = /D TDX_PEI_LESS_BOOT
+  INTEL:*_*_*_CC_FLAGS = /D TDX_PEI_LESS_BOOT
+  GCC:*_*_*_CC_FLAGS = -D TDX_PEI_LESS_BOOT
+
+[BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
+  GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000
+  XCODE:*_*_*_DLINK_FLAGS = -seg1addr 0x1000 -segalign 0x1000
+  XCODE:*_*_*_MTOC_FLAGS = -align 0x1000
+  CLANGPDB:*_*_*_DLINK_FLAGS = /ALIGN:4096
+
+################################################################################
+#
+# SKU Identification section - list of all SKU IDs supported by this Platform.
+#
+################################################################################
+[SkuIds]
+  0|DEFAULT
+
+################################################################################
+#
+# Library Class section - list of all Library Classes needed by this Platform.
+#
+################################################################################
+
+!include MdePkg/MdeLibs.dsc.inc
+
+[LibraryClasses]
+  PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
+  TimerLib|OvmfPkg/Library/AcpiTimerLib/BaseAcpiTimerLib.inf
+  ResetSystemLib|OvmfPkg/Library/ResetSystemLib/BaseResetSystemLib.inf
+  PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
+  BaseMemoryLib|MdePkg/Library/BaseMemoryLibRepStr/BaseMemoryLibRepStr.inf
+  BaseLib|MdePkg/Library/BaseLib/BaseLib.inf
+  SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
+  TimeBaseLib|EmbeddedPkg/Library/TimeBaseLib/TimeBaseLib.inf
+  BmpSupportLib|MdeModulePkg/Library/BaseBmpSupportLib/BaseBmpSupportLib.inf
+  SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf
+  CpuLib|MdePkg/Library/BaseCpuLib/BaseCpuLib.inf
+  PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibNull.inf
+  PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
+  CacheMaintenanceLib|MdePkg/Library/BaseCacheMaintenanceLib/BaseCacheMaintenanceLib.inf
+  UefiDecompressLib|MdePkg/Library/BaseUefiDecompressLib/BaseUefiDecompressLib.inf
+  UefiHiiServicesLib|MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServicesLib.inf
+  HiiLib|MdeModulePkg/Library/UefiHiiLib/UefiHiiLib.inf
+  SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf
+  UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf
+  BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf
+  FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf
+  CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
+  DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf
+  DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableLib.inf
+  PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeCoffGetEntryPointLib.inf
+  PciCf8Lib|MdePkg/Library/BasePciCf8Lib/BasePciCf8Lib.inf
+  PciExpressLib|MdePkg/Library/BasePciExpressLib/BasePciExpressLib.inf
+  PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf
+  PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.inf
+  PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf
+  PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf
+  PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf
+  IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
+  OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
+  SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf
+  MtrrLib|UefiCpuPkg/Library/MtrrLib/MtrrLib.inf
+  MicrocodeLib|UefiCpuPkg/Library/MicrocodeLib/MicrocodeLib.inf
+  UefiLib|MdePkg/Library/UefiLib/UefiLib.inf
+  UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf
+  UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf
+  UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf
+  UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiApplicationEntryPoint.inf
+  DevicePathLib|MdePkg/Library/UefiDevicePathLibDevicePathProtocol/UefiDevicePathLibDevicePathProtocol.inf
+  NvVarsFileLib|OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.inf
+  FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
+  UefiCpuLib|UefiCpuPkg/Library/BaseUefiCpuLib/BaseUefiCpuLib.inf
+  SecurityManagementLib|MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf
+  UefiUsbLib|MdePkg/Library/UefiUsbLib/UefiUsbLib.inf
+  SerializeVariablesLib|OvmfPkg/Library/SerializeVariablesLib/SerializeVariablesLib.inf
+  QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf
+  QemuFwCfgSimpleParserLib|OvmfPkg/Library/QemuFwCfgSimpleParserLib/QemuFwCfgSimpleParserLib.inf
+  VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf
+  LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf
+  MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
+  MemEncryptTdxLib|OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLib.inf
+
+  LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
+  CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf
+  FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltLib.inf
+
+  PeCoffExtraActionLib|MdePkg/Library/BasePeCoffExtraActionLibNull/BasePeCoffExtraActionLibNull.inf
+  DebugAgentLib|MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.inf
+
+  LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf
+  DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
+
+  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+  RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
+
+!if $(SECURE_BOOT_ENABLE) == TRUE
+  PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
+  AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+  SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
+  SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf
+!else
+  AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
+!endif
+  VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
+  VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
+  VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
+
+  ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
+  ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
+  S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf
+  SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf
+  OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
+
+  Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
+  TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+
+[LibraryClasses.common]
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+  VmgExitLib|OvmfPkg/Library/VmgExitLib/VmgExitLib.inf
+  TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
+  TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf
+  PlatformInitLib|OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
+
+[LibraryClasses.common.SEC]
+  TimerLib|OvmfPkg/Library/AcpiTimerLib/BaseRomAcpiTimerLib.inf
+  QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSecLib.inf
+!ifdef $(DEBUG_ON_SERIAL_PORT)
+  DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
+!else
+  DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf
+!endif
+  ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf
+  ExtractGuidedSectionLib|MdePkg/Library/BaseExtractGuidedSectionLib/BaseExtractGuidedSectionLib.inf
+  PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/PeiServicesTablePointerLibIdt.inf
+  MemoryAllocationLib|EmbeddedPkg/Library/PrePiMemoryAllocationLib/PrePiMemoryAllocationLib.inf
+!if $(TOOL_CHAIN_TAG) == "XCODE5"
+  CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/Xcode5SecPeiCpuExceptionHandlerLib.inf
+!else
+  CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
+!endif
+  VmgExitLib|OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf
+  MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
+  PrePiHobListPointerLib|OvmfPkg/IntelTdx/PrePiHobListPointerLibTdx/PrePiHobListPointerLibTdx.inf
+  HobLib|EmbeddedPkg/Library/PrePiHobLib/PrePiHobLib.inf
+  PrePiLib|EmbeddedPkg/Library/PrePiLib/PrePiLib.inf
+  TdxStartupLib|OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupLib.inf
+
+[LibraryClasses.common.DXE_CORE]
+  HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf
+  DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf
+  MemoryAllocationLib|MdeModulePkg/Library/DxeCoreMemoryAllocationLib/DxeCoreMemoryAllocationLib.inf
+  ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
+!ifdef $(DEBUG_ON_SERIAL_PORT)
+  DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
+!else
+  DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
+!endif
+  ExtractGuidedSectionLib|MdePkg/Library/DxeExtractGuidedSectionLib/DxeExtractGuidedSectionLib.inf
+  CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf
+  PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
+
+[LibraryClasses.common.DXE_RUNTIME_DRIVER]
+  PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
+  TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf
+  ResetSystemLib|OvmfPkg/Library/ResetSystemLib/DxeResetSystemLib.inf
+  HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
+  DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf
+  MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
+  ReportStatusCodeLib|MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib/RuntimeDxeReportStatusCodeLib.inf
+!ifdef $(DEBUG_ON_SERIAL_PORT)
+  DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
+!else
+  DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
+!endif
+  UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+  PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
+  QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
+  VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
+
+[LibraryClasses.common.UEFI_DRIVER]
+  PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
+  TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf
+  ResetSystemLib|OvmfPkg/Library/ResetSystemLib/DxeResetSystemLib.inf
+  HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
+  DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf
+  MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
+  ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
+!ifdef $(DEBUG_ON_SERIAL_PORT)
+  DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
+!else
+  DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
+!endif
+  UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf
+  PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
+
+[LibraryClasses.common.DXE_DRIVER]
+  PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
+  TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf
+  ResetSystemLib|OvmfPkg/Library/ResetSystemLib/DxeResetSystemLib.inf
+  HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
+  MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
+  ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
+  UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf
+!ifdef $(DEBUG_ON_SERIAL_PORT)
+  DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
+!else
+  DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
+!endif
+  PlatformBootManagerLib|OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+  PlatformBmPrintScLib|OvmfPkg/Library/PlatformBmPrintScLib/PlatformBmPrintScLib.inf
+  QemuBootOrderLib|OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf
+  CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf
+  LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf
+  PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
+  MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
+  QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
+  QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf
+
+[LibraryClasses.common.UEFI_APPLICATION]
+  PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
+  TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf
+  ResetSystemLib|OvmfPkg/Library/ResetSystemLib/DxeResetSystemLib.inf
+  HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
+  MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
+  ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
+!ifdef $(DEBUG_ON_SERIAL_PORT)
+  DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
+!else
+  DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
+!endif
+  PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
+
+[LibraryClasses.common.DXE_SMM_DRIVER]
+  PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
+  TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf
+  ResetSystemLib|OvmfPkg/Library/ResetSystemLib/DxeResetSystemLib.inf
+  MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAllocationLib.inf
+  ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
+  HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
+  SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf
+  MmServicesTableLib|MdePkg/Library/MmServicesTableLib/MmServicesTableLib.inf
+  SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf
+!ifdef $(DEBUG_ON_SERIAL_PORT)
+  DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
+!else
+  DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
+!endif
+  CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+  PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
+
+[LibraryClasses.common.SMM_CORE]
+  PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
+  TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf
+  ResetSystemLib|OvmfPkg/Library/ResetSystemLib/DxeResetSystemLib.inf
+  SmmCorePlatformHookLib|MdeModulePkg/Library/SmmCorePlatformHookLibNull/SmmCorePlatformHookLibNull.inf
+  MemoryAllocationLib|MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMemoryAllocationLib.inf
+  ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
+  HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
+  SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf
+  SmmServicesTableLib|MdeModulePkg/Library/PiSmmCoreSmmServicesTableLib/PiSmmCoreSmmServicesTableLib.inf
+!ifdef $(DEBUG_ON_SERIAL_PORT)
+  DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
+!else
+  DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
+!endif
+  PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
+
+################################################################################
+#
+# Pcd Section - list of all EDK II PCD Entries defined by this Platform.
+#
+################################################################################
+[PcdsFeatureFlag]
+  gEfiMdeModulePkgTokenSpaceGuid.PcdHiiOsRuntimeSupport|FALSE
+  gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress|FALSE
+  gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|FALSE
+  gEfiMdeModulePkgTokenSpaceGuid.PcdConOutGopSupport|TRUE
+  gEfiMdeModulePkgTokenSpaceGuid.PcdConOutUgaSupport|FALSE
+  gEfiMdeModulePkgTokenSpaceGuid.PcdInstallAcpiSdtProtocol|TRUE
+!ifdef $(CSM_ENABLE)
+  gUefiOvmfPkgTokenSpaceGuid.PcdCsmEnable|TRUE
+!endif
+
+[PcdsFixedAtBuild]
+  gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1
+  gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange|FALSE
+  gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x10
+  gEfiMdePkgTokenSpaceGuid.PcdMaximumLinkedListLength|0
+!if ($(FD_SIZE_IN_KB) == 1024) || ($(FD_SIZE_IN_KB) == 2048)
+  gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
+  gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
+  # match PcdFlashNvStorageVariableSize purely for convenience
+  gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0xe000
+!endif
+!if $(FD_SIZE_IN_KB) == 4096
+  gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x8400
+  gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x8400
+  # match PcdFlashNvStorageVariableSize purely for convenience
+  gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x40000
+!endif
+
+  gEfiMdeModulePkgTokenSpaceGuid.PcdVpdBaseAddress|0x0
+  gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseSerial|FALSE
+  gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseMemory|TRUE
+
+  gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x07
+
+  # DEBUG_INIT      0x00000001  // Initialization
+  # DEBUG_WARN      0x00000002  // Warnings
+  # DEBUG_LOAD      0x00000004  // Load events
+  # DEBUG_FS        0x00000008  // EFI File system
+  # DEBUG_POOL      0x00000010  // Alloc & Free (pool)
+  # DEBUG_PAGE      0x00000020  // Alloc & Free (page)
+  # DEBUG_INFO      0x00000040  // Informational debug messages
+  # DEBUG_DISPATCH  0x00000080  // PEI/DXE/SMM Dispatchers
+  # DEBUG_VARIABLE  0x00000100  // Variable
+  # DEBUG_BM        0x00000400  // Boot Manager
+  # DEBUG_BLKIO     0x00001000  // BlkIo Driver
+  # DEBUG_NET       0x00004000  // SNP Driver
+  # DEBUG_UNDI      0x00010000  // UNDI Driver
+  # DEBUG_LOADFILE  0x00020000  // LoadFile
+  # DEBUG_EVENT     0x00080000  // Event messages
+  # DEBUG_GCD       0x00100000  // Global Coherency Database changes
+  # DEBUG_CACHE     0x00200000  // Memory range cachability changes
+  # DEBUG_VERBOSE   0x00400000  // Detailed debug messages that may
+  #                             // significantly impact boot performance
+  # DEBUG_ERROR     0x80000000  // Error
+  gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+
+  gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x2F
+
+  # This PCD is used to set the base address of the PCI express hierarchy. It
+  # is only consulted when OVMF runs on Q35. In that case it is programmed into
+  # the PCIEXBAR register.
+  #
+  # On Q35 machine types that QEMU intends to support in the long term, QEMU
+  # never lets the RAM below 4 GB exceed 2816 MB.
+  gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0xB0000000
+
+  #
+  # The NumberOfPages values below are ad-hoc. They are updated sporadically at
+  # best (please refer to git-blame for past updates). The values capture a set
+  # of BIN hints that made sense at a particular time, for some (now likely
+  # unknown) workloads / boot paths.
+  #
+  gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryNVS|0x80
+  gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory|0x10
+  gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType|0x80
+  gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode|0x100
+  gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData|0x100
+
+  #
+  # TDX need 1G PageTable support
+  gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable|TRUE
+
+  gEfiShellPkgTokenSpaceGuid.PcdShellFileOperationSize|0x20000
+
+  # IRQs 5, 9, 10, 11 are level-triggered
+  gUefiOvmfPkgTokenSpaceGuid.Pcd8259LegacyModeEdgeLevel|0x0E20
+
+  # Point to the MdeModulePkg/Application/UiApp/UiApp.inf
+  gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c, 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0x31 }
+
+################################################################################
+#
+# Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform
+#
+################################################################################
+
+[PcdsDynamicDefault]
+  # only set when
+  #   ($(SMM_REQUIRE) == FALSE)
+  gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
+
+  gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
+  gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
+  gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0
+  gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
+  gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
+
+  gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution|800
+  gEfiMdeModulePkgTokenSpaceGuid.PcdVideoVerticalResolution|600
+  gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable|FALSE
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId|0
+  gUefiOvmfPkgTokenSpaceGuid.PcdPciIoBase|0x0
+  gUefiOvmfPkgTokenSpaceGuid.PcdPciIoSize|0x0
+  gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio32Base|0x0
+  gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio32Size|0x0
+  gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio64Base|0x0
+  gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio64Size|0x800000000
+
+  gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|0
+
+  # Set video resolution for text setup.
+  gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoHorizontalResolution|640
+  gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoVerticalResolution|480
+
+  gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosVersion|0x0208
+  gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0
+  gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE
+
+  # Noexec settings for DXE.
+  gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE
+
+  # UefiCpuPkg PCDs related to initial AP bringup and general AP management.
+  gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64
+  gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber|0
+
+  # Set memory encryption mask
+  gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0
+
+  # Set SEV-ES defaults
+  gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0
+  gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0
+  gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled|0
+
+  gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
+
+  # Set ConfidentialComputing defaults
+  gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0
+
+  gEfiMdePkgTokenSpaceGuid.PcdFSBClock|100000000
+
+################################################################################
+#
+# Components Section - list of all EDK II Modules needed by this Platform.
+#
+################################################################################
+[Components]
+  OvmfPkg/ResetVector/ResetVector.inf
+
+  #
+  # SEC Phase modules
+  #
+  OvmfPkg/IntelTdx/Sec/SecMain.inf {
+    <LibraryClasses>
+      NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
+  }
+
+  #
+  # DXE Phase modules
+  #
+  MdeModulePkg/Core/Dxe/DxeMain.inf {
+    <LibraryClasses>
+      NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
+      DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
+  }
+
+  MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf
