From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.74]) by mx.groups.io with SMTP id smtpd.web10.11944.1650053133736028592 for ; Fri, 15 Apr 2022 13:05:34 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=32peH7wb; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.94.74, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kniqOV17gbUjVCpv1o2z7l5ffmF/lkWxMW6olNWivlLVGC+LhLwAI3ABSZTxFZXeDeutQOY86KyID2uZk7P5mOVaTaxykLLN+XldT6Te693zIu1r5v4ZM2Qh2v9dHt0y0lKNlA+8/hQeKnEnLzeoJCjLKqmTDCGZ+3Fdu90ExYNqiGJbak14OWv4pdC2mY3lNnG7Rg7abjtQnxCwjRy5pvdi4mofWCYN8nG6s24wlbsRltT8Nai+AdeFhzxYhdVds3PFHKh1ukDsihmq8bZ5BBiBF9bgk7rwl0IIMkDmB1Qta3nuWIptC7n3SDsf5Vz+fpwPraTABckOxYmyi+rusQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=qK46XhJJJ4x5xD6jdqtKoiKUzoQmyG6ky5W5OQZfoBs=; b=BseuMY1QRlHy2GM1MmGY8trugkqVUaVZAGoFZYbWsEfPhh/7gtZJsJ99YHj3wrfKniSL7qtGhhwuU46BZecqbod0xKEDSrJnx4ayviEI6uGzjWT3FdcXAbhctZ7GzDTR93Xs8REUIIWlbeTbg9NqixFhbh+ohau+5rjftXJrbOl8W7W6o8W8ZH6M1JzpAES7Ajkwiz5Yr7c7R2JEoMdz/ahZhCLjw9wwoBohIT+eBkJnrxpRQHt70znEUrrdw18tVoQM0t50i/H4H8hFBITXuVUL4t/nJrGEuk2gIQgViKQCHSLIbcOBuF+lI9xO0ug1yQyZ0RIc1d8WWVLl23d1/A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qK46XhJJJ4x5xD6jdqtKoiKUzoQmyG6ky5W5OQZfoBs=; b=32peH7wbsapBLD75fO1vo9p1Z7OegEswp4bqs070qbsscU/i3F1VqPaFY3rVp47Cqn3Pp2r/5D40GZgYFd8/bBcLuvTE3CTXMkrcAyQ2MbI9zy08pG8A5sYyWY84qLZv5+gpgrItGFFKL9wl/Nb4T7rXzfZvzwudUXDz8potyBM= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by MN2PR12MB3645.namprd12.prod.outlook.com (2603:10b6:208:cc::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5164.20; Fri, 15 Apr 2022 20:05:30 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::781d:15d6:8f63:a4e7]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::781d:15d6:8f63:a4e7%5]) with mapi id 15.20.5164.020; Fri, 15 Apr 2022 20:05:30 +0000 Message-ID: Date: Fri, 15 Apr 2022 15:05:28 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 To: Min Xu , devel@edk2.groups.io Cc: Ard Biesheuvel , Jordan Justen , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Gerd Hoffmann References: <368af9aea6c16f967a877a4af857970df7e73d70.1648555175.git.min.m.xu@intel.com> From: "Lendacky, Thomas" Subject: Re: [PATCH V12 33/47] OvmfPkg: Update Sec to support Tdx In-Reply-To: <368af9aea6c16f967a877a4af857970df7e73d70.1648555175.git.min.m.xu@intel.com> X-ClientProxiedBy: SN4PR0801CA0009.namprd08.prod.outlook.com (2603:10b6:803:29::19) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: Thomas.Lendacky@amd.