[PATCH 0/3] OvmfPkg: Make IntelTdx work with Cloud Hypervisor

[PATCH 0/3] OvmfPkg: Make IntelTdx work with Cloud Hypervisor

[Boeuf, Sebastien]

From: Sebastien Boeuf <sebastien.boeuf@intel.com>

The IntelTdxX64 OVMF target wasn't working with Cloud Hypervisor on TDX
platform. This was due to the way the OVMF code expects Cloud Hypervisor
to rely on PVH to retrieve information like memory below 4GiB as well as
the ACPI tables.

This is why this series takes care of identifying when running on TDX in
order to handle things differently. For the memory below 4GiB, it falls
back onto the CMOS to retrieve the correct information, and for the ACPI
tables, it relies on the HOB to obtain every table individually before
to expose them to the guest OS.

With these two use cases properly handled by this series, it is now
possible to use the IntelTdxX64 target to build an OVMF binary that
works both for QEMU and Cloud Hypervisor on a TDX platform.

Sebastien Boeuf (3):
  OvmfPkg/PlatformInitLib: Differentiate TDX case for Cloud Hypervisor
  OvmfPkg/PlatformInitLib: Transfer GUID Extension HOB
  OvmfPkg/AcpiPlatformDxe: Differentiate TDX case for Cloud Hypervisor

 OvmfPkg/AcpiPlatformDxe/AcpiPlatform.c      |  8 +-
 OvmfPkg/AcpiPlatformDxe/AcpiPlatform.h      |  6 ++
 OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf |  2 +
 OvmfPkg/AcpiPlatformDxe/CloudHvAcpi.c       | 87 +++++++++++++++++++++
 OvmfPkg/Library/PlatformInitLib/IntelTdx.c  |  5 ++
 OvmfPkg/Library/PlatformInitLib/MemDetect.c |  4 +-
 OvmfPkg/OvmfPkg.dec                         |  1 +
 7 files changed, 111 insertions(+), 2 deletions(-)

-- 
2.34.1

---------------------------------------------------------------------
Intel Corporation SAS (French simplified joint stock company)
Registered headquarters: "Les Montalets"- 2, rue de Paris, 
92196 Meudon Cedex, France
Registration Number:  302 456 199 R.C.S. NANTERRE
Capital: 5 208 026.16 Euros

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.

[PATCH 1/3] OvmfPkg/PlatformInitLib: Differentiate TDX case for Cloud Hypervisor

[Boeuf, Sebastien]

From: Sebastien Boeuf <sebastien.boeuf@intel.com>

Rely on the CcProbe() function to identify when running on TDX. This
allows the firmware to follow a different codepath for Cloud Hypervisor,
which means it doesn't rely on PVH to find out about memory below 4GiB.
instead it falls back onto the CMOS to retrieve that information.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
---
 OvmfPkg/Library/PlatformInitLib/MemDetect.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/Library/PlatformInitLib/MemDetect.c b/OvmfPkg/Library/PlatformInitLib/MemDetect.c
index b8feae4309..afee4b1e72 100644
--- a/OvmfPkg/Library/PlatformInitLib/MemDetect.c
+++ b/OvmfPkg/Library/PlatformInitLib/MemDetect.c
@@ -26,6 +26,7 @@ Module Name:
 //
 #include <Library/BaseLib.h>
 #include <Library/BaseMemoryLib.h>
+#include <Library/CcProbeLib.h>
 #include <Library/DebugLib.h>
 #include <Library/HardwareInfoLib.h>
 #include <Library/HobLib.h>
@@ -312,7 +313,8 @@ PlatformGetSystemMemorySizeBelow4gb (
   UINT8       Cmos0x34;
   UINT8       Cmos0x35;
 
-  if (PlatformInfoHob->HostBridgeDevId == CLOUDHV_DEVICE_ID) {
+  if (PlatformInfoHob->HostBridgeDevId == CLOUDHV_DEVICE_ID &&
+      CcProbe () != CcGuestTypeIntelTdx) {
     // Get the information from PVH memmap
     return (UINT32)GetHighestSystemMemoryAddressFromPvhMemmap (TRUE);
   }
-- 
2.34.1

---------------------------------------------------------------------
Intel Corporation SAS (French simplified joint stock company)
Registered headquarters: "Les Montalets"- 2, rue de Paris, 
92196 Meudon Cedex, France
Registration Number:  302 456 199 R.C.S. NANTERRE
Capital: 5 208 026.16 Euros

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.