+  MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRuntimeDxe.inf
+  MdeModulePkg/Universal/PCD/Dxe/Pcd.inf  {
+   <LibraryClasses>
+      PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
+  }
+
+  MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
+
+  MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
+    <LibraryClasses>
+!if $(SECURE_BOOT_ENABLE) == TRUE
+      NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
+!endif
+  }
+
+  MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
+  UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
+  UefiCpuPkg/CpuDxe/CpuDxe.inf
+  OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
+  OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf
+  OvmfPkg/PciHotPlugInitDxe/PciHotPlugInit.inf
+  MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridgeDxe.inf {
+    <LibraryClasses>
+      PciHostBridgeLib|OvmfPkg/Library/PciHostBridgeLib/PciHostBridgeLib.inf
+      PciHostBridgeUtilityLib|OvmfPkg/Library/PciHostBridgeUtilityLib/PciHostBridgeUtilityLib.inf
+      NULL|OvmfPkg/Library/PlatformHasIoMmuLib/PlatformHasIoMmuLib.inf
+  }
+  MdeModulePkg/Bus/Pci/PciBusDxe/PciBusDxe.inf {
+    <LibraryClasses>
+      PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
+  }
+  MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf
+  MdeModulePkg/Universal/Metronome/Metronome.inf
+  PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDxe.inf
+  MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf
+  MdeModulePkg/Universal/BdsDxe/BdsDxe.inf {
+    <LibraryClasses>
+      XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
+  }
+  MdeModulePkg/Logo/LogoDxe.inf
+  MdeModulePkg/Application/UiApp/UiApp.inf {
+    <LibraryClasses>
+      NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
+      NULL|MdeModulePkg/Library/BootManagerUiLib/BootManagerUiLib.inf
+      NULL|MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManagerUiLib.inf
+  }
+  OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf {
+    <LibraryClasses>
+      NULL|OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf
+  }
+  OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
+  OvmfPkg/Virtio10Dxe/Virtio10.inf
+  OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
+  OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
+  OvmfPkg/VirtioRngDxe/VirtioRng.inf
+!if $(PVSCSI_ENABLE) == TRUE
+  OvmfPkg/PvScsiDxe/PvScsiDxe.inf
+!endif
+!if $(MPT_SCSI_ENABLE) == TRUE
+  OvmfPkg/MptScsiDxe/MptScsiDxe.inf
+!endif
+!if $(LSI_SCSI_ENABLE) == TRUE
+  OvmfPkg/LsiScsiDxe/LsiScsiDxe.inf
+!endif
+  MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
+  MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
+  MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
+  MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
+  MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf
+  MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf {
+    <LibraryClasses>
+      PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
+  }
+  MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
+  MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf {
+    <LibraryClasses>
+      DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
+      PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
+  }
+
+  MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf
+  MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
+  MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
+  MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+  FatPkg/EnhancedFatDxe/Fat.inf
+  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
+  MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
+  MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
+  OvmfPkg/SataControllerDxe/SataControllerDxe.inf
+  MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
+  MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
+  MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
+  MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
+  MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
+  MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
+  MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
+
+!ifndef $(CSM_ENABLE)
+  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
+!endif
+  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+  OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
+
+  #
+  # ISA Support
+  #
+  OvmfPkg/SioBusDxe/SioBusDxe.inf
+  MdeModulePkg/Bus/Pci/PciSioSerialDxe/PciSioSerialDxe.inf
+  MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf
+
+  #
+  # SMBIOS Support
+  #
+  MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf {
+    <LibraryClasses>
+      NULL|OvmfPkg/Library/SmbiosVersionLib/DetectSmbiosVersionLib.inf
+  }
+  OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf
+
+  #
+  # ACPI Support
+  #
+  MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf
+  OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
+  MdeModulePkg/Universal/Acpi/S3SaveStateDxe/S3SaveStateDxe.inf
+  MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
+  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+
+  #
+  # Usb Support
+  #
+  MdeModulePkg/Bus/Pci/UhciDxe/UhciDxe.inf
+  MdeModulePkg/Bus/Pci/EhciDxe/EhciDxe.inf
+  MdeModulePkg/Bus/Pci/XhciDxe/XhciDxe.inf
+  MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBusDxe.inf
+  MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf
+  MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
+
+!if $(TOOL_CHAIN_TAG) != "XCODE5"
+  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf {
+    <PcdsFixedAtBuild>
+      gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+  }
+!endif
+  ShellPkg/Application/Shell/Shell.inf {
+    <LibraryClasses>
+      ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf
+      NULL|ShellPkg/Library/UefiShellLevel2CommandsLib/UefiShellLevel2CommandsLib.inf
+      NULL|ShellPkg/Library/UefiShellLevel1CommandsLib/UefiShellLevel1CommandsLib.inf
+      NULL|ShellPkg/Library/UefiShellLevel3CommandsLib/UefiShellLevel3CommandsLib.inf
+      NULL|ShellPkg/Library/UefiShellDriver1CommandsLib/UefiShellDriver1CommandsLib.inf
+      NULL|ShellPkg/Library/UefiShellDebug1CommandsLib/UefiShellDebug1CommandsLib.inf
+      NULL|ShellPkg/Library/UefiShellInstall1CommandsLib/UefiShellInstall1CommandsLib.inf
+      HandleParsingLib|ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.inf
+      PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
+      BcfgCommandLib|ShellPkg/Library/UefiShellBcfgCommandLib/UefiShellBcfgCommandLib.inf
+
+    <PcdsFixedAtBuild>
+      gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0xFF
+      gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+      gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
+  }
+
+!if $(SECURE_BOOT_ENABLE) == TRUE
+  SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+  OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
+!endif
+
+  OvmfPkg/PlatformDxe/Platform.inf
+  OvmfPkg/IoMmuDxe/IoMmuDxe.inf
+
+  OvmfPkg/TdxDxe/TdxDxe.inf
+
+  #
+  # Variable driver stack (non-SMM)
+  #
+  OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf
+  OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf {
+    <LibraryClasses>
+      PlatformFvbLib|OvmfPkg/Library/EmuVariableFvbLib/EmuVariableFvbLib.inf
+  }
+  MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
+  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf {
+    <LibraryClasses>
+      NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
+  }
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
new file mode 100644
index 000000000000..4dae40ffcd7b
--- /dev/null
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
@@ -0,0 +1,402 @@
+## @file
+#  Open Virtual Machine Firmware: FDF
+#
+#  Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>
+#  (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+#
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+################################################################################
+
+[Defines]
+!include OvmfPkg/OvmfPkgDefines.fdf.inc
+
+#
+# Build the variable store and the firmware code as one unified flash device
+# image.
+#
+[FD.OVMF]
+BaseAddress   = $(FW_BASE_ADDRESS)
+Size          = $(FW_SIZE)
+ErasePolarity = 1
+BlockSize     = $(BLOCK_SIZE)
+NumBlocks     = $(FW_BLOCKS)
+
+!include OvmfPkg/VarStore.fdf.inc
+
+$(VARS_SIZE)|$(FVMAIN_SIZE)
+FV = FVMAIN_COMPACT
+
+$(SECFV_OFFSET)|$(SECFV_SIZE)
+FV = SECFV
+
+#
+# Build the variable store and the firmware code as separate flash device
+# images.
+#
+[FD.OVMF_VARS]
+BaseAddress   = $(FW_BASE_ADDRESS)
+Size          = $(VARS_SIZE)
+ErasePolarity = 1
+BlockSize     = $(BLOCK_SIZE)
+NumBlocks     = $(VARS_BLOCKS)
+
+!include OvmfPkg/VarStore.fdf.inc
+
+[FD.OVMF_CODE]
+BaseAddress   = $(CODE_BASE_ADDRESS)
+Size          = $(CODE_SIZE)
+ErasePolarity = 1
+BlockSize     = $(BLOCK_SIZE)
+NumBlocks     = $(CODE_BLOCKS)
+
+0x00000000|$(FVMAIN_SIZE)
+FV = FVMAIN_COMPACT
+
+$(FVMAIN_SIZE)|$(SECFV_SIZE)
+FV = SECFV
+
+################################################################################
+
+[FD.MEMFD]
+BaseAddress   = $(MEMFD_BASE_ADDRESS)
+Size          = 0xD00000
+ErasePolarity = 1
+BlockSize     = 0x10000
+NumBlocks     = 0xD0
+
+0x000000|0x006000
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize
+
+0x006000|0x001000
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageSize
+
+0x007000|0x001000
+gEfiMdePkgTokenSpaceGuid.PcdGuidedExtractHandlerTableAddress|gUefiOvmfPkgTokenSpaceGuid.PcdGuidedExtractHandlerTableSize
+
+0x008000|0x001000
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbPageTableBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbPageTableSize
+
+0x009000|0x002000
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbSize
+
+0x00B000|0x001000
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize
+
+0x00C000|0x001000
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize
+
+0x00D000|0x001000
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize
+
+0x00E000|0x001000
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidSize
+
+0x010000|0x010000
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
+
+0x100000|0xC00000
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvSize
+FV = DXEFV
+
+##########################################################################################
+# Set the SEV-ES specific work area PCDs
+#
+SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase = $(MEMFD_BASE_ADDRESS) +  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader
+SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize = gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize - gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader
+
+SET gUefiCpuPkgTokenSpaceGuid.PcdTdxWorkAreaBase = $(MEMFD_BASE_ADDRESS) +  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader
+
+##########################################################################################
+
+################################################################################
+
+[FV.SECFV]
+FvNameGuid         = 763BED0D-DE9F-48F5-81F1-3E90E1B1A015
+BlockSize          = 0x1000
+FvAlignment        = 16
+ERASE_POLARITY     = 1
+MEMORY_MAPPED      = TRUE
+STICKY_WRITE       = TRUE
+LOCK_CAP           = TRUE
+LOCK_STATUS        = TRUE
+WRITE_DISABLED_CAP = TRUE
+WRITE_ENABLED_CAP  = TRUE
+WRITE_STATUS       = TRUE
+WRITE_LOCK_CAP     = TRUE
+WRITE_LOCK_STATUS  = TRUE
+READ_DISABLED_CAP  = TRUE
+READ_ENABLED_CAP   = TRUE
+READ_STATUS        = TRUE
+READ_LOCK_CAP      = TRUE
+READ_LOCK_STATUS   = TRUE
+
+#
+# SEC Phase modules
+#
+# The code in this FV handles the initial firmware startup, and
+# decompresses the PEI and DXE FVs which handles the rest of the boot sequence.
+#
+INF  OvmfPkg/IntelTdx/Sec/SecMain.inf
+
+INF  RuleOverride=RESET_VECTOR OvmfPkg/ResetVector/ResetVector.inf
+
+################################################################################
+
+[FV.DXEFV]
+FvForceRebase      = FALSE
+FvNameGuid         = 7CB8BDC9-F8EB-4F34-AAEA-3EE4AF6516A1
+BlockSize          = 0x10000
+FvAlignment        = 16
+ERASE_POLARITY     = 1
+MEMORY_MAPPED      = TRUE
+STICKY_WRITE       = TRUE
+LOCK_CAP           = TRUE
+LOCK_STATUS        = TRUE
+WRITE_DISABLED_CAP = TRUE
+WRITE_ENABLED_CAP  = TRUE
+WRITE_STATUS       = TRUE
+WRITE_LOCK_CAP     = TRUE
+WRITE_LOCK_STATUS  = TRUE
+READ_DISABLED_CAP  = TRUE
+READ_ENABLED_CAP   = TRUE
+READ_STATUS        = TRUE
+READ_LOCK_CAP      = TRUE
+READ_LOCK_STATUS   = TRUE
+
+APRIORI DXE {
+  INF  MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf
+  INF  MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
+  INF  OvmfPkg/TdxDxe/TdxDxe.inf
+  INF  OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf
+}
+
+#
+# DXE Phase modules
+#
+INF  MdeModulePkg/Core/Dxe/DxeMain.inf
+
+INF  MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf
+INF  MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRuntimeDxe.inf
+INF  MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
+
+INF  MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
+INF  MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
+INF  MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
+INF  UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
+INF  UefiCpuPkg/CpuDxe/CpuDxe.inf
+INF  OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
+INF  OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf
+INF  OvmfPkg/PciHotPlugInitDxe/PciHotPlugInit.inf
+INF  MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridgeDxe.inf
+INF  MdeModulePkg/Bus/Pci/PciBusDxe/PciBusDxe.inf
+INF  MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf
+INF  MdeModulePkg/Universal/Metronome/Metronome.inf
+INF  PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDxe.inf
+
+INF  OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
+INF  OvmfPkg/Virtio10Dxe/Virtio10.inf
+INF  OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
+INF  OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
+INF  OvmfPkg/VirtioRngDxe/VirtioRng.inf
+!if $(PVSCSI_ENABLE) == TRUE
+INF  OvmfPkg/PvScsiDxe/PvScsiDxe.inf
+!endif
+!if $(MPT_SCSI_ENABLE) == TRUE
+INF  OvmfPkg/MptScsiDxe/MptScsiDxe.inf
+!endif
+!if $(LSI_SCSI_ENABLE) == TRUE
+INF  OvmfPkg/LsiScsiDxe/LsiScsiDxe.inf
+!endif
+
+!if $(SECURE_BOOT_ENABLE) == TRUE
+  INF  SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+!endif
+
+INF  MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
+INF  MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
+INF  MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
+INF  MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
+INF  MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf
+INF  MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf
+INF  MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
+INF  MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf
+INF  MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
+INF  MdeModulePkg/Application/UiApp/UiApp.inf
+INF  OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf
+INF  MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf
+INF  MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf
+INF  MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
+INF  MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
+INF  MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+INF  MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
+INF  MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
+INF  OvmfPkg/SataControllerDxe/SataControllerDxe.inf
+INF  MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
+INF  MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
+INF  MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
+INF  MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
+INF  MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
+INF  MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
+INF  MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
+
+INF  OvmfPkg/SioBusDxe/SioBusDxe.inf
+INF  MdeModulePkg/Bus/Pci/PciSioSerialDxe/PciSioSerialDxe.inf
+INF  MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf
+
+INF  MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf
+INF  OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf
+
+INF  MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf
+INF  OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
+INF  MdeModulePkg/Universal/Acpi/S3SaveStateDxe/S3SaveStateDxe.inf
+INF  MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
+INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+
+INF  FatPkg/EnhancedFatDxe/Fat.inf
+INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+INF  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
+
+!if $(TOOL_CHAIN_TAG) != "XCODE5"
+INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
+!endif
+INF  ShellPkg/Application/Shell/Shell.inf
+
+INF MdeModulePkg/Logo/LogoDxe.inf
+
+INF OvmfPkg/TdxDxe/TdxDxe.inf
+
+#
+# Usb Support
+#
+INF  MdeModulePkg/Bus/Pci/UhciDxe/UhciDxe.inf
+INF  MdeModulePkg/Bus/Pci/EhciDxe/EhciDxe.inf
+INF  MdeModulePkg/Bus/Pci/XhciDxe/XhciDxe.inf
+INF  MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBusDxe.inf
+INF  MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf
+INF  MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
+
+INF  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
+
+INF  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+INF  OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
+INF  OvmfPkg/PlatformDxe/Platform.inf
+INF  OvmfPkg/IoMmuDxe/IoMmuDxe.inf
+
+#
+# Variable driver stack (non-SMM)
+#
+INF  OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf
+INF  OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf
+INF  MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
+INF  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
+
+################################################################################
+
+[FV.FVMAIN_COMPACT]
+FvNameGuid         = 48DB5E17-707C-472D-91CD-1613E7EF51B0
+FvAlignment        = 16
+ERASE_POLARITY     = 1
+MEMORY_MAPPED      = TRUE
+STICKY_WRITE       = TRUE
+LOCK_CAP           = TRUE
+LOCK_STATUS        = TRUE
+WRITE_DISABLED_CAP = TRUE
+WRITE_ENABLED_CAP  = TRUE
+WRITE_STATUS       = TRUE
+WRITE_LOCK_CAP     = TRUE
+WRITE_LOCK_STATUS  = TRUE
+READ_DISABLED_CAP  = TRUE
+READ_ENABLED_CAP   = TRUE
+READ_STATUS        = TRUE
+READ_LOCK_CAP      = TRUE
+READ_LOCK_STATUS   = TRUE
+
+FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 {
+   SECTION GUIDED EE4E5898-3914-4259-9D6E-DC7BD79403CF PROCESSING_REQUIRED = TRUE {
+     #
+     # These firmware volumes will have files placed in them uncompressed,
+     # and then both firmware volumes will be compressed in a single
+     # compression operation in order to achieve better overall compression.
+     #
+     SECTION FV_IMAGE = DXEFV
+   }
+ }
+
+# !include OvmfPkg/FvmainCompactScratchEnd.fdf.inc
+
+################################################################################
+
+[Rule.Common.SEC]
+  FILE SEC = $(NAMED_GUID) {
+    PE32     PE32           $(INF_OUTPUT)/$(MODULE_NAME).efi
+    UI       STRING ="$(MODULE_NAME)" Optional
+    VERSION  STRING ="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
+  }
+
+[Rule.Common.DXE_CORE]
+  FILE DXE_CORE = $(NAMED_GUID) {
+    PE32     PE32           $(INF_OUTPUT)/$(MODULE_NAME).efi
+    UI       STRING="$(MODULE_NAME)" Optional
+    VERSION  STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
+  }
+
+[Rule.Common.DXE_DRIVER]
+  FILE DRIVER = $(NAMED_GUID) {
+    DXE_DEPEX    DXE_DEPEX Optional      $(INF_OUTPUT)/$(MODULE_NAME).depex
+    PE32     PE32                    $(INF_OUTPUT)/$(MODULE_NAME).efi
+    UI       STRING="$(MODULE_NAME)" Optional
+    VERSION  STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
+    RAW ACPI  Optional               |.acpi
+    RAW ASL   Optional               |.aml
+  }
+
+[Rule.Common.DXE_RUNTIME_DRIVER]
+  FILE DRIVER = $(NAMED_GUID) {
+    DXE_DEPEX    DXE_DEPEX Optional      $(INF_OUTPUT)/$(MODULE_NAME).depex
+    PE32     PE32                    $(INF_OUTPUT)/$(MODULE_NAME).efi
+    UI       STRING="$(MODULE_NAME)" Optional
+    VERSION  STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
+  }
+
+[Rule.Common.UEFI_DRIVER]
+  FILE DRIVER = $(NAMED_GUID) {
+    DXE_DEPEX    DXE_DEPEX Optional      $(INF_OUTPUT)/$(MODULE_NAME).depex
+    PE32     PE32                    $(INF_OUTPUT)/$(MODULE_NAME).efi
+    UI       STRING="$(MODULE_NAME)" Optional
+    VERSION  STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
+  }
+
+[Rule.Common.UEFI_DRIVER.BINARY]
+  FILE DRIVER = $(NAMED_GUID) {
+    DXE_DEPEX DXE_DEPEX Optional      |.depex
+    PE32      PE32                    |.efi
+    UI        STRING="$(MODULE_NAME)" Optional
+    VERSION   STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
+  }
+
+[Rule.Common.UEFI_APPLICATION]
+  FILE APPLICATION = $(NAMED_GUID) {
+    PE32     PE32                    $(INF_OUTPUT)/$(MODULE_NAME).efi
+    UI       STRING="$(MODULE_NAME)" Optional
+    VERSION  STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
+  }
+
+[Rule.Common.UEFI_APPLICATION.BINARY]
+  FILE APPLICATION = $(NAMED_GUID) {
+    PE32      PE32                    |.efi
+    UI        STRING="$(MODULE_NAME)" Optional
+    VERSION   STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
+  }
+
+[Rule.Common.USER_DEFINED.CSM]
+  FILE FREEFORM = $(NAMED_GUID) {
+    RAW BIN                |.bin
+  }
+
+[Rule.Common.SEC.RESET_VECTOR]
+  FILE RAW = $(NAMED_GUID) {
+    RAW BIN   Align = 16   |.bin
+  }
-- 
2.29.2.windows.2