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: eee819f3-95ce-485e-7c05-08da1f1b4ac5 X-MS-TrafficTypeDiagnostic: MN2PR12MB3645:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: OBmn1XNsLbvFiv5CsrLuN2LhnI4lVWPnbgB7Ve7hCM51uBLlP4KCDwl7swNNgVD9jG2XS7oevn1BjustXSH6LkJ1yMOE12vYYbQqyD1SJIpXwKUqwmEPe3woDvGqka/oojfXRVL+zsontOwUiRgep/iDD3gwNcF5AmysZUFHRZvBycJACk9DLjmgxJB+5gtfsN9BYfGBQewUlBgAWYirZ+vDhox+K4AaYN6+z1WEzlRRTtg6ztyawHDDQnNqdbTU3woaj5xlrGv0z2/ts6wAnjwdFr16RS1AW0i0gY/tWn2Lbia02T4oLT4MLHtqwOYMXG/f9sGfBYkDKlfv+TSG293pvUQ58i7gedO4rtrRb2ReTUaQHzndIZs28mIf01kCYaZSepn5Pf22X1lgEINsPsw+O2kOf6A3aBk2Ri6KDI0L+8o7KXAyun0fknPh4Ncww+KQ8+icpWLx696Zdj9mcjUQhKBfOBNZWB1s7jx834xS095RmZ9L8LocOQj/0rkgOpjVf6lVWoJzxwbDeiD0ozCubbnI+hENaBAdC0+yVWD+ufFeTVFQrUUucQsxSGuAgm067IngebdrJlOLzBxyA5WhbeJnFHiBeJUk3NYyoRx8uz1TQDwkmX94pHDmySa6Ktuw/hbzOSNfl+GPN1dqgc2VL6W5IqX1IJZXOX4kPnn1R/h1hvdHyUEJx9QJwitvAC4rMFHn59O9iccN4D0G89Y6IhEJNXQLq6p66eXqvFp43Vrb1MHujsAQF+iBLlxPkV3SX/Q9ZrYAb5x9wPhR+1PT8FjPO9k2zd9ZVuQyiEfM+vXTl0lvKcXoL2VZQVosw/PRFVENAsViVQzTdsJX3w== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(4636009)(366004)(2906002)(38100700002)(31696002)(86362001)(186003)(508600001)(8936002)(15650500001)(36756003)(53546011)(5660300002)(6506007)(966005)(2616005)(54906003)(26005)(6512007)(31686004)(316002)(6486002)(66556008)(66946007)(66476007)(4326008)(8676002)(83380400001)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?Zm1Vajk3N1BFbExkV2RhbEZqYkRrcm5EUmZVbVJPeENzSjhwQUZYUkNvait5?= =?utf-8?B?cVdzYkNGWVdqaE9xc3dWRHRLcFNxcHZqQzlTcXl5YXJJTFlLMVprcml6cWxh?= =?utf-8?B?cTdiUUh3SmJrUEdhVUFTVExMeHJKTnF4UHR3Ri8rVkI2eE53c1dFMFBmVE16?= =?utf-8?B?aVZpODVKTVVaOTJYUkUxNTk3b1hrT3ltdTFmT0JCaVY3d0tCRTA1WlhEaGNk?= =?utf-8?B?RG0rWVd1bEJWTDZhcnBPUENaRUFFQXFFbTNHS3M2cUp4NnBwYVhURis3Vml4?= =?utf-8?B?RVRnTFkrc20waFRUSXlvdVQxSnl4Ylh1VUt2aDFMU2prZnA2VURKbThHTFNk?= =?utf-8?B?N1k3YjB6cHpLd0NicG1WcUxJMGZVNXhiUTRGOG1hLzNWMUN1cC9FSUl1U3VP?= =?utf-8?B?T2xyOUhaTEcvbTlLdlBNTGxneEZJRjA3aiswWnV2MThEbEt2T0czNVM5aklq?= =?utf-8?B?eVF6L3lnWkM1QzVwWitGbzRXMWNUVW1oeUdzZ24xeUtGZEhOa0daWHc0QnI4?= =?utf-8?B?K2c1elkxZGcydjBoT1JrOTVmZmxtZ1ZMMFZXSE9Sck1zYkM4VTBTbUY0TGs0?= =?utf-8?B?TGlkRlo5TnRCRUNwWTBhVTlaL3FPQldmV0luZERWWGE4a3hkeERjbmNER2Uz?= =?utf-8?B?UUhGOEFPTkdJcU5hWTNBRTlUbTJ3VG5yd1JQck9jNE45dDRhNzZsZHVZSkNE?= =?utf-8?B?cE83L2tGbVdnZzJ4S1pkQ2E1MEMzUDQ4a1hQME9Fbi9nbENLSm1sNW5pbG5J?= =?utf-8?B?ZGNyQ3AwYktPQmh6RHFKZjdpbkNJa0hkWURjQ2lBcDhzTUpyMGRxZFJyZnd2?= =?utf-8?B?YlVQNk5IK1ExNWV6KzRpRVJTRForc3BtRHp1UlZwMFhQLzc5M0NiSUZGcmNJ?= =?utf-8?B?cUxxWmt0NXI4NnZJTXV4Uk9DMkRNSkV2Y29EQ3E3NmExVU42eUlJc25qc0ND?