Re: [PATCH 1/3] OvmfPkg/PlatformInitLib: Differentiate TDX case for Cloud Hypervisor

[Min Xu]

On December 12, 2022 5:04 PM, Boeuf, Sebastien wrote:
> Subject: [PATCH 1/3] OvmfPkg/PlatformInitLib: Differentiate TDX case for
> Cloud Hypervisor
> 
> From: Sebastien Boeuf <sebastien.boeuf@intel.com>
> 
> Rely on the CcProbe() function to identify when running on TDX. This allows
> the firmware to follow a different codepath for Cloud Hypervisor, which
> means it doesn't rely on PVH to find out about memory below 4GiB.
> instead it falls back onto the CMOS to retrieve that information.
> 
> Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
> ---
>  OvmfPkg/Library/PlatformInitLib/MemDetect.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/OvmfPkg/Library/PlatformInitLib/MemDetect.c
> b/OvmfPkg/Library/PlatformInitLib/MemDetect.c
> index b8feae4309..afee4b1e72 100644
> --- a/OvmfPkg/Library/PlatformInitLib/MemDetect.c
> +++ b/OvmfPkg/Library/PlatformInitLib/MemDetect.c
> @@ -26,6 +26,7 @@ Module Name:
>  // #include <Library/BaseLib.h> #include
> <Library/BaseMemoryLib.h>+#include <Library/CcProbeLib.h> #include
> <Library/DebugLib.h> #include <Library/HardwareInfoLib.h> #include
> <Library/HobLib.h>@@ -312,7 +313,8 @@
> PlatformGetSystemMemorySizeBelow4gb (
>    UINT8       Cmos0x34;   UINT8       Cmos0x35; -  if (PlatformInfoHob-
> >HostBridgeDevId == CLOUDHV_DEVICE_ID) {+  if (PlatformInfoHob-
> >HostBridgeDevId == CLOUDHV_DEVICE_ID &&+      CcProbe () !=
> CcGuestTypeIntelTdx) {     // Get the information from PVH memmap
> return (UINT32)GetHighestSystemMemoryAddressFromPvhMemmap
> (TRUE);   }--
> 2.34.1

Reviewed-by: Min Xu <min.m.xu@intel.com>

[PATCH 2/3] OvmfPkg/PlatformInitLib: Transfer GUID Extension HOB

[Boeuf, Sebastien]

From: Sebastien Boeuf <sebastien.boeuf@intel.com>

This is required for passing the ACPI tables from the VMM up to the
guest OS. They are transferred through this GUID extension.

Signed-off-by: Jiaqi Gao <jiaqi.gao@intel.com>
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
---
 OvmfPkg/Library/PlatformInitLib/IntelTdx.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/OvmfPkg/Library/PlatformInitLib/IntelTdx.c b/OvmfPkg/Library/PlatformInitLib/IntelTdx.c
index acd114e38e..468855a968 100644
--- a/OvmfPkg/Library/PlatformInitLib/IntelTdx.c
+++ b/OvmfPkg/Library/PlatformInitLib/IntelTdx.c
@@ -547,6 +547,7 @@ TransferTdxHobList (
   EFI_PEI_HOB_POINTERS         Hob;
   EFI_RESOURCE_TYPE            ResourceType;
   EFI_RESOURCE_ATTRIBUTE_TYPE  ResourceAttribute;
+  VOID                         *GuidedData;
 
   //
   // PcdOvmfSecGhcbBase is used as the TD_HOB in Tdx guest.
@@ -577,6 +578,10 @@ TransferTdxHobList (
           Hob.MemoryAllocation->AllocDescriptor.MemoryType
           );
         break;
+      case EFI_HOB_TYPE_GUID_EXTENSION:
+        GuidedData = (VOID *) (&Hob.Guid->Name + 1);
+        BuildGuidDataHob (&Hob.Guid->Name, GuidedData, Hob.Guid->Header.HobLength - sizeof(EFI_HOB_GUID_TYPE));
+        break;
     }
 
     Hob.Raw = GET_NEXT_HOB (Hob);
-- 
2.34.1

---------------------------------------------------------------------
Intel Corporation SAS (French simplified joint stock company)
Registered headquarters: "Les Montalets"- 2, rue de Paris, 
92196 Meudon Cedex, France
Registration Number:  302 456 199 R.C.S. NANTERRE
Capital: 5 208 026.16 Euros

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.

Re: [PATCH 2/3] OvmfPkg/PlatformInitLib: Transfer GUID Extension HOB

[Min Xu]

On December 12, 2022 5:04 PM, Boeuf, Sebastien wrote:
> Subject: [PATCH 2/3] OvmfPkg/PlatformInitLib: Transfer GUID Extension HOB
> 
> From: Sebastien Boeuf <sebastien.boeuf@intel.com>
> 
> This is required for passing the ACPI tables from the VMM up to the guest OS.
> They are transferred through this GUID extension.
> 
> Signed-off-by: Jiaqi Gao <jiaqi.gao@intel.com>
> Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
> ---
>  OvmfPkg/Library/PlatformInitLib/IntelTdx.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/OvmfPkg/Library/PlatformInitLib/IntelTdx.c
> b/OvmfPkg/Library/PlatformInitLib/IntelTdx.c
> index acd114e38e..468855a968 100644
> --- a/OvmfPkg/Library/PlatformInitLib/IntelTdx.c
> +++ b/OvmfPkg/Library/PlatformInitLib/IntelTdx.c
> @@ -547,6 +547,7 @@ TransferTdxHobList (
>    EFI_PEI_HOB_POINTERS         Hob;   EFI_RESOURCE_TYPE
> ResourceType;   EFI_RESOURCE_ATTRIBUTE_TYPE  ResourceAttribute;+
> VOID                         *GuidedData;    //   // PcdOvmfSecGhcbBase is used as the
> TD_HOB in Tdx guest.@@ -577,6 +578,10 @@ TransferTdxHobList (
>            Hob.MemoryAllocation->AllocDescriptor.MemoryType           );
> break;+      case EFI_HOB_TYPE_GUID_EXTENSION:+        GuidedData = (VOID
> *) (&Hob.Guid->Name + 1);+        BuildGuidDataHob (&Hob.Guid->Name,
> GuidedData, Hob.Guid->Header.HobLength - sizeof(EFI_HOB_GUID_TYPE));+
> break;     }      Hob.Raw = GET_NEXT_HOB (Hob);--
> 2.34.1