^ permalink raw reply related	[flat|nested] 35+ messages in thread

* Re: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch
  2022-01-25  6:33 ` [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch Min Xu
@ 2022-01-25 15:09   ` Abner Chang
  2022-01-27  0:43     ` Abner Chang
  0 siblings, 1 reply; 35+ messages in thread
From: Abner Chang @ 2022-01-25 15:09 UTC (permalink / raw)
  To: devel@edk2.groups.io, min.m.xu@intel.com

Reviewed-by: Abner Chang <abner.chang@hpe.com>

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Min Xu
> Sent: Tuesday, January 25, 2022 2:33 PM
> To: devel@edk2.groups.io
> Cc: Min Xu <min.m.xu@intel.com>; Leif Lindholm <leif@nuviainc.com>; Ard
> Biesheuvel <ardb+tianocore@kernel.org>; Chang, Abner (HPS SW/FW
> Technologist) <abner.chang@hpe.com>; Schaefer, Daniel (ROM Janitor)
> <daniel.schaefer@hpe.com>
> Subject: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in
> FwVol.c in X64 arch
> 
> RFC:
> INVALID URI REMOVED
> d=3429__;!!NpxR!xMRxJim2LXdgV0CClUrT7jWBUouLzrVwMc5fB_wt1PT17W
> WWyZKgREYswYM1Tz0$
> 
> CompressedDataLength is declared as UINTN which is UINT64 in X64 arch.
> But the second parameter of UefiDecompressGetInfo() is declared as
> UINT32. So a build error is triggered. To declare CompressedDataLength
> as UINT32 to fix the build error.
> 
> Cc: Leif Lindholm <leif@nuviainc.com>
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> Cc: Abner Chang <abner.chang@hpe.com>
> Cc: Daniel Schaefer <daniel.schaefer@hpe.com>
> Signed-off-by: Min Xu <min.m.xu@intel.com>
> ---
>  EmbeddedPkg/Library/PrePiLib/FwVol.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/EmbeddedPkg/Library/PrePiLib/FwVol.c
> b/EmbeddedPkg/Library/PrePiLib/FwVol.c
> index 92ae68f0d382..0a6d6925b7ea 100644
> --- a/EmbeddedPkg/Library/PrePiLib/FwVol.c
> +++ b/EmbeddedPkg/Library/PrePiLib/FwVol.c
> @@ -291,7 +291,7 @@ FfsProcessSection (
>    UINT16                    SectionAttribute;
>    UINT32                    AuthenticationStatus;
>    CHAR8                     *CompressedData;
> -  UINTN                     CompressedDataLength;
> +  UINT32                    CompressedDataLength;
> 
>    *OutputBuffer = NULL;
>    ParsedLength  = 0;
> @@ -320,7 +320,7 @@ FfsProcessSection (
>            }
> 
>            CompressedData       = (CHAR8 *)((EFI_COMPRESSION_SECTION2
> *)Section + 1);
> -          CompressedDataLength = (UINT32)SectionLength - sizeof
> (EFI_COMPRESSION_SECTION2);
> +          CompressedDataLength = SectionLength - sizeof
> (EFI_COMPRESSION_SECTION2);
>          } else {
>            CompressionSection = (EFI_COMPRESSION_SECTION *)Section;
>            SectionLength      = SECTION_SIZE (Section);
> @@ -330,7 +330,7 @@ FfsProcessSection (
>            }
> 
>            CompressedData       = (CHAR8 *)((EFI_COMPRESSION_SECTION
> *)Section + 1);
> -          CompressedDataLength = (UINT32)SectionLength - sizeof
> (EFI_COMPRESSION_SECTION);
> +          CompressedDataLength = SectionLength - sizeof
> (EFI_COMPRESSION_SECTION);
>          }
> 
>          Status = UefiDecompressGetInfo (
> --
> 2.29.2.windows.2
> 
> 
> 
> 
> 


^ permalink raw reply	[flat|nested] 35+ messages in thread

* Re: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch
  2022-01-25 15:09   ` [edk2-devel] " Abner Chang
@ 2022-01-27  0:43     ` Abner Chang
  2022-01-27  0:58       ` Min Xu
  0 siblings, 1 reply; 35+ messages in thread
From: Abner Chang @ 2022-01-27  0:43 UTC (permalink / raw)
  To: devel@edk2.groups.io, min.m.xu@intel.com

[-- Attachment #1: Type: text/plain, Size: 3223 bytes --]

Hi Min,
Would you please create a PR for this and point me to the link?

