From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail03.groups.io (mail03.groups.io [45.79.227.220]) by spool.mail.gandi.net (Postfix) with ESMTPS id DA781AC0DB5 for ; Thu, 11 Apr 2024 06:56:48 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=955dxvXZBctyallyLf4lBtM5NScP/FOlOxTWCyIOzL0=; c=relaxed/simple; d=groups.io; h=Message-ID:Subject:From:To:Cc:Date:In-Reply-To:References:Autocrypt:User-Agent:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type; s=20240206; t=1712818607; v=1; b=EwDrT5oICLk/cfREdDoOI0RWDvRMnjeHl8v7MtgeIaMsW5o3+doGh1cDIgM6eOWmoRgpDIj+ HF8T0qoLfxYFY3JUCMMEaOw3U2hBu5cRkqM6mJGavXuVK5P+AQCEBSDTSrQ9c8W6b9TzWnjPtqo 7jXQNmMB3qm5RDdxWknaruHZX994Gk3TuaF7IaBDj6rY7oUrymz80/rEGUK0AhaY8ChweEukSZw K43NWEXnnGWmZsD7Ji52LrOzlyBZe3l/aW9y//zd4mcwB3BsxJ3fdTlykiiRe7TQ7mNtXDHAbO+ sAsZKPlhNnamS8XMX/2aJww/Dbfva/jZniTONoA+3WmyQ== X-Received: by 127.0.0.2 with SMTP id 7yRPYY7687511xz44uNDGmkY; Wed, 10 Apr 2024 23:56:47 -0700 X-Received: from mx2.freebsd.org (mx2.freebsd.org [96.47.72.81]) by mx.groups.io with SMTP id smtpd.web10.11591.1712818606515139180 for ; Wed, 10 Apr 2024 23:56:46 -0700 X-Received: from mx1.freebsd.org (mx1.freebsd.org [96.47.72.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits)) (Client CN "mx1.freebsd.org", Issuer "R3" (verified OK)) by mx2.freebsd.org (Postfix) with ESMTPS id 4VFVqK4Xnxz3jn5; Thu, 11 Apr 2024 06:56:45 +0000 (UTC) (envelope-from corvink@FreeBSD.org) X-Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VFVqK3fbCz4S6G; Thu, 11 Apr 2024 06:56:45 +0000 (UTC) (envelope-from corvink@FreeBSD.org) X-Received: from [IPv6:2001:9e8:dc30:6400:5de9:5b62:5b14:a31b] (unknown [IPv6:2001:9e8:dc30:6400:5de9:5b62:5b14:a31b]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: corvink) by smtp.freebsd.org (Postfix) with ESMTPSA id 4VFVqJ1PQCz10KX; Thu, 11 Apr 2024 06:56:44 +0000 (UTC) (envelope-from corvink@FreeBSD.org) Message-ID: Subject: Re: [edk2-devel] [PATCH v3 1/4] OvmfPkg/Sec: Setup MTRR early in the boot process. From: =?UTF-8?B?Q29ydmluIEvDtmhuZQ==?= To: devel@edk2.groups.io, kraxel@redhat.com, min.m.xu@intel.com Cc: "lersek@redhat.com" , Michael Roth , Oliver Steffen , "Yao, Jiewen" , Tom Lendacky , Ard Biesheuvel , "Aktas, Erdem" , "Sun, Yi Y" , "Huang, Jiaqing" Date: Thu, 11 Apr 2024 08:56:42 +0200 In-Reply-To: References: <20240130130441.772484-1-kraxel@redhat.com> <20240130130441.772484-2-kraxel@redhat.com> <7b3177f0-9696-07e1-ad0e-040d5392b067@redhat.com> Autocrypt: addr=corvink@FreeBSD.org; prefer-encrypt=mutual; keydata=mQINBGNjZaIBEADDTrDNf+0pwiuRPBdClcnZW83dH1UhuOi0u+A1J2SatEBbNaFVtXXAavewCTuyV/ZbNidjlhq3R/pWyiKjFKvs5dj7PMCw+3z2D5OWpMdHg7TrB+fbdFPOEsu0zQVKNaO+pSKCfN0Re0m7bL3wuvl7PXvBufRwA3Guo1P4j3TXWaEkuso7VupTvE25zVGg9ONHrGOjA9RUy+Yg4Se3NLgtUdjBgA21SBQTDvRQV4fDmVenlwvWeE0Xm8FcDcpQb6sJTihaDku78mi3Ux1HCk7rTcepVEB0xIB6qmFxv0sLlDmVv6Z6qg1y/Q5m23Pgz60o3TulMPV4F+3Itm8ifU+wgVSzBZbD29GYkd7LKqMkFbhvfSBk+5db3vbYY5OD//+LTM5AV7e2AhXuXMvG1UNBqXqSJTTSy6KZz+qmPQO0zos0dq46p8o82lKiBEGD2Hu0p+u0OyV+MmRYo1NIBFVbOPXp2MvUVl5II0UIJ3+N9gLBmfGA+HEpVO8PnvdoT/5NQ7m8JK1rQHzjiDub/iDPAYMqKH4C0eZ/7zO0fuY5FeRNtuNtpH1Bw/+7/5RJH7bcKkfGHHEp15FJUrGHgWNydoDLB9QBprwQc8FEldDXBjzOMXIgh6FGKLNu6DswvIPGy6M3u7DXwDakCXz+c9Ym0oFihLzZxWntrsxdswD/CwARAQABtCdDb3J2aW4gS8O2aG5lIDxjb3J2aW4ua29laG5lQGdtYWlsLmNvbT6JAlQEEwEIAD4WIQSC9FKVreba38fZT0bYVNpWMV4CagUCZArUIwIbAwUJCWYBgAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDYVNpWMV4CalcID/44k2i/mqSSi4W6FAobSF1nFLtP/pfcRNJriWKx2UF7cfFMKyg7Nilg7FhLb5FDB1umUW2nFfchFPTUp4FfKzgRvPzIMg4RIRcVtTpYbl3z7zs9ZXD8q S//iibbiUG3quncm6tO2x1jLZD3ORC+8MuLGXhYQIa4O5vVF2SBHdb/U6P+wsrF+U+OpRdEdQ/4Xu9S02kltzBGgArjcexdhUqEqW01KCCSH0+qgfN1NE+9L934ZOB+cai2b9apPbCOGuV6KcUKMj4z0RWInhlXIyMqtmhdix/P/GjrQ1REVNdp74JeweSSedM15wwc6YLMXPrtOnnExyZ1gyNFYaub+Mdo3ZQ+83863B0C9IlpzEW0K8bYlZrl4WBNdcMOyByETAxgQmBgP6ZFErTtaeUOH1nX2FyR6o2GLSahRgngQmnREzScTpPbBEkMwJMDAO+rbjjGxjeKSUwD1WOfbI6QZj+MS/uBk2p08kgN7fQaCEwj6jqML/IIE+FZ9IIn6TNG0hChD384VHO+YioLBno1Atgi4Q7JUWSRIHQXZW+StQajFrWPPyKQwCe1MwqpKoMpX/q8IZBlzwJgZS8ShLeFZjtzOt1jgM99TD91Neonf9OzjTSbfo7sJviSWoICMhB/MvDZjj+naMVF86uGFxnIEsjVKyBxlJd4TRHnLYPTIHFKBLQjQ29ydmluIEvDtmhuZSA8Y29ydmlua0BGcmVlQlNELm9yZz6JAlQEEwEKAD4WIQSC9FKVreba38fZT0bYVNpWMV4CagUCY2NlogIbAwUJCWYBgAULCQgHAwUVCgkICwUWAwIBAAIeAQIXgAAKCRDYVNpWMV4CavfDEACCFnXpR7H9eOgP+GJMNPtK6i9/xnqdyXi8uCZIN0hYwjN4Xzo9SMLOf4UUlQEveOB+bGqbRfHd/fGKnrlXiPd0SGpKWJC21gqL/DsIH0J8I3Whth+O8tfPWeFy0oCsvBaaGFLIrDfoIgHF9i/gqEe48xhN42weB02Z3mdR1L0d7ME/BLwS0mCXe9Zh3uHw63S6xYB3Wsjptxe/ph6TpQDUKWtRJkjC6BqXPBdThpbbfIRWmjZbp2fKEJPvtRXS14+gbUqWeJ 4xCvprA3+ae7vtrp91X775yngyW3XTw5cmDiJIjykH8+zhEIoNQXNBpFrehkQDYrcM+WoE6NGSJo+3VJvSRWhUGWDVrxdTYNkbIjmTNlkI12NINC007DiuV7OF9XHWgrbbylvuZvbODmbJRdhTFy9upAUygX1/xUAQEIMqMiJmyTdv8i0IbZ611WElQx9XHgGeZgM6+39/laN8FwspM6gE/4NzZHIZN0LEBOerZqoF+Il6eccQpoEWx7nb/RilJp3dUUyvkBnJWg+AJByosg857kvvmDnZ3UB+bejWpcfFvnbkiKPUBPDO7tWPb5r2yFDpDe/Vg5x+sRbkkXGUFD6Rx0p/ZiRIneVVg8emTzhDR0IL/BZkq/uVJkdaphZli1F/31cNgf6ZJYnjxlk86uiYSySZQR0dKLDqq7QlQ29ydmluIEvDtmhuZSA8Yy5rb2VobmVAYmVja2hvZmYuY29tPokCVAQTAQgAPhYhBIL0UpWt5trfx9lPRthU2lYxXgJqBQJkCtScAhsDBQkJZgGABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJENhU2lYxXgJqI+QQAML5PTR7KpUFV3SLG60LQJGEOHUfDmJYczxBFbIAq1U4hIbivopu1AdLty7oDDrIjCVoa2/Cy34dd99O7lhLvUmZFB/zDSUtbUg2zhDkU0YSZ11FdrlWzky2tFaQRgxpDvWlUP0baa3Pd4dPDRiIUI6AOSR2SL6XANk6sJh56gLVM6G8yyafGsxSyDYg6Z78EEMFejHwB+KP2DdsahupzM+F97HeC1+bOHYxtqN+2hEkPLtQWizyumPqNg5FvZhwe7yO8V95hF3RhuDO+9aJT+WLLvcZEb/L1bI04IvZ5FWgCLI7Levd/DuOtZI8gWapHhqGZRbXB2fuJkCoKCl6V67h/7aWhU3LjFTsC5siJyrxPjapKcIk8a7PqZDswNCKR+24LJ5D59mPgEOnsiCCVpik1WE /kgD+rOu9dQxjpjKwuKowf4EJP1KYNkYtoy1HthzyTOqPwqXC3IUl0GVPO3xw6MhUM3irCVFruC+ecVrv85Rd37vrduT6JvgW92xjWegMsamtkDZH8Ik/cmYhH0K/qEc6OZVNea/4PTEZe0uxODJ6pbMd80AJyGqDPPVeAgWJtEIG4k6IS8XyD5v1QJtlpDVpPwP/bbFnVc3h3Oatfn8Etm1KAqYvNwyO+om2PkF1p732uapDZdLwksVmgc9s79+9pSpeP5DbIeMzhrIKuQINBGNjZaIBEAC4V8zlnLa957NAFPmOuW6cL1W1/E3pMtoxNYMaZmOtEDaOLV645qfie2XXh2Bn44hzN3vZ3ZaWV9FKipGTxCTNL6Im6o8ghKX4cIBiACeSbcAcIdsxCGnFLO46lPm7NYbGGfU532A8QfvpYeO4ue8H+qNWw9lWXCU1djoPwbo9McfyJ7CA3reT9wgPO4/nAo1StfeiYvkOWoxYwpiNstzUZMmd6dRCJhDtHyy639VB2YsvhyLYVB9yQdv5M2VPk2q+oodiTK/uZvaoubsIqkVlL/fqBdx+bZOG6eSogqTjTLFN5S6EjL4usCY1Vv19uDhWwuvADuMChu3jPNm4PC8pI6O4DPiWAqt+Aw4WDfKM2ie8JqzCtUXf/Iv+aSiMhNMT0qGn+Ybq98yWXs1k67M7PheurWO2hfYtMQJtpHYHqz3T7VC0F4bAPl3rDRL4PJ2Vr9eoo5upVPbZN1JXAA5oEX7coA1BQz/18LlTBhNmHk2wsi5omYZOnBoZelA7kpNx/8zc2zanOnO7NW0dJLq/o4GlfP56UFV8I1MWNyI351BAkIJyThrjv7aMxLhpNny6uYoms7X2oWf2R//QIMA/0jkqsGirksV4CW+7xhuQVwxGIHR2JskZYaPSjJaXTvoGxu/+SwqT00xnF64ZvwDUGiw7yB70s/LolEOZ/5JqgQARAQABiQI8BBgBCgAmFiEEgvRS la3m2t/H2U9G2FTaVjFeAmoFAmNjZaICGwwFCQlmAYAACgkQ2FTaVjFeAmrhSw/+NqYqv6oHppWZ7hpt+2Df+qIw2kOgvo0ecU8orastt7OfiJpRzlDFPK2nhok5t4+1PZCi4jcR5Ub22Ddy4O00FOCRAq70haA+cNNiZ0XlD5cDv+CxmT0NkD337ls5wz8zyOX7n7Z4jG8ghiJEkcLQbyp2qYaggKrz2sGWKUjByS7jySRCotPOO+0W6Iz2dw9215ZQ1F3uZwdRlpXA7ypzUBEvIJxc563fFuPetbZAIavGMT844hovsMXW2Q/MS3HI03USkgeVaqANbSOUFAdt2tgTrvUw/vXBckp4T+vATNdQH0WieBIX4nRQQ6SjfmaI82QxJuJjb5NJ6bgS+HPIUH8J1Iw958y/Rs5svzKW+/YYoZBDuhtbAeoJdiy7a7wtK6pBv+xMdpmKLBgVVXOeX6sucwJ/K68tb5aOmbuPLAaIoKgm/9IF8dqiI23JoM2ZhpYZjpVMpakGIxV6R4Kp2hrqC4oNpuVLJ7LQSMuocXduguvWYdYvVXSdpC1Ed+fLtFXA0h5fhDqHFDCDM2CgQX2DfzXe/rV7vChm61fQYn+85md1vPiefnsaunEh3+cbcFfIshNmIRfAKwA2//75eqgBuC2D5ZIr93LsEUCcabnQZdaZKGSo/ruWNZdPyjj/b6MhAifkoFFrkN4/dwIqYIev8wMbh3+7dcZIRza0foM= User-Agent: Evolution 3.50.4 MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Wed, 10 Apr 2024 23:56:46 -0700 Resent-From: corvink@FreeBSD.org Reply-To: devel@edk2.groups.io,corvink@FreeBSD.org List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: PBDAR31lTzz569l7jATKD5s0x7686176AA= Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-CV1kcKvgfO061PxJrbZI" X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=EwDrT5oI; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=FreeBSD.org (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.227.220 as permitted sender) smtp.mailfrom=bounce@groups.io --=-CV1kcKvgfO061PxJrbZI Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, 2024-02-20 at 09:15 +0100, Gerd Hoffmann wrote: > On Tue, Feb 20, 2024 at 06:27:21AM +0000, Min Xu wrote: > > On Monday, February 12, 2024 11:22 PM, Gerd Hoffmann wrote: > > > On Thu, Feb 01, 2024 at 10:38:43AM +0100, Gerd Hoffmann wrote: > > > > =C2=A0 Hi, > > > >=20 > > > > > > Can you confirm (a) this patch is OK for > > > > > > "OvmfPkg/IntelTdx/Sec/SecMain.c", and (b) this series fixes > > > > > > the slowdown > > > you had encountered? > > > > > >=20 > > > > > > (that's what's left before we can merge this series) > > > > > >=20 > > > > > We test the patch in TDX and find EXIT_REASON_CR_ACCESS is > > > > > triggered in > > > DXE phase. > > > >=20 > > > > Hmm.=C2=A0 Sure this caused by this patch series?=C2=A0 For the PEI= -less > > > > TDX > > > > build this series moves the MTRR setup to a different place in > > > > SEC. > > > > Once the DXE phase started the MTRR configuration should be > > > > identical > > > > with and without this patch series, and the series also doesn't > > > > touch > > > > any control register. > > >=20 > > > Ping.=C2=A0 Can you double-check please?=C2=A0 Our QE ran a test buil= d with > > > this series > > > applied through regression testing (including TDX) and has not > > > found any > > > issues. > >=20 > > We double check the patch-set (v3) for both OvmfPkgX64 and > > IntelTdx. > > It triggered EXIT_REASON_CR_ACCESS in DXE phase when launching a > > td-guest. >=20 > Have you been able to figure which control register access caused the > EXIT_REASON_CR_ACCESS? >=20 > > @Gerd, what's the qemu command and test environment your QE > > run the case? We'd like run it in our side. >=20 > >=20 > Tested edk2-ovmf-20231122-1.el9.rhel21704.20240202.1130.noarch with > TDX guest, no issue found >=20 > Version: >=20 > edk2-ovmf-20231122-1.el9.rhel21704.20240202.1130.noarch >=20 > guest kernel: 5.14.0-415.el9.x86_64 >=20 > qemu-kvm-8.0.0-15.el9s.x86_64 > host kernel-5.14.0-411.test.el9s.x86_64 >=20 > Steps: >=20 > $ sudo /usr/libexec/qemu-kvm=C2=A0 -accel kvm=C2=A0=C2=A0 -drive > file=3D/home/zixchen/rhel94_tdx.qcow2,if=3Dnone,id=3Dvirtio-disk0=C2=A0= =C2=A0 -device > virtio-blk-pci,drive=3Dvirtio-disk0=C2=A0=C2=A0 -cpu host -smp 16 -m 1024= 0 - > object tdx-guest,id=3Dtdx,debug=3Don=C2=A0=C2=A0 -machine > q35,hpet=3Doff,kernel_irqchip=3Dsplit,memory-encryption=3Dtdx,confidentia= l- > guest-support=3Dtdx,memory-backend=3Dram1=C2=A0=C2=A0 -object memory-back= end- > ram,id=3Dram1,size=3D10240M,private=3Don=C2=A0 -nographic -vga none=C2=A0= =C2=A0 - > nodefaults -bios /usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd=C2=A0 - > serial stdio=C2=A0 -netdev user,id=3Duser.0 -device e1000,netdev=3Duser.0 >=20 > $ dmesg|grep -i tdx > [=C2=A0=C2=A0=C2=A0 0.000000] tdx: Guest detected > [=C2=A0=C2=A0=C2=A0 0.719122] TECH PREVIEW: Intel Trusted Domain Extensio= ns (TDX) > may not be fully supported. > [=C2=A0=C2=A0=C2=A0 0.719122]=C2=A0 Intel TDX > [=C2=A0=C2=A0=C2=A0 0.719122] process: using TDX aware idle routine >=20 > >=20 > Host configuration with the tdx test packages: > https://sigs.centos.org/virt/tdx/host/ >=20 > Latest edk2 build (stable202311 + patches) has the patch series > included: >=20 > https://kojihub.stream.centos.org/koji/buildinfo?buildID=3D56985 >=20 > take care, > =C2=A0 Gerd >=20 >=20 >=20 >=20 >=20 >=20 Hi, any progress on that patch? I'm currently trying to passthrough the integrated GPU of an Intel CPUs. When I add the GPU to the qemu command, I'm faced with the descripted issue. This patch solves the issue. --=20 Kind regards, Corvin -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117617): https://edk2.groups.io/g/devel/message/117617 Mute This Topic: https://groups.io/mt/104052591/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- --=-CV1kcKvgfO061PxJrbZI Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEgvRSla3m2t/H2U9G2FTaVjFeAmoFAmYXiaoACgkQ2FTaVjFe AmrvRA//QV/gR7fZP8mVMJwZQYhshJeBB/WFeP+ZLRnwLsmz8buUm2AW5F+yCyBw wzZpRyuPu9BL1IR9i3Qpbz92sZ4m42sGMUwB5zGQjkU3uxqg01XCtlQYNexBx4hT vCQGFCjMBvkC5GZkM2zd7FJpk/VmD3+riqnP+s4s4NufJKnjw7q3fDFQtrgn4gZ5 jUp1/cXjzqcHYIv0iJIstgcH4D5kAPNVabGIuO5VgxcfdUVE24T3S/3vXnZp6DQF H2aQDZU+dOsLV/e844LxwFlPQLCvXv1BQ4Bg3jRmxuxNtUp7iTqe2kjEDwU+lxh3 gVHu/qhDCMI1Uu55W5ZlMwo48qhUWAP8FUcR6b6GJQg4MaDEpiwjpvTKK6owjZx1 DJunW4Lc/fsxfpseM46pL700HkFnTSSnK8pLPBF94eUAWHiyZm+/guMgrIOBKSsS gWBaBODp5ADTkt+NOA8uaVFLRzrJ4dOFyV48s0F/L3BKWfLVVGxtz8LBHOF6ozL1 FhZoBynrpMVk5V9SHs/BMjiT/i7KIJ7PR5xr6HhAmjOuP4cCX7hi2xY92GXzlkul H/5LjucHXhK+lAo1f3y/NkUW3uVC2KZe0MeIVf82idGE0AJ9fXNVECe4UXTOwOs7 e1doN2iEJsnAmyosErNOyWSYxZhJYsVnO0efJ/IaZkyfFNPnwQ8= =06+0 -----END PGP SIGNATURE----- --=-CV1kcKvgfO061PxJrbZI--