Reviewed-by: Min Xu <min.m.xu@intel.com>

[PATCH 3/3] OvmfPkg/AcpiPlatformDxe: Differentiate TDX case for Cloud Hypervisor

[Boeuf, Sebastien]

From: Sebastien Boeuf <sebastien.boeuf@intel.com>

Rely on CcProbe() to identify when running on TDX so that ACPI tables
can be retrieved differently for Cloud Hypervisor. Instead of relying on
the PVH structure to find the RSDP pointer, the tables are individually
passed through the HOB.

Signed-off-by: Jiaqi Gao <jiaqi.gao@intel.com>
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
---
 OvmfPkg/AcpiPlatformDxe/AcpiPlatform.c      |  8 +-
 OvmfPkg/AcpiPlatformDxe/AcpiPlatform.h      |  6 ++
 OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf |  2 +
 OvmfPkg/AcpiPlatformDxe/CloudHvAcpi.c       | 87 +++++++++++++++++++++
 OvmfPkg/OvmfPkg.dec                         |  1 +
 5 files changed, 103 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/AcpiPlatformDxe/AcpiPlatform.c b/OvmfPkg/AcpiPlatformDxe/AcpiPlatform.c
index fcfb9703bd..0cc3d958be 100644
--- a/OvmfPkg/AcpiPlatformDxe/AcpiPlatform.c
+++ b/OvmfPkg/AcpiPlatformDxe/AcpiPlatform.c
@@ -9,6 +9,8 @@
 
 #include <OvmfPlatforms.h> // CLOUDHV_DEVICE_ID
 
+#include <Library/CcProbeLib.h> // CcProbe(), CcGuestTypeIntelTdx
+
 #include "AcpiPlatform.h"
 
 /**
@@ -33,7 +35,11 @@ InstallAcpiTables (
 
   HostBridgeDevId = PcdGet16 (PcdOvmfHostBridgePciDevId);
   if (HostBridgeDevId == CLOUDHV_DEVICE_ID) {
-    Status = InstallCloudHvTables (AcpiTable);
+    if (CcProbe () == CcGuestTypeIntelTdx) {
+      Status = InstallCloudHvTablesTdx (AcpiTable);
+    } else {
+      Status = InstallCloudHvTables (AcpiTable);
+    }
   } else {
     Status = InstallQemuFwCfgTables (AcpiTable);
   }
diff --git a/OvmfPkg/AcpiPlatformDxe/AcpiPlatform.h b/OvmfPkg/AcpiPlatformDxe/AcpiPlatform.h
index 342339750d..3ec5098658 100644
--- a/OvmfPkg/AcpiPlatformDxe/AcpiPlatform.h
+++ b/OvmfPkg/AcpiPlatformDxe/AcpiPlatform.h
@@ -19,6 +19,12 @@ typedef struct {
 
 typedef struct S3_CONTEXT S3_CONTEXT;
 
+EFI_STATUS
+EFIAPI
+InstallCloudHvTablesTdx (
+  IN   EFI_ACPI_TABLE_PROTOCOL  *AcpiProtocol
+  );
+
 EFI_STATUS
 EFIAPI
 InstallCloudHvTables (
diff --git a/OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf b/OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
index 09daf30bcd..dd03eccd88 100644
--- a/OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
+++ b/OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
@@ -45,6 +45,7 @@
   QemuFwCfgS3Lib
   UefiBootServicesTableLib
   UefiDriverEntryPoint
+  HobLib
 
 [Protocols]
   gEfiAcpiTableProtocolGuid                     # PROTOCOL ALWAYS_CONSUMED
@@ -53,6 +54,7 @@
 
 [Guids]
   gRootBridgesConnectedEventGroupGuid
+  gUefiOvmfPkgTdxAcpiHobGuid
 
 [Pcd]
   gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration
diff --git a/OvmfPkg/AcpiPlatformDxe/CloudHvAcpi.c b/OvmfPkg/AcpiPlatformDxe/CloudHvAcpi.c
index ff59600d3e..cbe8bb9b0c 100644
--- a/OvmfPkg/AcpiPlatformDxe/CloudHvAcpi.c
+++ b/OvmfPkg/AcpiPlatformDxe/CloudHvAcpi.c
@@ -7,14 +7,101 @@
 