Thanks
Abner
________________________________
From: Chang, Abner (HPS SW/FW Technologist)
Sent: Tuesday, January 25, 2022 11:09 PM
To: devel@edk2.groups.io <devel@edk2.groups.io>; min.m.xu@intel.com <min.m.xu@intel.com>
Subject: RE: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch

Reviewed-by: Abner Chang <abner.chang@hpe.com>

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Min Xu
> Sent: Tuesday, January 25, 2022 2:33 PM
> To: devel@edk2.groups.io
> Cc: Min Xu <min.m.xu@intel.com>; Leif Lindholm <leif@nuviainc.com>; Ard
> Biesheuvel <ardb+tianocore@kernel.org>; Chang, Abner (HPS SW/FW
> Technologist) <abner.chang@hpe.com>; Schaefer, Daniel (ROM Janitor)
> <daniel.schaefer@hpe.com>
> Subject: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in
> FwVol.c in X64 arch
>
> RFC:
> INVALID URI REMOVED
> d=3429__;!!NpxR!xMRxJim2LXdgV0CClUrT7jWBUouLzrVwMc5fB_wt1PT17W
> WWyZKgREYswYM1Tz0$
>
> CompressedDataLength is declared as UINTN which is UINT64 in X64 arch.
> But the second parameter of UefiDecompressGetInfo() is declared as
> UINT32. So a build error is triggered. To declare CompressedDataLength
> as UINT32 to fix the build error.
>
> Cc: Leif Lindholm <leif@nuviainc.com>
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> Cc: Abner Chang <abner.chang@hpe.com>
> Cc: Daniel Schaefer <daniel.schaefer@hpe.com>
> Signed-off-by: Min Xu <min.m.xu@intel.com>
> ---
>  EmbeddedPkg/Library/PrePiLib/FwVol.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/EmbeddedPkg/Library/PrePiLib/FwVol.c
> b/EmbeddedPkg/Library/PrePiLib/FwVol.c
> index 92ae68f0d382..0a6d6925b7ea 100644
> --- a/EmbeddedPkg/Library/PrePiLib/FwVol.c
> +++ b/EmbeddedPkg/Library/PrePiLib/FwVol.c
> @@ -291,7 +291,7 @@ FfsProcessSection (
>    UINT16                    SectionAttribute;
>    UINT32                    AuthenticationStatus;
>    CHAR8                     *CompressedData;
> -  UINTN                     CompressedDataLength;
> +  UINT32                    CompressedDataLength;
>
>    *OutputBuffer = NULL;
>    ParsedLength  = 0;
> @@ -320,7 +320,7 @@ FfsProcessSection (
>            }
>
>            CompressedData       = (CHAR8 *)((EFI_COMPRESSION_SECTION2
> *)Section + 1);
> -          CompressedDataLength = (UINT32)SectionLength - sizeof
> (EFI_COMPRESSION_SECTION2);
> +          CompressedDataLength = SectionLength - sizeof
> (EFI_COMPRESSION_SECTION2);
>          } else {
>            CompressionSection = (EFI_COMPRESSION_SECTION *)Section;
>            SectionLength      = SECTION_SIZE (Section);
> @@ -330,7 +330,7 @@ FfsProcessSection (
>            }
>
>            CompressedData       = (CHAR8 *)((EFI_COMPRESSION_SECTION
> *)Section + 1);
> -          CompressedDataLength = (UINT32)SectionLength - sizeof
> (EFI_COMPRESSION_SECTION);
> +          CompressedDataLength = SectionLength - sizeof
> (EFI_COMPRESSION_SECTION);
>          }
>
>          Status = UefiDecompressGetInfo (
> --
> 2.29.2.windows.2
>
>
>
> 
>


[-- Attachment #2: Type: text/html, Size: 6539 bytes --]

^ permalink raw reply	[flat|nested] 35+ messages in thread

* Re: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch
  2022-01-27  0:43     ` Abner Chang
@ 2022-01-27  0:58       ` Min Xu
  2022-01-27  1:55         ` Abner Chang
  0 siblings, 1 reply; 35+ messages in thread
From: Min Xu @ 2022-01-27  0:58 UTC (permalink / raw)
  To: devel@edk2.groups.io, Chang, Abner

[-- Attachment #1: Type: text/plain, Size: 4150 bytes --]

Hi, Abner
This is the PR of the patch-sets.
https://github.com/tianocore/edk2/pull/2313

Thanks
Min
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Abner Chang
Sent: Thursday, January 27, 2022 8:43 AM
To: devel@edk2.groups.io; Xu, Min M <min.m.xu@intel.com>
Subject: Re: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch

Hi Min,
Would you please create a PR for this and point me to the link?

Thanks
Abner
________________________________
From: Chang, Abner (HPS SW/FW Technologist)
Sent: Tuesday, January 25, 2022 11:09 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>; min.m.xu@intel.com<mailto:min.m.xu@intel.com> <min.m.xu@intel.com<mailto:min.m.xu@intel.com>>
Subject: RE: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch

Reviewed-by: Abner Chang <abner.chang@hpe.com<mailto:abner.chang@hpe.com>>

> -----Original Message-----
> From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Min Xu
> Sent: Tuesday, January 25, 2022 2:33 PM
> To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
> Cc: Min Xu <min.m.xu@intel.com<mailto:min.m.xu@intel.com>>; Leif Lindholm <leif@nuviainc.com<mailto:leif@nuviainc.com>>; Ard
> Biesheuvel <ardb+tianocore@kernel.org<mailto:ardb+tianocore@kernel.org>>; Chang, Abner (HPS SW/FW
> Technologist) <abner.chang@hpe.com<mailto:abner.chang@hpe.com>>; Schaefer, Daniel (ROM Janitor)
> <daniel.schaefer@hpe.com<mailto:daniel.schaefer@hpe.com>>
> Subject: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in
> FwVol.c in X64 arch
>
> RFC:
> INVALID URI REMOVED<INVALID%20URI%20REMOVED>
> d=3429__;!!NpxR!xMRxJim2LXdgV0CClUrT7jWBUouLzrVwMc5fB_wt1PT17W
> WWyZKgREYswYM1Tz0$
>
> CompressedDataLength is declared as UINTN which is UINT64 in X64 arch.
> But the second parameter of UefiDecompressGetInfo() is declared as
> UINT32. So a build error is triggered. To declare CompressedDataLength
> as UINT32 to fix the build error.
>
> Cc: Leif Lindholm <leif@nuviainc.com<mailto:leif@nuviainc.com>>
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org<mailto:ardb+tianocore@kernel.org>>
> Cc: Abner Chang <abner.chang@hpe.com<mailto:abner.chang@hpe.com>>
> Cc: Daniel Schaefer <daniel.schaefer@hpe.com<mailto:daniel.schaefer@hpe.com>>
> Signed-off-by: Min Xu <min.m.xu@intel.com<mailto:min.m.xu@intel.com>>
> ---
>  EmbeddedPkg/Library/PrePiLib/FwVol.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/EmbeddedPkg/Library/PrePiLib/FwVol.c
> b/EmbeddedPkg/Library/PrePiLib/FwVol.c
> index 92ae68f0d382..0a6d6925b7ea 100644
> --- a/EmbeddedPkg/Library/PrePiLib/FwVol.c
> +++ b/EmbeddedPkg/Library/PrePiLib/FwVol.c
> @@ -291,7 +291,7 @@ FfsProcessSection (
>    UINT16                    SectionAttribute;
>    UINT32                    AuthenticationStatus;
>    CHAR8                     *CompressedData;
> -  UINTN                     CompressedDataLength;
> +  UINT32                    CompressedDataLength;
>
>    *OutputBuffer = NULL;
>    ParsedLength  = 0;
> @@ -320,7 +320,7 @@ FfsProcessSection (
>            }
>
>            CompressedData       = (CHAR8 *)((EFI_COMPRESSION_SECTION2
> *)Section + 1);
> -          CompressedDataLength = (UINT32)SectionLength - sizeof
> (EFI_COMPRESSION_SECTION2);
> +          CompressedDataLength = SectionLength - sizeof
> (EFI_COMPRESSION_SECTION2);
>          } else {
>            CompressionSection = (EFI_COMPRESSION_SECTION *)Section;
>            SectionLength      = SECTION_SIZE (Section);
> @@ -330,7 +330,7 @@ FfsProcessSection (
>            }
>
>            CompressedData       = (CHAR8 *)((EFI_COMPRESSION_SECTION
> *)Section + 1);
> -          CompressedDataLength = (UINT32)SectionLength - sizeof
> (EFI_COMPRESSION_SECTION);
> +          CompressedDataLength = SectionLength - sizeof
> (EFI_COMPRESSION_SECTION);
>          }
>
>          Status = UefiDecompressGetInfo (
> --
> 2.29.2.windows.2
>
>
>
>
>


[-- Attachment #2: Type: text/html, Size: 9780 bytes --]

^ permalink raw reply	[flat|nested] 35+ messages in thread

* Re: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch
  2022-01-27  0:58       ` Min Xu
@ 2022-01-27  1:55         ` Abner Chang
  2022-01-27  2:39           ` Min Xu
  0 siblings, 1 reply; 35+ messages in thread
From: Abner Chang @ 2022-01-27  1:55 UTC (permalink / raw)
  To: Xu, Min M, devel@edk2.groups.io

[-- Attachment #1: Type: text/plain, Size: 4679 bytes --]

Hi Min,
Did you get the reviewed-by for other patches? Just let me know when the review process is done, I can then merge the patch to EmbeddedPkg.

Regards,
Abner
________________________________
From: Xu, Min M <min.m.xu@intel.com>
Sent: Thursday, January 27, 2022 8:58 AM
To: devel@edk2.groups.io <devel@edk2.groups.io>; Chang, Abner (HPS SW/FW Technologist) <abner.chang@hpe.com>
Subject: RE: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch


Hi, Abner

This is the PR of the patch-sets.

https://github.com/tianocore/edk2/pull/2313



Thanks

Min

From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Abner Chang
Sent: Thursday, January 27, 2022 8:43 AM
To: devel@edk2.groups.io; Xu, Min M <min.m.xu@intel.com>
Subject: Re: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch



Hi Min,

Would you please create a PR for this and point me to the link?



Thanks

Abner

________________________________

From: Chang, Abner (HPS SW/FW Technologist)
Sent: Tuesday, January 25, 2022 11:09 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>; min.m.xu@intel.com<mailto:min.m.xu@intel.com> <min.m.xu@intel.com<mailto:min.m.xu@intel.com>>
Subject: RE: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch



Reviewed-by: Abner Chang <abner.chang@hpe.com<mailto:abner.chang@hpe.com>>

> -----Original Message-----
> From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Min Xu
> Sent: Tuesday, January 25, 2022 2:33 PM
> To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
> Cc: Min Xu <min.m.xu@intel.com<mailto:min.m.xu@intel.com>>; Leif Lindholm <leif@nuviainc.com<mailto:leif@nuviainc.com>>; Ard
> Biesheuvel <ardb+tianocore@kernel.org<mailto:ardb+tianocore@kernel.org>>; Chang, Abner (HPS SW/FW
> Technologist) <abner.chang@hpe.com<mailto:abner.chang@hpe.com>>; Schaefer, Daniel (ROM Janitor)
> <daniel.schaefer@hpe.com<mailto:daniel.schaefer@hpe.com>>
> Subject: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in
> FwVol.c in X64 arch
>
> RFC:
> INVALID URI REMOVED<INVALID%20URI%20REMOVED>
> d=3429__;!!NpxR!xMRxJim2LXdgV0CClUrT7jWBUouLzrVwMc5fB_wt1PT17W
> WWyZKgREYswYM1Tz0$
>
> CompressedDataLength is declared as UINTN which is UINT64 in X64 arch.
> But the second parameter of UefiDecompressGetInfo() is declared as
> UINT32. So a build error is triggered. To declare CompressedDataLength
> as UINT32 to fix the build error.
>
> Cc: Leif Lindholm <leif@nuviainc.com<mailto:leif@nuviainc.com>>
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org<mailto:ardb+tianocore@kernel.org>>
> Cc: Abner Chang <abner.chang@hpe.com<mailto:abner.chang@hpe.com>>
> Cc: Daniel Schaefer <daniel.schaefer@hpe.com<mailto:daniel.schaefer@hpe.com>>
> Signed-off-by: Min Xu <min.m.xu@intel.com<mailto:min.m.xu@intel.com>>
> ---
>  EmbeddedPkg/Library/PrePiLib/FwVol.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/EmbeddedPkg/Library/PrePiLib/FwVol.c
> b/EmbeddedPkg/Library/PrePiLib/FwVol.c
> index 92ae68f0d382..0a6d6925b7ea 100644
> --- a/EmbeddedPkg/Library/PrePiLib/FwVol.c
> +++ b/EmbeddedPkg/Library/PrePiLib/FwVol.c
> @@ -291,7 +291,7 @@ FfsProcessSection (
>    UINT16                    SectionAttribute;
>    UINT32                    AuthenticationStatus;
>    CHAR8                     *CompressedData;
> -  UINTN                     CompressedDataLength;
> +  UINT32                    CompressedDataLength;
>
>    *OutputBuffer = NULL;
>    ParsedLength  = 0;
> @@ -320,7 +320,7 @@ FfsProcessSection (
>            }
>
>            CompressedData       = (CHAR8 *)((EFI_COMPRESSION_SECTION2
> *)Section + 1);
> -          CompressedDataLength = (UINT32)SectionLength - sizeof
> (EFI_COMPRESSION_SECTION2);
> +          CompressedDataLength = SectionLength - sizeof
> (EFI_COMPRESSION_SECTION2);
>          } else {
>            CompressionSection = (EFI_COMPRESSION_SECTION *)Section;
>            SectionLength      = SECTION_SIZE (Section);
> @@ -330,7 +330,7 @@ FfsProcessSection (
>            }
>
>            CompressedData       = (CHAR8 *)((EFI_COMPRESSION_SECTION
> *)Section + 1);
> -          CompressedDataLength = (UINT32)SectionLength - sizeof
> (EFI_COMPRESSION_SECTION);
> +          CompressedDataLength = SectionLength - sizeof
> (EFI_COMPRESSION_SECTION);
>          }
>
>          Status = UefiDecompressGetInfo (
> --
> 2.29.2.windows.2
>
>
>
>
>



[-- Attachment #2: Type: text/html, Size: 10216 bytes --]

^ permalink raw reply	[flat|nested] 35+ messages in thread

* Re: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch
  2022-01-27  1:55         ` Abner Chang
@ 2022-01-27  2:39           ` Min Xu
  2022-01-27  3:01             ` Abner Chang
  0 siblings, 1 reply; 35+ messages in thread
From: Min Xu @ 2022-01-27  2:39 UTC (permalink / raw)
  To: Chang, Abner, devel@edk2.groups.io

[-- Attachment #1: Type: text/plain, Size: 5357 bytes --]

Hi, Abner
Other patches are still in review. I am thinking if this patch can be in a separate patch-sets so that you can merge it to EmbeddedPkg? What's your thought?