= =?utf-8?B?N2lWVUpaSWo2ZnUvK2c1ckovclErT0tmM09KRFZiVVpST0xPSzZEeWNqQ1pW?= =?utf-8?B?b1BlQlNOcjh4Z00xc3pLbTg0UEdKdER6WWY5M0xiS1F3Z0hveGpyMnBkYkFr?= =?utf-8?B?ZktGOTc1SlhKYVhrdEFNRGlwTEZ3SElLRXNLb0Zhc28rWFRVbFY2UXlPUm1Q?= =?utf-8?B?ZjNrOTNsdGJ0eklQVitSVWNESFVyc3QrYlR5aS9BTThNcjA4MXJNVEpLVEEx?= =?utf-8?B?Vy9UZ21nZC91U1pnSlN5eEF3dnp1MW5KQWw5M0ZPTm5BYUJlZ2N6VlVGR0VL?= =?utf-8?B?Q3ZZUFJuVGhRRWJWbXJ3VlkzZkV0NEUxUCtPV1hqOHBMNmVmSnh3RkFwUHc2?= =?utf-8?B?dzh0Nlltbi93dUhhZDNJY0kyRWpSamxpUEJyYWJiRCtUaVkwZjRZSlZJK1Zm?= =?utf-8?B?MlpXVmMwUEtQVzNNeFdhR01CdnI3SEpXeHhycyt3OU11UTlVN05mcWdMQ3do?= =?utf-8?B?dkZheUMybWR5V1ZFbUxTWThGRVhmL1ZZL0ZzU0c1UkFOMk4yTFhjNHFnUFQ0?= =?utf-8?B?VGNzYW5DY3FBbDlyYnB1U2E5dWJ5OHlPRUgvUjd3OEpCcjZRRVF1MldqYUtX?= =?utf-8?B?UHhzMEV3WkcxMHZCRktoMHFIOEY3TDIxbEVlVVBYTlBmVGhONDdsSERqLy9j?= =?utf-8?B?TUpmUEtZVW44bG9HZGRoWGlWTDJ3YW4xdWtIVEs5WkRXd01mNVhrcTdrRTRx?= =?utf-8?B?VEdIYm9WZGsrOUJtaURoUUh0QmtkbXhZMHhuWWhTZjN0YjQxMjhGbFhwWkpx?= =?utf-8?B?RFR5SUNrQmI4SE8rYUw5dE5KdlZyQStwMy9qZWZpeGFxcW15S2NQQWk1eWlm?= =?utf-8?B?dmIxcitVclRGUGppVFc3UzQyektuMi9UL1A0OENndzdsRGUvN1JaemJzNVNa?= =?utf-8?B?OXRaNGFzOElZekdxdGNYMHBGVjBJbnpFRjJFWTBZeEU1TVllNmNLeTUxOTNq?= =?utf-8?B?RlhCdzZ0MUNOdFVETCtwc29QUmozalFiVlRPMmFReWZidU16dklEUGNZYXFt?= =?utf-8?B?YXdMVU5zM3I5WXgwRFRpMlNTM1JhVWhDNXE2NXJzNWVKeUMyVTBLSTlYUEwy?= =?utf-8?B?dGdCODVwcVVaZmxKbWlUMk0zaHF1eXR4QkpUMzVWN1pqbnRhSHNycXlVc29R?= =?utf-8?B?Q2RONTJ0VEVmUDM1NVBsRFI4blgzQjZ4WThpZmswY1FiV2dqTDNHSjhmaWF3?= =?utf-8?B?TkU2L0ZiUnllejZpS2p5L21QUEVoUE1pWVdVVXpsZXliZVVFNXFockI3WVg3?= =?utf-8?B?cldqTUU1R2dxSVJjSEJyVE8vaDhhMStXUVh4TjluYlJESkF6Y2gvSkRNVDhv?= =?utf-8?B?RUVvaGNaSzRRcGZUcnlKTjNWeWVQdU1qR2V1QkxIMjd4bHZ2S2FtZz09?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: eee819f3-95ce-485e-7c05-08da1f1b4ac5 X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Apr 2022 20:05:30.6318 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: SzfrzWv/Q7X/FY7CHWuSvCI+QhwNyJ2c00oRiwzZrUD+Z9sAsi0HOzNhxmZcNAnJiV8tKiT5QQf/8XcSzqR9Eg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB3645 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 3/29/22 18:46, Min Xu wrote: > RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429 > > There are below major changes in this commit. > > 1. SecEntry.nasm > In TDX BSP and APs goes to the same entry point in SecEntry.nasm. > > BSP initialize the temporary stack and then jumps to SecMain, just as > legacy Ovmf does. > > APs spin in a modified mailbox loop using initial mailbox structure. > Its structure defition is