 **/
 
+#include <IndustryStandard/Acpi.h>                        // EFI_ACPI_DESCRIPTION_HEADER
 #include <IndustryStandard/CloudHv.h>                     // CLOUDHV_RSDP_ADDRESS
 #include <IndustryStandard/Xen/arch-x86/hvm/start_info.h> // hvm_start_info
 #include <Library/BaseLib.h>                              // CpuDeadLoop()
 #include <Library/DebugLib.h>                             // DEBUG()
 #include <Library/PcdLib.h>                               // PcdGet32()
+#include <Library/HobLib.h>                               // GetFirstGuidHob(), GetNextGuidHob()
+#include <Library/UefiBootServicesTableLib.h>             // gBS
+
+#include <Protocol/AcpiSystemDescriptionTable.h>
+#include <Protocol/AcpiTable.h>
+#include <Protocol/QemuAcpiTableNotify.h>                 // QEMU_ACPI_TABLE_NOTIFY_PROTOCOL
 
 #include "AcpiPlatform.h"
 
+EFI_HANDLE                       mChAcpiHandle = NULL;
+QEMU_ACPI_TABLE_NOTIFY_PROTOCOL  mChAcpiNotifyProtocol;
+
+EFI_STATUS
+EFIAPI
+InstallCloudHvTablesTdx (
+  IN   EFI_ACPI_TABLE_PROTOCOL  *AcpiProtocol
+  )
+{
+  EFI_STATUS  Status;
+  UINTN       TableHandle;
+
+  EFI_PEI_HOB_POINTERS         Hob;
+  EFI_ACPI_DESCRIPTION_HEADER  *CurrentTable;
+  EFI_ACPI_DESCRIPTION_HEADER  *DsdtTable;
+
+  DsdtTable   = NULL;
+  TableHandle = 0;
+
+  Hob.Guid = (EFI_HOB_GUID_TYPE *)GetFirstGuidHob (&gUefiOvmfPkgTdxAcpiHobGuid);
+
+  while (Hob.Guid != NULL) {
+    CurrentTable = (EFI_ACPI_DESCRIPTION_HEADER *)(&Hob.Guid->Name + 1);
+    if (!AsciiStrnCmp ((CHAR8 *)&CurrentTable->Signature, "DSDT", 4)) {
+      DsdtTable = CurrentTable;
+    } else {
+      //
+      // Install the tables
+      //
+      Status = AcpiProtocol->InstallAcpiTable (
+                               AcpiProtocol,
+                               CurrentTable,
+                               CurrentTable->Length,
+                               &TableHandle
+                               );
+      for (UINTN i = 0; i < CurrentTable->Length; i++) {
+        DEBUG ((DEBUG_INFO, " %x", *((UINT8 *)CurrentTable + i)));
+      }
+
+      DEBUG ((DEBUG_INFO, "\n"));
+    }
+
+    Hob.Raw  = GET_NEXT_HOB (Hob.Raw);
+    Hob.Guid = (EFI_HOB_GUID_TYPE *)GetNextGuidHob (&gUefiOvmfPkgTdxAcpiHobGuid, Hob.Raw);
+  }
+
+  //
+  // Install DSDT table. If we reached this point without finding the DSDT,
+  // then we're out of sync with the hypervisor, and cannot continue.
+  //
+  if (DsdtTable == NULL) {
+    DEBUG ((DEBUG_INFO, "%a: no DSDT found\n", __FUNCTION__));
+    ASSERT (FALSE);
+  }
+
+  Status = AcpiProtocol->InstallAcpiTable (
+                           AcpiProtocol,
+                           DsdtTable,
+                           DsdtTable->Length,
+                           &TableHandle
+                           );
+  if (EFI_ERROR (Status)) {
+    ASSERT_EFI_ERROR (Status);
+    return Status;
+  }
+
+  //
+  // Install a protocol to notify that the ACPI table provided by CH is
+  // ready.
+  //
+  gBS->InstallProtocolInterface (
+         &mChAcpiHandle,
+         &gQemuAcpiTableNotifyProtocolGuid,
+         EFI_NATIVE_INTERFACE,
+         &mChAcpiNotifyProtocol
+         );
+
+  return EFI_SUCCESS;
+}
+
 // Get the ACPI tables from EBDA start
 EFI_STATUS
 EFIAPI
diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 5f5556c67c..a350bb8f84 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -151,6 +151,7 @@
   gConfidentialComputingSevSnpBlobGuid  = {0x067b1f5f, 0xcf26, 0x44c5, {0x85, 0x54, 0x93, 0xd7, 0x77, 0x91, 0x2d, 0x42}}
   gUefiOvmfPkgPlatformInfoGuid          = {0xdec9b486, 0x1f16, 0x47c7, {0x8f, 0x68, 0xdf, 0x1a, 0x41, 0x88, 0x8b, 0xa5}}
   gVMMBootOrderGuid                     = {0x668f4529, 0x63d0, 0x4bb5, {0xb6, 0x5d, 0x6f, 0xbb, 0x9d, 0x36, 0xa4, 0x4a}}
+  gUefiOvmfPkgTdxAcpiHobGuid            = {0x6a0c5870, 0xd4ed, 0x44f4, {0xa1, 0x35, 0xdd, 0x23, 0x8b, 0x6f, 0x0c, 0x8d}}
 
 [Ppis]
   # PPI whose presence in the PPI database signals that the TPM base address
-- 
2.34.1

---------------------------------------------------------------------
Intel Corporation SAS (French simplified joint stock company)
Registered headquarters: "Les Montalets"- 2, rue de Paris, 
92196 Meudon Cedex, France
Registration Number:  302 456 199 R.C.S. NANTERRE
Capital: 5 208 026.16 Euros

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.