Thanks
Min
From: Chang, Abner (HPS SW/FW Technologist) <abner.chang@hpe.com>
Sent: Thursday, January 27, 2022 9:56 AM
To: Xu, Min M <min.m.xu@intel.com>; devel@edk2.groups.io
Subject: Re: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch

Hi Min,
Did you get the reviewed-by for other patches? Just let me know when the review process is done, I can then merge the patch to EmbeddedPkg.

Regards,
Abner
________________________________
From: Xu, Min M <min.m.xu@intel.com<mailto:min.m.xu@intel.com>>
Sent: Thursday, January 27, 2022 8:58 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>; Chang, Abner (HPS SW/FW Technologist) <abner.chang@hpe.com<mailto:abner.chang@hpe.com>>
Subject: RE: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch


Hi, Abner

This is the PR of the patch-sets.

https://github.com/tianocore/edk2/pull/2313



Thanks

Min

From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Abner Chang
Sent: Thursday, January 27, 2022 8:43 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Xu, Min M <min.m.xu@intel.com<mailto:min.m.xu@intel.com>>
Subject: Re: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch



Hi Min,

Would you please create a PR for this and point me to the link?



Thanks

Abner

________________________________

From: Chang, Abner (HPS SW/FW Technologist)
Sent: Tuesday, January 25, 2022 11:09 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>; min.m.xu@intel.com<mailto:min.m.xu@intel.com> <min.m.xu@intel.com<mailto:min.m.xu@intel.com>>
Subject: RE: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch



Reviewed-by: Abner Chang <abner.chang@hpe.com<mailto:abner.chang@hpe.com>>

> -----Original Message-----
> From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Min Xu
> Sent: Tuesday, January 25, 2022 2:33 PM
> To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
> Cc: Min Xu <min.m.xu@intel.com<mailto:min.m.xu@intel.com>>; Leif Lindholm <leif@nuviainc.com<mailto:leif@nuviainc.com>>; Ard
> Biesheuvel <ardb+tianocore@kernel.org<mailto:ardb+tianocore@kernel.org>>; Chang, Abner (HPS SW/FW
> Technologist) <abner.chang@hpe.com<mailto:abner.chang@hpe.com>>; Schaefer, Daniel (ROM Janitor)
> <daniel.schaefer@hpe.com<mailto:daniel.schaefer@hpe.com>>
> Subject: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in
> FwVol.c in X64 arch
>
> RFC:
> INVALID URI REMOVED<INVALID%20URI%20REMOVED>
> d=3429__;!!NpxR!xMRxJim2LXdgV0CClUrT7jWBUouLzrVwMc5fB_wt1PT17W
> WWyZKgREYswYM1Tz0$
>
> CompressedDataLength is declared as UINTN which is UINT64 in X64 arch.
> But the second parameter of UefiDecompressGetInfo() is declared as
> UINT32. So a build error is triggered. To declare CompressedDataLength
> as UINT32 to fix the build error.
>
> Cc: Leif Lindholm <leif@nuviainc.com<mailto:leif@nuviainc.com>>
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org<mailto:ardb+tianocore@kernel.org>>
> Cc: Abner Chang <abner.chang@hpe.com<mailto:abner.chang@hpe.com>>
> Cc: Daniel Schaefer <daniel.schaefer@hpe.com<mailto:daniel.schaefer@hpe.com>>
> Signed-off-by: Min Xu <min.m.xu@intel.com<mailto:min.m.xu@intel.com>>
> ---
>  EmbeddedPkg/Library/PrePiLib/FwVol.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/EmbeddedPkg/Library/PrePiLib/FwVol.c
> b/EmbeddedPkg/Library/PrePiLib/FwVol.c
> index 92ae68f0d382..0a6d6925b7ea 100644
> --- a/EmbeddedPkg/Library/PrePiLib/FwVol.c
> +++ b/EmbeddedPkg/Library/PrePiLib/FwVol.c
> @@ -291,7 +291,7 @@ FfsProcessSection (
>    UINT16                    SectionAttribute;
>    UINT32                    AuthenticationStatus;
>    CHAR8                     *CompressedData;
> -  UINTN                     CompressedDataLength;
> +  UINT32                    CompressedDataLength;
>
>    *OutputBuffer = NULL;
>    ParsedLength  = 0;
> @@ -320,7 +320,7 @@ FfsProcessSection (
>            }
>
>            CompressedData       = (CHAR8 *)((EFI_COMPRESSION_SECTION2
> *)Section + 1);
> -          CompressedDataLength = (UINT32)SectionLength - sizeof
> (EFI_COMPRESSION_SECTION2);
> +          CompressedDataLength = SectionLength - sizeof
> (EFI_COMPRESSION_SECTION2);
>          } else {
>            CompressionSection = (EFI_COMPRESSION_SECTION *)Section;
>            SectionLength      = SECTION_SIZE (Section);
> @@ -330,7 +330,7 @@ FfsProcessSection (
>            }
>
>            CompressedData       = (CHAR8 *)((EFI_COMPRESSION_SECTION
> *)Section + 1);
> -          CompressedDataLength = (UINT32)SectionLength - sizeof
> (EFI_COMPRESSION_SECTION);
> +          CompressedDataLength = SectionLength - sizeof
> (EFI_COMPRESSION_SECTION);
>          }
>
>          Status = UefiDecompressGetInfo (
> --
> 2.29.2.windows.2
>
>
>
>
>



[-- Attachment #2: Type: text/html, Size: 12742 bytes --]

^ permalink raw reply	[flat|nested] 35+ messages in thread

* Re: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch
  2022-01-27  2:39           ` Min Xu
@ 2022-01-27  3:01             ` Abner Chang
  2022-01-27  3:38               ` Min Xu
  0 siblings, 1 reply; 35+ messages in thread
From: Abner Chang @ 2022-01-27  3:01 UTC (permalink / raw)
  To: Xu, Min M, devel@edk2.groups.io

[-- Attachment #1: Type: text/plain, Size: 5816 bytes --]

yes, I can do that if you separate it to a standalone patch. This change doesn't hurt others.

Abner
________________________________
From: Xu, Min M <min.m.xu@intel.com>
Sent: Thursday, January 27, 2022 10:39 AM
To: Chang, Abner (HPS SW/FW Technologist) <abner.chang@hpe.com>; devel@edk2.groups.io <devel@edk2.groups.io>
Subject: RE: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch


Hi, Abner

Other patches are still in review. I am thinking if this patch can be in a separate patch-sets so that you can merge it to EmbeddedPkg? What’s your thought?



Thanks

Min

From: Chang, Abner (HPS SW/FW Technologist) <abner.chang@hpe.com>
Sent: Thursday, January 27, 2022 9:56 AM
To: Xu, Min M <min.m.xu@intel.com>; devel@edk2.groups.io
Subject: Re: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch



Hi Min,

Did you get the reviewed-by for other patches? Just let me know when the review process is done, I can then merge the patch to EmbeddedPkg.



Regards,

Abner

________________________________

From: Xu, Min M <min.m.xu@intel.com<mailto:min.m.xu@intel.com>>
Sent: Thursday, January 27, 2022 8:58 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>; Chang, Abner (HPS SW/FW Technologist) <abner.chang@hpe.com<mailto:abner.chang@hpe.com>>
Subject: RE: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch



Hi, Abner

This is the PR of the patch-sets.

https://github.com/tianocore/edk2/pull/2313



Thanks

Min

From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Abner Chang
Sent: Thursday, January 27, 2022 8:43 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Xu, Min M <min.m.xu@intel.com<mailto:min.m.xu@intel.com>>
Subject: Re: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch



Hi Min,

Would you please create a PR for this and point me to the link?



Thanks

Abner

________________________________

From: Chang, Abner (HPS SW/FW Technologist)
Sent: Tuesday, January 25, 2022 11:09 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>; min.m.xu@intel.com<mailto:min.m.xu@intel.com> <min.m.xu@intel.com<mailto:min.m.xu@intel.com>>
Subject: RE: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch



Reviewed-by: Abner Chang <abner.chang@hpe.com<mailto:abner.chang@hpe.com>>

> -----Original Message-----
> From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Min Xu
> Sent: Tuesday, January 25, 2022 2:33 PM
> To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
> Cc: Min Xu <min.m.xu@intel.com<mailto:min.m.xu@intel.com>>; Leif Lindholm <leif@nuviainc.com<mailto:leif@nuviainc.com>>; Ard
> Biesheuvel <ardb+tianocore@kernel.org<mailto:ardb+tianocore@kernel.org>>; Chang, Abner (HPS SW/FW
> Technologist) <abner.chang@hpe.com<mailto:abner.chang@hpe.com>>; Schaefer, Daniel (ROM Janitor)
> <daniel.schaefer@hpe.com<mailto:daniel.schaefer@hpe.com>>
> Subject: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in
> FwVol.c in X64 arch
>
> RFC:
> INVALID URI REMOVED<INVALID%20URI%20REMOVED>
> d=3429__;!!NpxR!xMRxJim2LXdgV0CClUrT7jWBUouLzrVwMc5fB_wt1PT17W
> WWyZKgREYswYM1Tz0$
>
> CompressedDataLength is declared as UINTN which is UINT64 in X64 arch.
> But the second parameter of UefiDecompressGetInfo() is declared as
> UINT32. So a build error is triggered. To declare CompressedDataLength
> as UINT32 to fix the build error.
>
> Cc: Leif Lindholm <leif@nuviainc.com<mailto:leif@nuviainc.com>>
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org<mailto:ardb+tianocore@kernel.org>>
> Cc: Abner Chang <abner.chang@hpe.com<mailto:abner.chang@hpe.com>>
> Cc: Daniel Schaefer <daniel.schaefer@hpe.com<mailto:daniel.schaefer@hpe.com>>
> Signed-off-by: Min Xu <min.m.xu@intel.com<mailto:min.m.xu@intel.com>>
> ---
>  EmbeddedPkg/Library/PrePiLib/FwVol.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/EmbeddedPkg/Library/PrePiLib/FwVol.c
> b/EmbeddedPkg/Library/PrePiLib/FwVol.c
> index 92ae68f0d382..0a6d6925b7ea 100644
> --- a/EmbeddedPkg/Library/PrePiLib/FwVol.c
> +++ b/EmbeddedPkg/Library/PrePiLib/FwVol.c
> @@ -291,7 +291,7 @@ FfsProcessSection (
>    UINT16                    SectionAttribute;
>    UINT32                    AuthenticationStatus;
>    CHAR8                     *CompressedData;
> -  UINTN                     CompressedDataLength;
> +  UINT32                    CompressedDataLength;
>
>    *OutputBuffer = NULL;
>    ParsedLength  = 0;
> @@ -320,7 +320,7 @@ FfsProcessSection (
>            }
>
>            CompressedData       = (CHAR8 *)((EFI_COMPRESSION_SECTION2
> *)Section + 1);
> -          CompressedDataLength = (UINT32)SectionLength - sizeof
> (EFI_COMPRESSION_SECTION2);
> +          CompressedDataLength = SectionLength - sizeof
> (EFI_COMPRESSION_SECTION2);
>          } else {
>            CompressionSection = (EFI_COMPRESSION_SECTION *)Section;
>            SectionLength      = SECTION_SIZE (Section);
> @@ -330,7 +330,7 @@ FfsProcessSection (
>            }
>
>            CompressedData       = (CHAR8 *)((EFI_COMPRESSION_SECTION
> *)Section + 1);
> -          CompressedDataLength = (UINT32)SectionLength - sizeof
> (EFI_COMPRESSION_SECTION);
> +          CompressedDataLength = SectionLength - sizeof
> (EFI_COMPRESSION_SECTION);
>          }
>
>          Status = UefiDecompressGetInfo (
> --
> 2.29.2.windows.2
>
>
>
>
>



[-- Attachment #2: Type: text/html, Size: 12676 bytes --]

^ permalink raw reply	[flat|nested] 35+ messages in thread

* Re: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch
  2022-01-27  3:01             ` Abner Chang
@ 2022-01-27  3:38               ` Min Xu
  0 siblings, 0 replies; 35+ messages in thread
From: Min Xu @ 2022-01-27  3:38 UTC (permalink / raw)
  To: Chang, Abner, devel@edk2.groups.io

[-- Attachment #1: Type: text/plain, Size: 6373 bytes --]

Sure. The standalone patch is sent out.
PR: https://github.com/tianocore/edk2/pull/2444

From: Chang, Abner (HPS SW/FW Technologist) <abner.chang@hpe.com>
Sent: Thursday, January 27, 2022 11:01 AM
To: Xu, Min M <min.m.xu@intel.com>; devel@edk2.groups.io
Subject: Re: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch

yes, I can do that if you separate it to a standalone patch. This change doesn't hurt others.