in OvmfPkg/Include/IndustryStandard/IntelTdx.h. > APs wait for command to see if the command is for me. If so execute the > command. > > 2. Sec/SecMain.c > When host VMM create the Td guest, the system memory informations are > stored in TdHob, which is a memory region described in Tdx metadata. > The system memory region in TdHob should be accepted before it can be > accessed. So the major task of this patch is to process the TdHobList > to accept the memory. After that TDVF follow the standard OVMF flow > and jump to PEI phase. > > PcdUse1GPageTable is set to FALSE by default in OvmfPkgX64.dsc. It gives > no chance for Intel TDX to support 1G page table. To support 1G page > table this PCD is set to TRUE in OvmfPkgX64.dsc. > > TDX_GUEST_SUPPORTED is defined in OvmfPkgX64.dsc. This macro wraps the > Tdx specific code. > > TDX only works on X64, so the code is only valid in X64 arch. > > Cc: Ard Biesheuvel > Cc: Jordan Justen > Cc: Brijesh Singh > Cc: Erdem Aktas > Cc: James Bottomley > Cc: Jiewen Yao > Cc: Tom Lendacky > Cc: Gerd Hoffmann > Acked-by: Gerd Hoffmann > Signed-off-by: Min Xu > diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c > index 02520e25ab9a..ca9717a7b526 100644 > --- a/OvmfPkg/Sec/SecMain.c > +++ b/OvmfPkg/Sec/SecMain.c > @@ -26,9 +26,8 @@ > #include > #include > #include > - > #include > - > +#include > #include "AmdSev.h" > > #define SEC_IDT_ENTRY_COUNT 34 > @@ -738,6 +737,20 @@ SecCoreStartupWithStack ( > UINT32 Index; > volatile UINT8 *Table; > > + #if defined (TDX_GUEST_SUPPORTED) > + if (TdIsEnabled ()) { I wish I had caught this earlier, but this patch breaks SEV-ES support. TdIsEnabled() uses the CPUID instruction. At this point, exception handling is not established and a CPUID instruction will generate a #VC and cause the booting guest to crash. That is why the SevEsIsEnabled() function checks the work area to determine if SEV-ES is supported. In the early boot code we established a temporary #VC handler to specifically handle CPUID and then set the work area indicator that SEV-ES is enabled. I think you'll need to do something similar for this area. Haven't you already set the workarea from calling InitTdx before this point? Thanks, Tom > + // > + // For Td guests, the memory map info is in TdHobLib. It should be processed > + // first so that the memory is accepted. Otherwise access to the unaccepted > + // memory will trigger tripple fault. > + // > + if (ProcessTdxHobList () != EFI_SUCCESS) { > + CpuDeadLoop (); > + } > + } > + > + #endif > +