Re: [PATCH 3/3] OvmfPkg/AcpiPlatformDxe: Differentiate TDX case for Cloud Hypervisor

[Min Xu]

On December 12, 2022 5:04 PM, Boeuf, Sebastien wrote:
> Subject: [PATCH 3/3] OvmfPkg/AcpiPlatformDxe: Differentiate TDX case for
> Cloud Hypervisor
> 
> From: Sebastien Boeuf <sebastien.boeuf@intel.com>
> 
> Rely on CcProbe() to identify when running on TDX so that ACPI tables can be
> retrieved differently for Cloud Hypervisor. Instead of relying on the PVH
> structure to find the RSDP pointer, the tables are individually passed through
> the HOB.
> 
> Signed-off-by: Jiaqi Gao <jiaqi.gao@intel.com>
> Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
> ---
>  OvmfPkg/AcpiPlatformDxe/AcpiPlatform.c      |  8 +-
>  OvmfPkg/AcpiPlatformDxe/AcpiPlatform.h      |  6 ++
>  OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf |  2 +
>  OvmfPkg/AcpiPlatformDxe/CloudHvAcpi.c       | 87 +++++++++++++++++++++
>  OvmfPkg/OvmfPkg.dec                         |  1 +
>  5 files changed, 103 insertions(+), 1 deletion(-)
> 
> diff --git a/OvmfPkg/AcpiPlatformDxe/AcpiPlatform.c
> b/OvmfPkg/AcpiPlatformDxe/AcpiPlatform.c
> index fcfb9703bd..0cc3d958be 100644
> --- a/OvmfPkg/AcpiPlatformDxe/AcpiPlatform.c
> +++ b/OvmfPkg/AcpiPlatformDxe/AcpiPlatform.c
> @@ -9,6 +9,8 @@
>   #include <OvmfPlatforms.h> // CLOUDHV_DEVICE_ID +#include
> <Library/CcProbeLib.h> // CcProbe(), CcGuestTypeIntelTdx+ #include
> "AcpiPlatform.h"  /**@@ -33,7 +35,11 @@ InstallAcpiTables (
>     HostBridgeDevId = PcdGet16 (PcdOvmfHostBridgePciDevId);   if
> (HostBridgeDevId == CLOUDHV_DEVICE_ID) {-    Status = InstallCloudHvTables
> (AcpiTable);+    if (CcProbe () == CcGuestTypeIntelTdx) {+      Status =
> InstallCloudHvTablesTdx (AcpiTable);+    } else {+      Status =
> InstallCloudHvTables (AcpiTable);+    }   } else {     Status =
> InstallQemuFwCfgTables (AcpiTable);   }diff --git
> a/OvmfPkg/AcpiPlatformDxe/AcpiPlatform.h
> b/OvmfPkg/AcpiPlatformDxe/AcpiPlatform.h
> index 342339750d..3ec5098658 100644
> --- a/OvmfPkg/AcpiPlatformDxe/AcpiPlatform.h
> +++ b/OvmfPkg/AcpiPlatformDxe/AcpiPlatform.h
> @@ -19,6 +19,12 @@ typedef struct {
>   typedef struct S3_CONTEXT S3_CONTEXT;
> +EFI_STATUS+EFIAPI+InstallCloudHvTablesTdx (+  IN
> EFI_ACPI_TABLE_PROTOCOL  *AcpiProtocol+  );+ EFI_STATUS EFIAPI
> InstallCloudHvTables (diff --git
> a/OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
> b/OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
> index 09daf30bcd..dd03eccd88 100644
> --- a/OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
> +++ b/OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
> @@ -45,6 +45,7 @@
>    QemuFwCfgS3Lib   UefiBootServicesTableLib   UefiDriverEntryPoint+
> HobLib  [Protocols]   gEfiAcpiTableProtocolGuid                     # PROTOCOL
> ALWAYS_CONSUMED@@ -53,6 +54,7 @@
>   [Guids]   gRootBridgesConnectedEventGroupGuid+
> gUefiOvmfPkgTdxAcpiHobGuid  [Pcd]
> gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumerationdiff --git
> a/OvmfPkg/AcpiPlatformDxe/CloudHvAcpi.c
> b/OvmfPkg/AcpiPlatformDxe/CloudHvAcpi.c
> index ff59600d3e..cbe8bb9b0c 100644
> --- a/OvmfPkg/AcpiPlatformDxe/CloudHvAcpi.c
> +++ b/OvmfPkg/AcpiPlatformDxe/CloudHvAcpi.c
> @@ -7,14 +7,101 @@
>   **/ +#include <IndustryStandard/Acpi.h>                        //
> EFI_ACPI_DESCRIPTION_HEADER #include <IndustryStandard/CloudHv.h>
> // CLOUDHV_RSDP_ADDRESS #include <IndustryStandard/Xen/arch-
> x86/hvm/start_info.h> // hvm_start_info #include <Library/BaseLib.h>