Abner
________________________________
From: Xu, Min M <min.m.xu@intel.com<mailto:min.m.xu@intel.com>>
Sent: Thursday, January 27, 2022 10:39 AM
To: Chang, Abner (HPS SW/FW Technologist) <abner.chang@hpe.com<mailto:abner.chang@hpe.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>
Subject: RE: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch


Hi, Abner

Other patches are still in review. I am thinking if this patch can be in a separate patch-sets so that you can merge it to EmbeddedPkg? What's your thought?



Thanks

Min

From: Chang, Abner (HPS SW/FW Technologist) <abner.chang@hpe.com<mailto:abner.chang@hpe.com>>
Sent: Thursday, January 27, 2022 9:56 AM
To: Xu, Min M <min.m.xu@intel.com<mailto:min.m.xu@intel.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Subject: Re: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch



Hi Min,

Did you get the reviewed-by for other patches? Just let me know when the review process is done, I can then merge the patch to EmbeddedPkg.



Regards,

Abner

________________________________

From: Xu, Min M <min.m.xu@intel.com<mailto:min.m.xu@intel.com>>
Sent: Thursday, January 27, 2022 8:58 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>; Chang, Abner (HPS SW/FW Technologist) <abner.chang@hpe.com<mailto:abner.chang@hpe.com>>
Subject: RE: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch



Hi, Abner

This is the PR of the patch-sets.

https://github.com/tianocore/edk2/pull/2313



Thanks

Min

From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Abner Chang
Sent: Thursday, January 27, 2022 8:43 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Xu, Min M <min.m.xu@intel.com<mailto:min.m.xu@intel.com>>
Subject: Re: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch



Hi Min,

Would you please create a PR for this and point me to the link?



Thanks

Abner

________________________________

From: Chang, Abner (HPS SW/FW Technologist)
Sent: Tuesday, January 25, 2022 11:09 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>; min.m.xu@intel.com<mailto:min.m.xu@intel.com> <min.m.xu@intel.com<mailto:min.m.xu@intel.com>>
Subject: RE: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch



Reviewed-by: Abner Chang <abner.chang@hpe.com<mailto:abner.chang@hpe.com>>

> -----Original Message-----
> From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Min Xu
> Sent: Tuesday, January 25, 2022 2:33 PM
> To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
> Cc: Min Xu <min.m.xu@intel.com<mailto:min.m.xu@intel.com>>; Leif Lindholm <leif@nuviainc.com<mailto:leif@nuviainc.com>>; Ard
> Biesheuvel <ardb+tianocore@kernel.org<mailto:ardb+tianocore@kernel.org>>; Chang, Abner (HPS SW/FW
> Technologist) <abner.chang@hpe.com<mailto:abner.chang@hpe.com>>; Schaefer, Daniel (ROM Janitor)
> <daniel.schaefer@hpe.com<mailto:daniel.schaefer@hpe.com>>
> Subject: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in
> FwVol.c in X64 arch
>
> RFC:
> INVALID URI REMOVED<INVALID%20URI%20REMOVED>
> d=3429__;!!NpxR!xMRxJim2LXdgV0CClUrT7jWBUouLzrVwMc5fB_wt1PT17W
> WWyZKgREYswYM1Tz0$
>
> CompressedDataLength is declared as UINTN which is UINT64 in X64 arch.
> But the second parameter of UefiDecompressGetInfo() is declared as
> UINT32. So a build error is triggered. To declare CompressedDataLength
> as UINT32 to fix the build error.
>
> Cc: Leif Lindholm <leif@nuviainc.com<mailto:leif@nuviainc.com>>
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org<mailto:ardb+tianocore@kernel.org>>
> Cc: Abner Chang <abner.chang@hpe.com<mailto:abner.chang@hpe.com>>
> Cc: Daniel Schaefer <daniel.schaefer@hpe.com<mailto:daniel.schaefer@hpe.com>>
> Signed-off-by: Min Xu <min.m.xu@intel.com<mailto:min.m.xu@intel.com>>
> ---
>  EmbeddedPkg/Library/PrePiLib/FwVol.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/EmbeddedPkg/Library/PrePiLib/FwVol.c
> b/EmbeddedPkg/Library/PrePiLib/FwVol.c
> index 92ae68f0d382..0a6d6925b7ea 100644
> --- a/EmbeddedPkg/Library/PrePiLib/FwVol.c
> +++ b/EmbeddedPkg/Library/PrePiLib/FwVol.c
> @@ -291,7 +291,7 @@ FfsProcessSection (
>    UINT16                    SectionAttribute;
>    UINT32                    AuthenticationStatus;
>    CHAR8                     *CompressedData;
> -  UINTN                     CompressedDataLength;
> +  UINT32                    CompressedDataLength;
>
>    *OutputBuffer = NULL;
>    ParsedLength  = 0;
> @@ -320,7 +320,7 @@ FfsProcessSection (
>            }
>
>            CompressedData       = (CHAR8 *)((EFI_COMPRESSION_SECTION2
> *)Section + 1);
> -          CompressedDataLength = (UINT32)SectionLength - sizeof
> (EFI_COMPRESSION_SECTION2);
> +          CompressedDataLength = SectionLength - sizeof
> (EFI_COMPRESSION_SECTION2);
>          } else {
>            CompressionSection = (EFI_COMPRESSION_SECTION *)Section;
>            SectionLength      = SECTION_SIZE (Section);
> @@ -330,7 +330,7 @@ FfsProcessSection (
>            }
>
>            CompressedData       = (CHAR8 *)((EFI_COMPRESSION_SECTION
> *)Section + 1);
> -          CompressedDataLength = (UINT32)SectionLength - sizeof
> (EFI_COMPRESSION_SECTION);
> +          CompressedDataLength = SectionLength - sizeof
> (EFI_COMPRESSION_SECTION);
>          }
>
>          Status = UefiDecompressGetInfo (
> --
> 2.29.2.windows.2
>
>
>
>
>



[-- Attachment #2: Type: text/html, Size: 15256 bytes --]

^ permalink raw reply	[flat|nested] 35+ messages in thread

* Re: [PATCH V2 02/10] UefiCpuPkg: Add PcdTdxWorkAreaBase
  2022-01-25  6:33 ` [PATCH V2 02/10] UefiCpuPkg: Add PcdTdxWorkAreaBase Min Xu
@ 2022-01-27 13:24   ` Gerd Hoffmann
  2022-01-28  8:02     ` Min Xu
  0 siblings, 1 reply; 35+ messages in thread
From: Gerd Hoffmann @ 2022-01-27 13:24 UTC (permalink / raw)
  To: Min Xu
  Cc: devel, Ard Biesheuvel, Jordan Justen, Brijesh Singh, Erdem Aktas,
	James Bottomley, Jiewen Yao, Tom Lendacky, Ray Ni

On Tue, Jan 25, 2022 at 02:33:10PM +0800, Min Xu wrote:
> RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429
> 
> Add PcdTdxWorkAreaBase to indicate the area of memory where
> the TDX work area block lives.

Why have both PcdSevEsWorkAreaBase and PcdTdxWorkAreaBase when
we have a shared work area?

take care,
  Gerd


^ permalink raw reply	[flat|nested] 35+ messages in thread

* Re: [PATCH V2 03/10] OvmfPkg: Add TdxWorkArea definition
  2022-01-25  6:33 ` [PATCH V2 03/10] OvmfPkg: Add TdxWorkArea definition Min Xu
@ 2022-01-27 13:25   ` Gerd Hoffmann
  2022-01-28  8:01     ` Min Xu
  0 siblings, 1 reply; 35+ messages in thread
From: Gerd Hoffmann @ 2022-01-27 13:25 UTC (permalink / raw)
  To: Min Xu
  Cc: devel, Michael D Kinney, Brijesh Singh, Erdem Aktas,
	James Bottomley, Jiewen Yao, Tom Lendacky

> +//
> +// The TDX work area definition
> +//
> +typedef struct _SEC_TDX_WORK_AREA {
> +  UINT32    PageTableReady;
> +  UINT32    Gpaw;
> +  UINT64    HobList;
> +} SEC_TDX_WORK_AREA;
> +
> +typedef struct _TDX_WORK_AREA {
> +  CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER    Header;
> +  SEC_TDX_WORK_AREA                          SecTdxWorkArea;
> +} TDX_WORK_AREA;
> +
>  typedef union {
>    CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER    Header;
>    SEV_WORK_AREA                              SevWorkArea;
> +  TDX_WORK_AREA                              TdxWorkArea;
>  } OVMF_WORK_AREA;

Now you have the CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER twice ...

take care,
  Gerd


^ permalink raw reply	[flat|nested] 35+ messages in thread

* Re: [PATCH V2 05/10] OvmfPkg: Update EFI_HOB_PLATFORM_INFO with more platform settings
  2022-01-25  6:33 ` [PATCH V2 05/10] OvmfPkg: Update EFI_HOB_PLATFORM_INFO with more platform settings Min Xu
@ 2022-01-27 13:32   ` Gerd Hoffmann
  2022-02-14  2:34     ` Min Xu
  0 siblings, 1 reply; 35+ messages in thread
From: Gerd Hoffmann @ 2022-01-27 13:32 UTC (permalink / raw)
  To: Min Xu
  Cc: devel, Michael D Kinney, Brijesh Singh, Erdem Aktas,
	James Bottomley, Jiewen Yao, Tom Lendacky

> This patch-sets is to bring up Legacy guest and Tdx guest without
> PEI phase. So platform initialization has to be done in SEC phase.
> It is similar with the work of OvmfPkg/PlatformPei. In
> OvmfPkg/PlatformPei some PCDs are set during platform initialization,
> such as PcdPciMmio64Base. But in PEI-less boot, PCDs cannot be set.
> So these values are saved in EFI_HOB_PLATFORM_INFO. Then in the early
> stage of DXE phase this hob will be parsed and PCDs are set accordingly.

> --- a/OvmfPkg/Include/IndustryStandard/IntelTdx.h
> +++ b/OvmfPkg/Include/IndustryStandard/IntelTdx.h

With this being more widely used it doesn't make sense to have it in IntelTdx.h ...

take care,
  Gerd


^ permalink raw reply	[flat|nested] 35+ messages in thread

* Re: [PATCH V2 07/10] OvmfPkg/IntelTdx: Add Sec to bring up both Legacy and Tdx guest
  2022-01-25  6:33 ` [PATCH V2 07/10] OvmfPkg/IntelTdx: Add Sec to bring up both Legacy and Tdx guest Min Xu
@ 2022-01-27 13:42   ` Gerd Hoffmann
  2022-02-08  8:43     ` Min Xu
  0 siblings, 1 reply; 35+ messages in thread
From: Gerd Hoffmann @ 2022-01-27 13:42 UTC (permalink / raw)
  To: Min Xu
  Cc: devel, Michael D Kinney, Brijesh Singh, Erdem Aktas,
	James Bottomley, Jiewen Yao, Tom Lendacky

On Tue, Jan 25, 2022 at 02:33:15PM +0800, Min Xu wrote:
> RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429
> 
> OvmfPkg/IntelTdx/Sec is a simplied version of OvmfPkg/Sec. There
> are below differences between these 2 Sec
>  - IntelTdx/Sec only supports Legacy guest and Tdx guest.
>  - IntelTdx/Sec calls TdxStartup () to jump from SEC to DXE directly.
>  - IntelTdx/Sec only supports X64.
>  - IntelTdx/Sec uses MemoryAllocationLib / HobLib / PrePiLib in
>    EmbeddedPkg.

Quite some code duplication here ...

> +BspAcceptMemoryResourceRange (

> +ValidateHobList (

... and possibly more.

I think these functions should move to the new PlatformInitLib too.

take care,
  Gerd


^ permalink raw reply	[flat|nested] 35+ messages in thread

* Re: [PATCH V2 09/10] OvmfPkg: Update DxeAcpiTimerLib to read HostBridgeDevId in PlatformInfoHob
  2022-01-25  6:33 ` [PATCH V2 09/10] OvmfPkg: Update DxeAcpiTimerLib to read HostBridgeDevId in PlatformInfoHob Min Xu
@ 2022-01-27 13:48   ` Gerd Hoffmann
  2022-02-08  8:20     ` Min Xu
  0 siblings, 1 reply; 35+ messages in thread
From: Gerd Hoffmann @ 2022-01-27 13:48 UTC (permalink / raw)
  To: Min Xu
  Cc: devel, Michael D Kinney, Brijesh Singh, Erdem Aktas,
	James Bottomley, Jiewen Yao, Tom Lendacky

  Hi,

> +  EFI_HOB_GUID_TYPE      *GuidHob;
> +  EFI_HOB_PLATFORM_INFO  *PlatformInfo = NULL;

>    // Query Host Bridge DID to determine platform type
> +  // Tdx guest stores the HostBridgePciDevId in a GuidHob.
> +  // So we first check if this HOB exists

Hmm, wouldn't it be better to create and use the PlatformInfo for both
PEI-based and PEI-less boot?

> -  HostBridgeDevId = PcdGet16 (PcdOvmfHostBridgePciDevId);
> +  GuidHob = GetFirstGuidHob (&gUefiOvmfPkgTdxPlatformGuid);
> +  if (GuidHob != NULL) {
> +    PlatformInfo    = (EFI_HOB_PLATFORM_INFO *)GET_GUID_HOB_DATA (GuidHob);
> +    HostBridgeDevId = PlatformInfo->HostBridgePciDevId;
> +  } else {
> +    HostBridgeDevId = PcdGet16 (PcdOvmfHostBridgePciDevId);
> +  }

We would not need that kind of checks in the first place then.

take care,
  Gerd


^ permalink raw reply	[flat|nested] 35+ messages in thread

* Re: [PATCH V2 03/10] OvmfPkg: Add TdxWorkArea definition
  2022-01-27 13:25   ` Gerd Hoffmann
@ 2022-01-28  8:01     ` Min Xu
  2022-01-28 10:21       ` [edk2-devel] " Gerd Hoffmann
  0 siblings, 1 reply; 35+ messages in thread
From: Min Xu @ 2022-01-28  8:01 UTC (permalink / raw)
  To: Gerd Hoffmann
  Cc: devel@edk2.groups.io, Kinney, Michael D, Brijesh Singh,
	Aktas, Erdem, James Bottomley, Yao, Jiewen, Tom Lendacky

On January 27, 2022 9:26 PM, Gerd Hoffmann wrote:
> > +//
> > +// The TDX work area definition
> > +//
> > +typedef struct _SEC_TDX_WORK_AREA {
> > +  UINT32    PageTableReady;
> > +  UINT32    Gpaw;
> > +  UINT64    HobList;
> > +} SEC_TDX_WORK_AREA;
> > +
> > +typedef struct _TDX_WORK_AREA {
> > +  CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER    Header;
> > +  SEC_TDX_WORK_AREA                          SecTdxWorkArea;
> > +} TDX_WORK_AREA;
> > +
> >  typedef union {
> >    CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER    Header;
> >    SEV_WORK_AREA                              SevWorkArea;
> > +  TDX_WORK_AREA                              TdxWorkArea;
> >  } OVMF_WORK_AREA;
> 
> Now you have the CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER
> twice ...
OVMF_WORK_AREA is an union. TDX_WORK_AREA is a struct. So there is one CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER.

Thanks
Min


^ permalink raw reply	[flat|nested] 35+ messages in thread

* Re: [PATCH V2 02/10] UefiCpuPkg: Add PcdTdxWorkAreaBase
  2022-01-27 13:24   ` Gerd Hoffmann
@ 2022-01-28  8:02     ` Min Xu
  2022-01-28 10:20       ` Gerd Hoffmann
  0 siblings, 1 reply; 35+ messages in thread
From: Min Xu @ 2022-01-28  8:02 UTC (permalink / raw)
  To: Gerd Hoffmann
  Cc: devel@edk2.groups.io, Ard Biesheuvel, Justen, Jordan L,
	Brijesh Singh, Aktas, Erdem, James Bottomley, Yao, Jiewen,
	Tom Lendacky, Ni, Ray

On January 27, 2022 9:24 PM, Gerd Hoffmann wrote:
> On Tue, Jan 25, 2022 at 02:33:10PM +0800, Min Xu wrote:
> > RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429
> >
> > Add PcdTdxWorkAreaBase to indicate the area of memory where the TDX
> > work area block lives.
> 
> Why have both PcdSevEsWorkAreaBase and PcdTdxWorkAreaBase when we
> have a shared work area?
PcdTdxWorkAreaBase mimics PcdSevEsWorkAreaBase. Yes, TdxWorkAreaBase is same as SevEsWorkAreaBase. But the name of TdxWorkAreaBase is more meaningful in the Tdx related code.
For example:
  TDX_WORK_AREA  *TdxWorkArea;
  TdxWorkArea = (TDX_WORK_AREA *)(UINTN)FixedPcdGet32 (PcdTdxWorkAreaBase);
  ASSERT (TdxWorkArea != NULL);
  ASSERT (TdxWorkArea->SecTdxWorkArea.HobList != 0);
  return (VOID *)(UINTN)TdxWorkArea->SecTdxWorkArea.HobList;

Thanks
Min

^ permalink raw reply	[flat|nested] 35+ messages in thread

* Re: [PATCH V2 02/10] UefiCpuPkg: Add PcdTdxWorkAreaBase
  2022-01-28  8:02     ` Min Xu
@ 2022-01-28 10:20       ` Gerd Hoffmann
  2022-02-14  1:51         ` Min Xu
  0 siblings, 1 reply; 35+ messages in thread
From: Gerd Hoffmann @ 2022-01-28 10:20 UTC (permalink / raw)
  To: Xu, Min M
  Cc: devel@edk2.groups.io, Ard Biesheuvel, Justen, Jordan L,
	Brijesh Singh, Aktas, Erdem, James Bottomley, Yao, Jiewen,
	Tom Lendacky, Ni, Ray

On Fri, Jan 28, 2022 at 08:02:23AM +0000, Xu, Min M wrote:
> On January 27, 2022 9:24 PM, Gerd Hoffmann wrote:
> > On Tue, Jan 25, 2022 at 02:33:10PM +0800, Min Xu wrote:
> > > RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429
> > >
> > > Add PcdTdxWorkAreaBase to indicate the area of memory where the TDX
> > > work area block lives.
> > 
> > Why have both PcdSevEsWorkAreaBase and PcdTdxWorkAreaBase when we
> > have a shared work area?
> PcdTdxWorkAreaBase mimics PcdSevEsWorkAreaBase. Yes, TdxWorkAreaBase is same as SevEsWorkAreaBase. But the name of TdxWorkAreaBase is more meaningful in the Tdx related code.

Yes, using PcdSevEsWorkAreaBase in TDX code would look somewhat odd, but
we can rename the PCD to have 'CC' in the name like we already did for
other bits shared between sev and tdx.

take care,
  Gerd


^ permalink raw reply	[flat|nested] 35+ messages in thread

* Re: [edk2-devel] [PATCH V2 03/10] OvmfPkg: Add TdxWorkArea definition
  2022-01-28  8:01     ` Min Xu
@ 2022-01-28 10:21       ` Gerd Hoffmann
  0 siblings, 0 replies; 35+ messages in thread
From: Gerd Hoffmann @ 2022-01-28 10:21 UTC (permalink / raw)
  To: devel, min.m.xu
  Cc: Kinney, Michael D, Brijesh Singh, Aktas, Erdem, James Bottomley,
	Yao, Jiewen, Tom Lendacky

  Hi,

> > > +typedef struct _TDX_WORK_AREA {
> > > +  CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER    Header;
> > > +  SEC_TDX_WORK_AREA                          SecTdxWorkArea;
> > > +} TDX_WORK_AREA;
> > > +
> > >  typedef union {
> > >    CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER    Header;
> > >    SEV_WORK_AREA                              SevWorkArea;
> > > +  TDX_WORK_AREA                              TdxWorkArea;
> > >  } OVMF_WORK_AREA;
> > 
> > Now you have the CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER
> > twice ...
> OVMF_WORK_AREA is an union. TDX_WORK_AREA is a struct. So there is one CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER.

Ah, right.  Scratch the comment then.

Acked-by: Gerd Hoffmann <kraxel@redhat.com>

take care,
  Gerd


^ permalink raw reply	[flat|nested] 35+ messages in thread

* Re: [PATCH V2 09/10] OvmfPkg: Update DxeAcpiTimerLib to read HostBridgeDevId in PlatformInfoHob
  2022-01-27 13:48   ` Gerd Hoffmann
@ 2022-02-08  8:20     ` Min Xu
  2022-02-14 10:03       ` Gerd Hoffmann
  0 siblings, 1 reply; 35+ messages in thread
From: Min Xu @ 2022-02-08  8:20 UTC (permalink / raw)
  To: Gerd Hoffmann
  Cc: devel@edk2.groups.io, Kinney, Michael D, Brijesh Singh,
	Aktas, Erdem, James Bottomley, Yao, Jiewen, Tom Lendacky

On January 27, 2022 9:49 PM, Gerd Hoffmann wrote:
> > +  EFI_HOB_GUID_TYPE      *GuidHob;
> > +  EFI_HOB_PLATFORM_INFO  *PlatformInfo = NULL;
> 
> >    // Query Host Bridge DID to determine platform type
> > +  // Tdx guest stores the HostBridgePciDevId in a GuidHob.
> > +  // So we first check if this HOB exists
> 
> Hmm, wouldn't it be better to create and use the PlatformInfo for both PEI-
> based and PEI-less boot?
> 
> > -  HostBridgeDevId = PcdGet16 (PcdOvmfHostBridgePciDevId);
> > +  GuidHob = GetFirstGuidHob (&gUefiOvmfPkgTdxPlatformGuid);  if
> > + (GuidHob != NULL) {
> > +    PlatformInfo    = (EFI_HOB_PLATFORM_INFO *)GET_GUID_HOB_DATA
> (GuidHob);
> > +    HostBridgeDevId = PlatformInfo->HostBridgePciDevId;  } else {
> > +    HostBridgeDevId = PcdGet16 (PcdOvmfHostBridgePciDevId);  }
> 
> We would not need that kind of checks in the first place then.
> 
As we agreed at the first stage, only OvmfPkg/PlatformPei will be refactored with PlatformInitLib. 
OvmfPkg/Bhyve/PlatformPei and OvmfPkg/XenPlatformPei will be refactored in the future. HostBridgeDevId is set to PcdOvmfHostBridgePciDevId in these 2 platforms.
So we have to check both EFI_HOB_PLATFORM_INFO and PcdOvmfHostBridgePciDevId.

Thanks
Min

^ permalink raw reply	[flat|nested] 35+ messages in thread

* Re: [PATCH V2 07/10] OvmfPkg/IntelTdx: Add Sec to bring up both Legacy and Tdx guest
  2022-01-27 13:42   ` Gerd Hoffmann
@ 2022-02-08  8:43     ` Min Xu
  0 siblings, 0 replies; 35+ messages in thread
From: Min Xu @ 2022-02-08  8:43 UTC (permalink / raw)
  To: Gerd Hoffmann
  Cc: devel@edk2.groups.io, Kinney, Michael D, Brijesh Singh,
	Aktas, Erdem, James Bottomley, Yao, Jiewen, Tom Lendacky

On January 27, 2022 9:42 PM, Gerd Hoffmann wrote:
> On Tue, Jan 25, 2022 at 02:33:15PM +0800, Min Xu wrote:
> > RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429
> >
> > OvmfPkg/IntelTdx/Sec is a simplied version of OvmfPkg/Sec. There are
> > below differences between these 2 Sec
> >  - IntelTdx/Sec only supports Legacy guest and Tdx guest.
> >  - IntelTdx/Sec calls TdxStartup () to jump from SEC to DXE directly.
> >  - IntelTdx/Sec only supports X64.
> >  - IntelTdx/Sec uses MemoryAllocationLib / HobLib / PrePiLib in
> >    EmbeddedPkg.
> 
> Quite some code duplication here ...
> 
> > +BspAcceptMemoryResourceRange (
> 
> > +ValidateHobList (
> 
> ... and possibly more.
> 
> I think these functions should move to the new PlatformInitLib too.
Ok. These functions will be moved to PlatformInitLib in the new version.

Thanks
Min

^ permalink raw reply	[flat|nested] 35+ messages in thread

* Re: [PATCH V2 02/10] UefiCpuPkg: Add PcdTdxWorkAreaBase
  2022-01-28 10:20       ` Gerd Hoffmann
@ 2022-02-14  1:51         ` Min Xu
  2022-02-14  9:58           ` Gerd Hoffmann
  0 siblings, 1 reply; 35+ messages in thread
From: Min Xu @ 2022-02-14  1:51 UTC (permalink / raw)
  To: Gerd Hoffmann, Brijesh Singh
  Cc: devel@edk2.groups.io, Ard Biesheuvel, Justen, Jordan L,
	Aktas, Erdem, James Bottomley, Yao, Jiewen, Tom Lendacky, Ni, Ray

Hi
> > > > Add PcdTdxWorkAreaBase to indicate the area of memory where the
> > > > TDX work area block lives.
> > >
> > > Why have both PcdSevEsWorkAreaBase and PcdTdxWorkAreaBase when
> we
> > > have a shared work area?
> > PcdTdxWorkAreaBase mimics PcdSevEsWorkAreaBase. Yes,
> TdxWorkAreaBase is same as SevEsWorkAreaBase. But the name of
> TdxWorkAreaBase is more meaningful in the Tdx related code.
> 
> Yes, using PcdSevEsWorkAreaBase in TDX code would look somewhat odd,
> but we can rename the PCD to have 'CC' in the name like we already did for
> other bits shared between sev and tdx.
> 
Agree that can we rename the PcdSevEsWorkAreaBase to PcdCcWorkAreaBase. 
Brijesh Singh is the owner of PcdSevEsWorkAreaBase.
Brijesh, what's your thought about it?