> // CpuDeadLoop() #include <Library/DebugLib.h>                             // DEBUG()
> #include <Library/PcdLib.h>                               // PcdGet32()+#include
> <Library/HobLib.h>                               // GetFirstGuidHob(),
> GetNextGuidHob()+#include <Library/UefiBootServicesTableLib.h>             //
> gBS++#include <Protocol/AcpiSystemDescriptionTable.h>+#include
> <Protocol/AcpiTable.h>+#include <Protocol/QemuAcpiTableNotify.h>
> // QEMU_ACPI_TABLE_NOTIFY_PROTOCOL  #include "AcpiPlatform.h"
> +EFI_HANDLE                       mChAcpiHandle =
> NULL;+QEMU_ACPI_TABLE_NOTIFY_PROTOCOL
> mChAcpiNotifyProtocol;++EFI_STATUS+EFIAPI+InstallCloudHvTablesTdx (+
> IN   EFI_ACPI_TABLE_PROTOCOL  *AcpiProtocol+  )+{+  EFI_STATUS  Status;+
> UINTN       TableHandle;++  EFI_PEI_HOB_POINTERS         Hob;+
> EFI_ACPI_DESCRIPTION_HEADER  *CurrentTable;+
> EFI_ACPI_DESCRIPTION_HEADER  *DsdtTable;++  DsdtTable   = NULL;+
> TableHandle = 0;++  Hob.Guid = (EFI_HOB_GUID_TYPE *)GetFirstGuidHob
> (&gUefiOvmfPkgTdxAcpiHobGuid);++  while (Hob.Guid != NULL) {+
> CurrentTable = (EFI_ACPI_DESCRIPTION_HEADER *)(&Hob.Guid->Name +
> 1);+    if (!AsciiStrnCmp ((CHAR8 *)&CurrentTable->Signature, "DSDT", 4)) {+
> DsdtTable = CurrentTable;+    } else {+      //+      // Install the tables+      //+
> Status = AcpiProtocol->InstallAcpiTable (+                               AcpiProtocol,+
> CurrentTable,+                               CurrentTable->Length,+
> &TableHandle+                               );+      for (UINTN i = 0; i < CurrentTable-
> >Length; i++) {+        DEBUG ((DEBUG_INFO, " %x", *((UINT8 *)CurrentTable +
> i)));+      }++      DEBUG ((DEBUG_INFO, "\n"));+    }++    Hob.Raw  =
> GET_NEXT_HOB (Hob.Raw);+    Hob.Guid = (EFI_HOB_GUID_TYPE
> *)GetNextGuidHob (&gUefiOvmfPkgTdxAcpiHobGuid, Hob.Raw);+  }++  //+
> // Install DSDT table. If we reached this point without finding the DSDT,+  //
> then we're out of sync with the hypervisor, and cannot continue.+  //+  if
> (DsdtTable == NULL) {+    DEBUG ((DEBUG_INFO, "%a: no DSDT found\n",
> __FUNCTION__));+    ASSERT (FALSE);+  }++  Status = AcpiProtocol-
> >InstallAcpiTable (+                           AcpiProtocol,+                           DsdtTable,+
> DsdtTable->Length,+                           &TableHandle+                           );+  if
> (EFI_ERROR (Status)) {+    ASSERT_EFI_ERROR (Status);+    return Status;+  }++
> //+  // Install a protocol to notify that the ACPI table provided by CH is+  //
> ready.+  //+  gBS->InstallProtocolInterface (+         &mChAcpiHandle,+
> &gQemuAcpiTableNotifyProtocolGuid,+         EFI_NATIVE_INTERFACE,+
> &mChAcpiNotifyProtocol+         );++  return EFI_SUCCESS;+}+ // Get the ACPI
> tables from EBDA start EFI_STATUS EFIAPIdiff --git a/OvmfPkg/OvmfPkg.dec
> b/OvmfPkg/OvmfPkg.dec
> index 5f5556c67c..a350bb8f84 100644
> --- a/OvmfPkg/OvmfPkg.dec
> +++ b/OvmfPkg/OvmfPkg.dec
> @@ -151,6 +151,7 @@
>    gConfidentialComputingSevSnpBlobGuid  = {0x067b1f5f, 0xcf26, 0x44c5,
> {0x85, 0x54, 0x93, 0xd7, 0x77, 0x91, 0x2d, 0x42}}
> gUefiOvmfPkgPlatformInfoGuid          = {0xdec9b486, 0x1f16, 0x47c7, {0x8f,
> 0x68, 0xdf, 0x1a, 0x41, 0x88, 0x8b, 0xa5}}   gVMMBootOrderGuid                     =
> {0x668f4529, 0x63d0, 0x4bb5, {0xb6, 0x5d, 0x6f, 0xbb, 0x9d, 0x36, 0xa4,
> 0x4a}}+  gUefiOvmfPkgTdxAcpiHobGuid            = {0x6a0c5870, 0xd4ed, 0x44f4,
> {0xa1, 0x35, 0xdd, 0x23, 0x8b, 0x6f, 0x0c, 0x8d}}  [Ppis]   # PPI whose
> presence in the PPI database signals that the TPM base address--
> 2.34.1

Reviewed-by: Min Xu <min.m.xu@intel.com>

Re: [PATCH 0/3] OvmfPkg: Make IntelTdx work with Cloud Hypervisor

[Yao, Jiewen]

Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>

> -----Original Message-----
> From: Boeuf, Sebastien <sebastien.boeuf@intel.com>
> Sent: Monday, December 12, 2022 5:04 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Xu, Min M <min.m.xu@intel.com>;
> kraxel@redhat.com; Boeuf, Sebastien <sebastien.boeuf@intel.com>
> Subject: [PATCH 0/3] OvmfPkg: Make IntelTdx work with Cloud Hypervisor
> 
> From: Sebastien Boeuf <sebastien.boeuf@intel.com>
> 
> The IntelTdxX64 OVMF target wasn't working with Cloud Hypervisor on TDX
> platform. This was due to the way the OVMF code expects Cloud Hypervisor
> to rely on PVH to retrieve information like memory below 4GiB as well as
> the ACPI tables.
> 
> This is why this series takes care of identifying when running on TDX in
> order to handle things differently. For the memory below 4GiB, it falls
> back onto the CMOS to retrieve the correct information, and for the ACPI
> tables, it relies on the HOB to obtain every table individually before
> to expose them to the guest OS.
> 
> With these two use cases properly handled by this series, it is now
> possible to use the IntelTdxX64 target to build an OVMF binary that
> works both for QEMU and Cloud Hypervisor on a TDX platform.
> 
> Sebastien Boeuf (3):
>   OvmfPkg/PlatformInitLib: Differentiate TDX case for Cloud Hypervisor
>   OvmfPkg/PlatformInitLib: Transfer GUID Extension HOB
>   OvmfPkg/AcpiPlatformDxe: Differentiate TDX case for Cloud Hypervisor
> 
>  OvmfPkg/AcpiPlatformDxe/AcpiPlatform.c      |  8 +-
>  OvmfPkg/AcpiPlatformDxe/AcpiPlatform.h      |  6 ++
>  OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf |  2 +
>  OvmfPkg/AcpiPlatformDxe/CloudHvAcpi.c       | 87 +++++++++++++++++++++
>  OvmfPkg/Library/PlatformInitLib/IntelTdx.c  |  5 ++
>  OvmfPkg/Library/PlatformInitLib/MemDetect.c |  4 +-
>  OvmfPkg/OvmfPkg.dec                         |  1 +
>  7 files changed, 111 insertions(+), 2 deletions(-)
> 
> --
> 2.34.1

Re: [PATCH 0/3] OvmfPkg: Make IntelTdx work with Cloud Hypervisor

[Yao, Jiewen]

Hi Sebastien
CI failed, https://github.com/tianocore/edk2/pull/3769
Have you run CI before submission? Please take a look.


> -----Original Message-----
> From: Yao, Jiewen
> Sent: Thursday, December 15, 2022 12:20 AM
> To: Boeuf, Sebastien <sebastien.boeuf@intel.com>; devel@edk2.groups.io
> Cc: Xu, Min M <min.m.xu@intel.com>; kraxel@redhat.com
> Subject: RE: [PATCH 0/3] OvmfPkg: Make IntelTdx work with Cloud
> Hypervisor
> 
> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
> 
> > -----Original Message-----
> > From: Boeuf, Sebastien <sebastien.boeuf@intel.com>
> > Sent: Monday, December 12, 2022 5:04 PM
> > To: devel@edk2.groups.io
> > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Xu, Min M
> <min.m.xu@intel.com>;
> > kraxel@redhat.com; Boeuf, Sebastien <sebastien.boeuf@intel.com>
> > Subject: [PATCH 0/3] OvmfPkg: Make IntelTdx work with Cloud Hypervisor
> >
> > From: Sebastien Boeuf <sebastien.boeuf@intel.com>
> >
> > The IntelTdxX64 OVMF target wasn't working with Cloud Hypervisor on TDX
> > platform. This was due to the way the OVMF code expects Cloud
> Hypervisor
> > to rely on PVH to retrieve information like memory below 4GiB as well as
> > the ACPI tables.
> >
> > This is why this series takes care of identifying when running on TDX in
> > order to handle things differently. For the memory below 4GiB, it falls
> > back onto the CMOS to retrieve the correct information, and for the ACPI
> > tables, it relies on the HOB to obtain every table individually before
> > to expose them to the guest OS.
> >
> > With these two use cases properly handled by this series, it is now
> > possible to use the IntelTdxX64 target to build an OVMF binary that
> > works both for QEMU and Cloud Hypervisor on a TDX platform.
> >
> > Sebastien Boeuf (3):
> >   OvmfPkg/PlatformInitLib: Differentiate TDX case for Cloud Hypervisor
> >   OvmfPkg/PlatformInitLib: Transfer GUID Extension HOB
> >   OvmfPkg/AcpiPlatformDxe: Differentiate TDX case for Cloud Hypervisor
> >
> >  OvmfPkg/AcpiPlatformDxe/AcpiPlatform.c      |  8 +-
> >  OvmfPkg/AcpiPlatformDxe/AcpiPlatform.h      |  6 ++
> >  OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf |  2 +
> >  OvmfPkg/AcpiPlatformDxe/CloudHvAcpi.c       | 87
> +++++++++++++++++++++
> >  OvmfPkg/Library/PlatformInitLib/IntelTdx.c  |  5 ++
> >  OvmfPkg/Library/PlatformInitLib/MemDetect.c |  4 +-
> >  OvmfPkg/OvmfPkg.dec                         |  1 +
> >  7 files changed, 111 insertions(+), 2 deletions(-)
> >
> > --
> > 2.34.1

Re: [PATCH 0/3] OvmfPkg: Make IntelTdx work with Cloud Hypervisor

[Boeuf, Sebastien]

[-- Attachment #1: Type: text/plain, Size: 3638 bytes --]

Hi Jiewen,

Thanks to Min, I've been able to fix the remaining issues.

I've just sent a v2 after I've verified the CI was passing correctly.

Thanks,
Sebastien
________________________________
From: Yao, Jiewen <jiewen.yao@intel.com>
Sent: Thursday, December 15, 2022 3:02 AM
To: Boeuf, Sebastien <sebastien.boeuf@intel.com>; devel@edk2.groups.io <devel@edk2.groups.io>
Cc: Xu, Min M <min.m.xu@intel.com>; kraxel@redhat.com <kraxel@redhat.com>
Subject: RE: [PATCH 0/3] OvmfPkg: Make IntelTdx work with Cloud Hypervisor

Hi Sebastien
CI failed, https://github.com/tianocore/edk2/pull/3769
Have you run CI before submission? Please take a look.


> -----Original Message-----
> From: Yao, Jiewen
> Sent: Thursday, December 15, 2022 12:20 AM
> To: Boeuf, Sebastien <sebastien.boeuf@intel.com>; devel@edk2.groups.io
> Cc: Xu, Min M <min.m.xu@intel.com>; kraxel@redhat.com
> Subject: RE: [PATCH 0/3] OvmfPkg: Make IntelTdx work with Cloud
> Hypervisor
>
> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
>
> > -----Original Message-----
> > From: Boeuf, Sebastien <sebastien.boeuf@intel.com>
> > Sent: Monday, December 12, 2022 5:04 PM
> > To: devel@edk2.groups.io
> > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Xu, Min M
> <min.m.xu@intel.com>;
> > kraxel@redhat.com; Boeuf, Sebastien <sebastien.boeuf@intel.com>
> > Subject: [PATCH 0/3] OvmfPkg: Make IntelTdx work with Cloud Hypervisor
> >
> > From: Sebastien Boeuf <sebastien.boeuf@intel.com>
> >
> > The IntelTdxX64 OVMF target wasn't working with Cloud Hypervisor on TDX
> > platform. This was due to the way the OVMF code expects Cloud
> Hypervisor
> > to rely on PVH to retrieve information like memory below 4GiB as well as
> > the ACPI tables.
> >
> > This is why this series takes care of identifying when running on TDX in
> > order to handle things differently. For the memory below 4GiB, it falls
> > back onto the CMOS to retrieve the correct information, and for the ACPI
> > tables, it relies on the HOB to obtain every table individually before
> > to expose them to the guest OS.
> >
> > With these two use cases properly handled by this series, it is now
> > possible to use the IntelTdxX64 target to build an OVMF binary that
> > works both for QEMU and Cloud Hypervisor on a TDX platform.
> >
> > Sebastien Boeuf (3):
> >   OvmfPkg/PlatformInitLib: Differentiate TDX case for Cloud Hypervisor
> >   OvmfPkg/PlatformInitLib: Transfer GUID Extension HOB
> >   OvmfPkg/AcpiPlatformDxe: Differentiate TDX case for Cloud Hypervisor
> >
> >  OvmfPkg/AcpiPlatformDxe/AcpiPlatform.c      |  8 +-
> >  OvmfPkg/AcpiPlatformDxe/AcpiPlatform.h      |  6 ++
> >  OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf |  2 +
> >  OvmfPkg/AcpiPlatformDxe/CloudHvAcpi.c       | 87
> +++++++++++++++++++++
> >  OvmfPkg/Library/PlatformInitLib/IntelTdx.c  |  5 ++
> >  OvmfPkg/Library/PlatformInitLib/MemDetect.c |  4 +-
> >  OvmfPkg/OvmfPkg.dec                         |  1 +
> >  7 files changed, 111 insertions(+), 2 deletions(-)
> >
> > --
> > 2.34.1

---------------------------------------------------------------------
Intel Corporation SAS (French simplified joint stock company)
Registered headquarters: "Les Montalets"- 2, rue de Paris, 
92196 Meudon Cedex, France
Registration Number:  302 456 199 R.C.S. NANTERRE
Capital: 5 208 026.16 Euros

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.

[-- Attachment #2: Type: text/html, Size: 6649 bytes --]