I check the files which need be updated from PcdSevEsWorkAreaBase to PcdCcWorkAreaBase

$ grep -rn --exclude-dir=Build PcdSevEsWorkAreaBase - UefiCpuPkg/Library/MpInitLib/AmdSev.c
- UefiCpuPkg/Library/MpInitLib/MpLib.c
- UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
- UefiCpuPkg/UefiCpuPkg.dec
- UefiCpuPkg/UefiCpuPkg.uni
- OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c
- OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
- OvmfPkg/Sec/AmdSev.c
- OvmfPkg/Sec/SecMain.inf
- OvmfPkg/CloudHv/CloudHvX64.fdf
- OvmfPkg/OvmfPkgX64.fdf
- OvmfPkg/Microvm/MicrovmX64.fdf
- OvmfPkg/ResetVector/ResetVector.inf
- OvmfPkg/ResetVector/ResetVector.nasmb
- OvmfPkg/AmdSev/AmdSevX64.fdf

I would suggest Renaming PcdSevEsWorkAreaBase to PcdCcWorkAreaBase be in a separate patch-set. 
Gerd, What's your thought?

Thanks
Min

^ permalink raw reply	[flat|nested] 35+ messages in thread

* Re: [PATCH V2 05/10] OvmfPkg: Update EFI_HOB_PLATFORM_INFO with more platform settings
  2022-01-27 13:32   ` Gerd Hoffmann
@ 2022-02-14  2:34     ` Min Xu
  2022-02-14 10:00       ` Gerd Hoffmann
  0 siblings, 1 reply; 35+ messages in thread
From: Min Xu @ 2022-02-14  2:34 UTC (permalink / raw)
  To: Gerd Hoffmann
  Cc: devel@edk2.groups.io, Kinney, Michael D, Brijesh Singh,
	Aktas, Erdem, James Bottomley, Yao, Jiewen, Tom Lendacky

Hi
> > --- a/OvmfPkg/Include/IndustryStandard/IntelTdx.h
> > +++ b/OvmfPkg/Include/IndustryStandard/IntelTdx.h
> 
> With this being more widely used it doesn't make sense to have it in
> IntelTdx.h ...
> 
I am thinking EFI_HOB_PLATFORM_INFO can be declared at OvmfPkg/Include/Library/PlatformInitLib.h or we can create a new file (OvmfPkg/Include/IndustryStandard/Platform.h) to have it.
What's your thought?

Thanks
Min


^ permalink raw reply	[flat|nested] 35+ messages in thread

* Re: [PATCH V2 02/10] UefiCpuPkg: Add PcdTdxWorkAreaBase
  2022-02-14  1:51         ` Min Xu
@ 2022-02-14  9:58           ` Gerd Hoffmann
  0 siblings, 0 replies; 35+ messages in thread
From: Gerd Hoffmann @ 2022-02-14  9:58 UTC (permalink / raw)
  To: Xu, Min M
  Cc: Brijesh Singh, devel@edk2.groups.io, Ard Biesheuvel,
	Justen, Jordan L, Aktas, Erdem, James Bottomley, Yao, Jiewen,
	Tom Lendacky, Ni, Ray

  Hi,

> $ grep -rn --exclude-dir=Build PcdSevEsWorkAreaBase - UefiCpuPkg/Library/MpInitLib/AmdSev.c

There is 'git grep' btw.

> I would suggest Renaming PcdSevEsWorkAreaBase to PcdCcWorkAreaBase be in a separate patch-set. 
> Gerd, What's your thought?

Fine with me.

I'd suggest to (temporately) use PcdSevEsWorkAreaBase in tdx code then,
possibly with a comment explaining the situation and plans, so we avoid
the churn and confusion of adding and removing PcdTdxWorkAreaBase.

take care,
  Gerd


^ permalink raw reply	[flat|nested] 35+ messages in thread

* Re: [PATCH V2 05/10] OvmfPkg: Update EFI_HOB_PLATFORM_INFO with more platform settings
  2022-02-14  2:34     ` Min Xu
@ 2022-02-14 10:00       ` Gerd Hoffmann
  0 siblings, 0 replies; 35+ messages in thread
From: Gerd Hoffmann @ 2022-02-14 10:00 UTC (permalink / raw)
  To: Xu, Min M
  Cc: devel@edk2.groups.io, Kinney, Michael D, Brijesh Singh,
	Aktas, Erdem, James Bottomley, Yao, Jiewen, Tom Lendacky

On Mon, Feb 14, 2022 at 02:34:30AM +0000, Xu, Min M wrote:
> Hi
> > > --- a/OvmfPkg/Include/IndustryStandard/IntelTdx.h
> > > +++ b/OvmfPkg/Include/IndustryStandard/IntelTdx.h
> > 
> > With this being more widely used it doesn't make sense to have it in
> > IntelTdx.h ...
> > 
> I am thinking EFI_HOB_PLATFORM_INFO can be declared at OvmfPkg/Include/Library/PlatformInitLib.h or we can create a new file (OvmfPkg/Include/IndustryStandard/Platform.h) to have it.

Using PlatformInitLib.h looks good to me.

take care,
  Gerd


^ permalink raw reply	[flat|nested] 35+ messages in thread

* Re: [PATCH V2 09/10] OvmfPkg: Update DxeAcpiTimerLib to read HostBridgeDevId in PlatformInfoHob
  2022-02-08  8:20     ` Min Xu
@ 2022-02-14 10:03       ` Gerd Hoffmann
  2022-02-14 13:09         ` Min Xu
  0 siblings, 1 reply; 35+ messages in thread
From: Gerd Hoffmann @ 2022-02-14 10:03 UTC (permalink / raw)
  To: Xu, Min M
  Cc: devel@edk2.groups.io, Kinney, Michael D, Brijesh Singh,
	Aktas, Erdem, James Bottomley, Yao, Jiewen, Tom Lendacky

On Tue, Feb 08, 2022 at 08:20:20AM +0000, Xu, Min M wrote:
> On January 27, 2022 9:49 PM, Gerd Hoffmann wrote:
> > > +  EFI_HOB_GUID_TYPE      *GuidHob;
> > > +  EFI_HOB_PLATFORM_INFO  *PlatformInfo = NULL;
> > 
> > >    // Query Host Bridge DID to determine platform type
> > > +  // Tdx guest stores the HostBridgePciDevId in a GuidHob.
> > > +  // So we first check if this HOB exists
> > 
> > Hmm, wouldn't it be better to create and use the PlatformInfo for both PEI-
> > based and PEI-less boot?
> > 
> > > -  HostBridgeDevId = PcdGet16 (PcdOvmfHostBridgePciDevId);
> > > +  GuidHob = GetFirstGuidHob (&gUefiOvmfPkgTdxPlatformGuid);  if
> > > + (GuidHob != NULL) {
> > > +    PlatformInfo    = (EFI_HOB_PLATFORM_INFO *)GET_GUID_HOB_DATA
> > (GuidHob);
> > > +    HostBridgeDevId = PlatformInfo->HostBridgePciDevId;  } else {
> > > +    HostBridgeDevId = PcdGet16 (PcdOvmfHostBridgePciDevId);  }
> > 
> > We would not need that kind of checks in the first place then.
> > 
> As we agreed at the first stage, only OvmfPkg/PlatformPei will be refactored with PlatformInitLib. 
> OvmfPkg/Bhyve/PlatformPei and OvmfPkg/XenPlatformPei will be refactored in the future. HostBridgeDevId is set to PcdOvmfHostBridgePciDevId in these 2 platforms.
> So we have to check both EFI_HOB_PLATFORM_INFO and PcdOvmfHostBridgePciDevId.

Ok.  Can you add a comment explaining this?

thanks,
  Gerd


^ permalink raw reply	[flat|nested] 35+ messages in thread

* Re: [PATCH V2 09/10] OvmfPkg: Update DxeAcpiTimerLib to read HostBridgeDevId in PlatformInfoHob
  2022-02-14 10:03       ` Gerd Hoffmann
@ 2022-02-14 13:09         ` Min Xu
  0 siblings, 0 replies; 35+ messages in thread
From: Min Xu @ 2022-02-14 13:09 UTC (permalink / raw)
  To: Gerd Hoffmann
  Cc: devel@edk2.groups.io, Kinney, Michael D, Brijesh Singh,
	Aktas, Erdem, James Bottomley, Yao, Jiewen, Tom Lendacky

On February 14, 2022 6:03 PM, Gerd Hoffmann wrote:
> On Tue, Feb 08, 2022 at 08:20:20AM +0000, Xu, Min M wrote:
> > On January 27, 2022 9:49 PM, Gerd Hoffmann wrote:
> > > > +  EFI_HOB_GUID_TYPE      *GuidHob;
> > > > +  EFI_HOB_PLATFORM_INFO  *PlatformInfo = NULL;
> > >
> > > >    // Query Host Bridge DID to determine platform type
> > > > +  // Tdx guest stores the HostBridgePciDevId in a GuidHob.
> > > > +  // So we first check if this HOB exists
> > >
> > > Hmm, wouldn't it be better to create and use the PlatformInfo for
> > > both PEI- based and PEI-less boot?
> > >
> > > > -  HostBridgeDevId = PcdGet16 (PcdOvmfHostBridgePciDevId);
> > > > +  GuidHob = GetFirstGuidHob (&gUefiOvmfPkgTdxPlatformGuid);  if
> > > > + (GuidHob != NULL) {
> > > > +    PlatformInfo    = (EFI_HOB_PLATFORM_INFO
> *)GET_GUID_HOB_DATA
> > > (GuidHob);
> > > > +    HostBridgeDevId = PlatformInfo->HostBridgePciDevId;  } else {
> > > > +    HostBridgeDevId = PcdGet16 (PcdOvmfHostBridgePciDevId);  }
> > >
> > > We would not need that kind of checks in the first place then.
> > >
> > As we agreed at the first stage, only OvmfPkg/PlatformPei will be refactored
> with PlatformInitLib.
> > OvmfPkg/Bhyve/PlatformPei and OvmfPkg/XenPlatformPei will be refactored
> in the future. HostBridgeDevId is set to PcdOvmfHostBridgePciDevId in these 2
> platforms.
> > So we have to check both EFI_HOB_PLATFORM_INFO and
> PcdOvmfHostBridgePciDevId.
> 
> Ok.  Can you add a comment explaining this?
Sure. I will add the comment to explain it.

Thanks
Min

^ permalink raw reply	[flat|nested] 35+ messages in thread

end of thread, other threads:[~2022-02-14 13:09 UTC | newest]

Thread overview: 35+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-01-25  6:33 [PATCH V2 00/10] Introduce TDVF Config-B (basic) in OvmfPkg Min Xu
2022-01-25  6:33 ` [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch Min Xu
2022-01-25 15:09   ` [edk2-devel] " Abner Chang
2022-01-27  0:43     ` Abner Chang
2022-01-27  0:58       ` Min Xu
2022-01-27  1:55         ` Abner Chang
2022-01-27  2:39           ` Min Xu
2022-01-27  3:01             ` Abner Chang
2022-01-27  3:38               ` Min Xu
2022-01-25  6:33 ` [PATCH V2 02/10] UefiCpuPkg: Add PcdTdxWorkAreaBase Min Xu
2022-01-27 13:24   ` Gerd Hoffmann
2022-01-28  8:02     ` Min Xu
2022-01-28 10:20       ` Gerd Hoffmann
2022-02-14  1:51         ` Min Xu
2022-02-14  9:58           ` Gerd Hoffmann
2022-01-25  6:33 ` [PATCH V2 03/10] OvmfPkg: Add TdxWorkArea definition Min Xu
2022-01-27 13:25   ` Gerd Hoffmann
2022-01-28  8:01     ` Min Xu
2022-01-28 10:21       ` [edk2-devel] " Gerd Hoffmann
2022-01-25  6:33 ` [PATCH V2 04/10] OvmfPkg: Add PrePiHobListPointerLibTdx Min Xu
2022-01-25  6:33 ` [PATCH V2 05/10] OvmfPkg: Update EFI_HOB_PLATFORM_INFO with more platform settings Min Xu
2022-01-27 13:32   ` Gerd Hoffmann
2022-02-14  2:34     ` Min Xu
2022-02-14 10:00       ` Gerd Hoffmann
2022-01-25  6:33 ` [PATCH V2 06/10] OvmfPkg: Add TdxStartupLib Min Xu
2022-01-25  6:33 ` [PATCH V2 07/10] OvmfPkg/IntelTdx: Add Sec to bring up both Legacy and Tdx guest Min Xu
2022-01-27 13:42   ` Gerd Hoffmann
2022-02-08  8:43     ` Min Xu
2022-01-25  6:33 ` [PATCH V2 08/10] OvmfPkg: Update TdxDxe to set TDX PCDs Min Xu
2022-01-25  6:33 ` [PATCH V2 09/10] OvmfPkg: Update DxeAcpiTimerLib to read HostBridgeDevId in PlatformInfoHob Min Xu
2022-01-27 13:48   ` Gerd Hoffmann
2022-02-08  8:20     ` Min Xu
2022-02-14 10:03       ` Gerd Hoffmann
2022-02-14 13:09         ` Min Xu
2022-01-25  6:33 ` [PATCH V2 10/10] OvmfPkg: Introduce IntelTdxX64 for TDVF Config-B Min Xu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox