From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web12.21190.1628769444911593052 for ; Thu, 12 Aug 2021 04:57:25 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: min.m.xu@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10073"; a="215322094" X-IronPort-AV: E=Sophos;i="5.84,315,1620716400"; d="scan'208";a="215322094" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Aug 2021 04:57:23 -0700 X-IronPort-AV: E=Sophos;i="5.84,315,1620716400"; d="scan'208";a="517433533" Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.175.248]) by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Aug 2021 04:57:19 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Brijesh Singh , Eric Dong , Erdem Aktas , Hao A Wu , Jian J Wang , James Bottomley , Jiewen Yao , Liming Gao , Michael D Kinney , Ray Ni , Rahul Kumar , Tom Lendacky , Zhiguang Liu Subject: [PATCH 00/23] Enable Intel TDX in OvmfPkg (SEC/PEI) Date: Thu, 12 Aug 2021 19:56:39 +0800 Message-Id: X-Mailer: git-send-email 2.29.2.windows.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3249 Intel's Trust Domain Extensions (Intel TDX) refers to an Intel technology that extends Virtual Machines Extensions (VMX) and Multi-Key Total Memory Encryption (MKTME) with a new kind of virutal machines guest called a Trust Domain (TD). A TD is desinged to run in a CPU mode that protects the confidentiality of TD memory contents and the TD's CPU state from other software, including the hosting Virtual-Machine Monitor (VMM), unless explicitly shared by the TD itself. The patch-sets to support Intel TDX in OvmfPkg is split into several waves. This is Wave-2 which enables Intel TDX in SEC/PEI phases of OvmfPkgX64. (This is because Intel TDX is only available on X64). Note: As mentioned above the whole TDX Virtual Firmware upstream to EDK2 is splitted into several waves. Wave-1 is focused on the changes in OvmfPkg/ResetVector. It is still in review. (Hope we can finish it soon). Wave-2 is focused on the changes in SEC/PEI phases. To make the review more efficient we send Wave-2 before the review of Wave-1 is finished. Wave-2 has little dependencies on Wave-1 except some PCDs definitions. So reviewers can skip Patch 01-03. Once Wave-1 is done, Wave-2 will be rebased on the latest code base. Thanks for your understanding. Patch 01-03 are the patches of Wave-1 (ResetVector phase). They can be skipped. Patch 04 - 18 are changes in SEC phase. Also some libraries in these patches are workable in both SEC and PEI. Patch 19 - 23 are changes for PEI phase. Patch 04: Tdx.h is added in the patch which includes the Intel Trust Domain Extension definitions. Detailed information can be found in below document: https://software.intel.com/content/dam/develop/external/us/en/ documents/tdx-module-1eas-v0.85.039.pdf Patch 05: It provides *TdxIsEnabled* to determine Td or Non-Td by a new CPUID leaf(0x21). Patch 06: TdxLib is provided in this patch to wrap the functions which perform the related Tdx operation. Patch 07: TDVF chooses para-virtualized I/O which use the TDG.VP.VMCALL function to invoke the funtions provided by the host VMM to perform I/O. BaseIoLibIntrinsicSev.inf is updated to support the I/O in Tdx guest. Some null stub are also added in BaseIoLibIntrinsic.inf to prevent the broken of build process. Patch 08: In this patch BaseXApicX2ApicLib is updated to support Intel TDX. The major change is access to MSR because some MSR should be accessed via explicit requests from the host VMM using TDCALL(TDG.VP.VMCALL). Patch 09 - 12: These patches add VmTdExitLib library and add base support to handle #VE exceptions under the help of VmTdExitLib. Patch 13: This patch enable Tdx support in MpInitLib. Patch 14: In this patch BSP initialize the temporary stack and then jumps to SecMain, just as legacy Ovmf does. APs spin in a modified mailbox loop using initial mailbox structure. They wait for command to see if the command is for me. If so execute the command. Patch 15: IntelTdx.h is added to define the defitions used by TDX in OvmfPkg. Patch 16: In Tdx BSP may issues commands to APs for some task, for example, to accept pages paralelly. BSP also need to wait until all the APs have done the task. TdxMailboxLib wraps these common funtions for BSP. Patch 17: In this patch EFI_RESOURCE_ATTRIBUTE_ENCRYPTED is added which indicates the attribute of Physical memory encrypted. Patch 18: Now we're ready to update SecMain.c to support Intel TDX. The major changes of this patch is to accept the private memory described in Td hoblist. Then TDVF follow the standard OVMF flow and jump to PEI phase. Patch 19: This patch checks Tdx in QemuFwCfgPei to avoid DMA operation. This is mainly because DMA in TDX guest requires using bounce buffer (which need to allocate dynamic memory and allocating a PAGE size'd buffer can be challenge in PEI phase). Patch 20: A new function - AllocatePagesWithMemoryType - is added in PeiMemoryAllocationLib. This is because when doing RelocateMailbox, the memory of ACPI Nvs need be allocated. Patch 21: PcdUse1GPageTable is set to FALSE by default in OvmfPkgX64.dsc. It gives no chance to support 1G page table. To support 1G page table in TDX this PCD is set to TRUE in OvmfPkgX64.dsc. Patch 22: In TDX IA32_ERER is RO to host VMM. It could not be changed. A new PCD - PcdIa32EferChangeAllowed - is added in MdeModulePkg.dec and it will be set to FALSE in Tdx guest. Patch 23: Intel TDX has its own requirement in InitializePlatform (PlatformPei). - Publish the ram region - Relocate mailbox - Create PlatformInfoHob [TDX]: https://software.intel.com/content/dam/develop/external/us/en/ documents/tdx-whitepaper-final9-17.pdf [TDVF]: https://software.intel.com/content/dam/develop/external/us/en/ documents/tdx-virtual-firmware-design-guide-rev-1.pdf Code is at https://github.com/mxu9/edk2/tree/tdvf_wave2 Cc: Brijesh Singh Cc: Eric Dong Cc: Erdem Aktas Cc: Hao A Wu Cc: Jian J Wang Cc: James Bottomley Cc: Jiewen Yao Cc: Liming Gao Cc: Michael D Kinney Cc: Ray Ni Cc: Rahul Kumar Cc: Tom Lendacky Cc: Zhiguang Liu Signed-off-by: Min Xu Min Xu (23): OvmfPkg: Add Tdx BFV/CFV PCDs and PcdOvmfImageSizeInKb OvmfPkg/Sec: Update the check logic in SevEsIsEnabled OvmfPkg/ResetVector: Enable Intel TDX in ResetVector of Ovmf MdePkg: Add Tdx.h MdePkg: Add TdxProbeLib to probe Intel Tdx MdePkg: Add TdxLib to wrap Tdx operations MdePkg: Update BaseIoLibIntrinsicSev to support Tdx UefiCpuPkg: Support TDX in BaseXApicX2ApicLib UefiCpuPkg: Add VmTdExitLibNull OvmfPkg: Prepare OvmfPkg to use the VmTdExitLib library OvmfPkg: Implement library support for VmTdExitLib in Ovmf UefiCpuPkg/CpuExceptionHandler: Add base support for the #VE exception UefiCpuPkg: Enable Tdx support in MpInitLib OvmfPkg: Update SecEntry.nasm to support Tdx OvmfPkg: Add IntelTdx.h in OvmfPkg/Include/IndustryStandard OvmfPkg: Add TdxMailboxLib MdePkg: Add EFI_RESOURCE_ATTRIBUTE_ENCRYPTED in PiHob.h OvmfPkg: Enable Tdx in SecMain.c OvmfPkg: Check Tdx in QemuFwCfgPei to avoid DMA operation MdePkg: Add AllocatePagesWithMemoryType support in PeiMemoryAllocationLib OvmfPkg: Add PcdUse1GPageTable support for TDX MdeModulePkg: EFER should not be changed in TDX OvmfPkg: Update PlatformPei to support TDX MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 1 + .../Core/DxeIplPeim/X64/VirtualMemory.c | 6 + MdeModulePkg/MdeModulePkg.dec | 5 + MdePkg/Include/IndustryStandard/Tdx.h | 200 +++++ MdePkg/Include/Library/MemoryAllocationLib.h | 21 + MdePkg/Include/Library/TdxLib.h | 167 +++++ MdePkg/Include/Library/TdxProbeLib.h | 25 + MdePkg/Include/Pi/PiHob.h | 8 + .../BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf | 2 + .../BaseIoLibIntrinsicSev.inf | 6 +- MdePkg/Library/BaseIoLibIntrinsic/IoLib.c | 97 ++- MdePkg/Library/BaseIoLibIntrinsic/IoLibGcc.c | 49 +- .../BaseIoLibIntrinsic/IoLibInternalTdx.c | 690 ++++++++++++++++++ .../BaseIoLibIntrinsic/IoLibInternalTdxNull.c | 499 +++++++++++++ MdePkg/Library/BaseIoLibIntrinsic/IoLibMsc.c | 73 +- MdePkg/Library/BaseIoLibIntrinsic/IoLibTdx.h | 411 +++++++++++ .../BaseIoLibIntrinsic/X64/IoFifoSev.nasm | 133 ++++ .../MemoryAllocationLib.c | 27 + MdePkg/Library/TdxLib/AcceptPages.c | 136 ++++ MdePkg/Library/TdxLib/Rtmr.c | 118 +++ MdePkg/Library/TdxLib/TdInfo.c | 101 +++ MdePkg/Library/TdxLib/TdxLib.inf | 39 + MdePkg/Library/TdxLib/TdxLibNull.c | 192 +++++ MdePkg/Library/TdxLib/X64/Tdcall.nasm | 120 +++ MdePkg/Library/TdxLib/X64/Tdvmcall.nasm | 206 ++++++ MdePkg/Library/TdxProbeLib/InternalTdxProbe.h | 25 + MdePkg/Library/TdxProbeLib/TdProbeNull.c | 25 + MdePkg/Library/TdxProbeLib/TdxProbeLib.c | 35 + MdePkg/Library/TdxProbeLib/TdxProbeLib.inf | 34 + MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm | 97 +++ MdePkg/MdePkg.dec | 6 + MdePkg/MdePkg.dsc | 2 + OvmfPkg/Include/IndustryStandard/IntelTdx.h | 77 ++ OvmfPkg/Include/Library/TdxMailboxLib.h | 75 ++ OvmfPkg/Include/TdxCommondefs.inc | 51 ++ OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c | 15 + .../Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf | 1 + OvmfPkg/Library/TdxMailboxLib/TdxMailbox.c | 138 ++++ .../Library/TdxMailboxLib/TdxMailboxLib.inf | 52 ++ .../Library/TdxMailboxLib/TdxMailboxNull.c | 86 +++ OvmfPkg/Library/VmTdExitLib/VmTdExitLib.inf | 41 ++ .../Library/VmTdExitLib/VmTdExitVeHandler.c | 515 +++++++++++++ OvmfPkg/OvmfPkg.dec | 27 + OvmfPkg/OvmfPkgDefines.fdf.inc | 10 + OvmfPkg/OvmfPkgIa32.dsc | 4 + OvmfPkg/OvmfPkgIa32X64.dsc | 4 + OvmfPkg/OvmfPkgX64.dsc | 8 + OvmfPkg/OvmfXen.dsc | 1 + OvmfPkg/PlatformPei/FeatureControl.c | 9 +- OvmfPkg/PlatformPei/IntelTdx.c | 268 +++++++ OvmfPkg/PlatformPei/IntelTdxNull.c | 35 + OvmfPkg/PlatformPei/MemDetect.c | 20 +- OvmfPkg/PlatformPei/Platform.c | 2 + OvmfPkg/PlatformPei/Platform.h | 17 + OvmfPkg/PlatformPei/PlatformPei.inf | 14 + OvmfPkg/PlatformPei/X64/ApRunLoop.nasm | 83 +++ OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 39 + OvmfPkg/ResetVector/Ia32/AmdSev.asm | 7 - OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm | 9 + OvmfPkg/ResetVector/Ia32/IntelTdx.asm | 265 +++++++ OvmfPkg/ResetVector/Ia32/PageTables64.asm | 113 ++- OvmfPkg/ResetVector/Main.asm | 121 +++ OvmfPkg/ResetVector/ResetVector.inf | 12 +- OvmfPkg/ResetVector/ResetVector.nasmb | 48 +- OvmfPkg/ResetVector/X64/IntelTdxMetadata.asm | 110 +++ OvmfPkg/Sec/IntelTdx.c | 608 +++++++++++++++ OvmfPkg/Sec/IntelTdx.h | 33 + OvmfPkg/Sec/SecMain.c | 45 +- OvmfPkg/Sec/SecMain.inf | 7 + OvmfPkg/Sec/X64/SecEntry.nasm | 313 ++++++++ UefiCpuPkg/Include/Library/VmTdExitLib.h | 47 ++ .../BaseXApicX2ApicLib/BaseXApicX2ApicLib.c | 172 ++++- .../BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf | 2 + .../DxeCpuExceptionHandlerLib.inf | 1 + .../PeiCpuExceptionHandlerLib.inf | 1 + .../PeiDxeSmmCpuException.c | 18 + .../SecPeiCpuException.c | 19 + .../SecPeiCpuExceptionHandlerLib.inf | 1 + .../SmmCpuExceptionHandlerLib.inf | 1 + .../Xcode5SecPeiCpuExceptionHandlerLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 5 + UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 14 +- UefiCpuPkg/Library/MpInitLib/MpIntelTdx.h | 107 +++ UefiCpuPkg/Library/MpInitLib/MpLib.c | 26 + UefiCpuPkg/Library/MpInitLib/MpLibTdx.c | 142 ++++ UefiCpuPkg/Library/MpInitLib/MpLibTdxNull.c | 117 +++ UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 5 + .../Library/MpInitLib/X64/IntelTdcall.nasm | 120 +++ .../Library/VmTdExitLibNull/VmTdExitLibNull.c | 37 + .../VmTdExitLibNull/VmTdExitLibNull.inf | 34 + UefiCpuPkg/UefiCpuPkg.dec | 9 + UefiCpuPkg/UefiCpuPkg.dsc | 4 + 92 files changed, 7610 insertions(+), 112 deletions(-) create mode 100644 MdePkg/Include/IndustryStandard/Tdx.h create mode 100644 MdePkg/Include/Library/TdxLib.h create mode 100644 MdePkg/Include/Library/TdxProbeLib.h create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibInternalTdx.c create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibInternalTdxNull.c create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibTdx.h create mode 100644 MdePkg/Library/TdxLib/AcceptPages.c create mode 100644 MdePkg/Library/TdxLib/Rtmr.c create mode 100644 MdePkg/Library/TdxLib/TdInfo.c create mode 100644 MdePkg/Library/TdxLib/TdxLib.inf create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.c create mode 100644 MdePkg/Library/TdxLib/X64/Tdcall.nasm create mode 100644 MdePkg/Library/TdxLib/X64/Tdvmcall.nasm create mode 100644 MdePkg/Library/TdxProbeLib/InternalTdxProbe.h create mode 100644 MdePkg/Library/TdxProbeLib/TdProbeNull.c create mode 100644 MdePkg/Library/TdxProbeLib/TdxProbeLib.c create mode 100644 MdePkg/Library/TdxProbeLib/TdxProbeLib.inf create mode 100644 MdePkg/Library/TdxProbeLib/X64/TdProbe.nasm create mode 100644 OvmfPkg/Include/IndustryStandard/IntelTdx.h create mode 100644 OvmfPkg/Include/Library/TdxMailboxLib.h create mode 100644 OvmfPkg/Include/TdxCommondefs.inc create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailbox.c create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailboxNull.c create mode 100644 OvmfPkg/Library/VmTdExitLib/VmTdExitLib.inf create mode 100644 OvmfPkg/Library/VmTdExitLib/VmTdExitVeHandler.c create mode 100644 OvmfPkg/PlatformPei/IntelTdx.c create mode 100644 OvmfPkg/PlatformPei/IntelTdxNull.c create mode 100644 OvmfPkg/PlatformPei/X64/ApRunLoop.nasm create mode 100644 OvmfPkg/ResetVector/Ia32/IntelTdx.asm create mode 100644 OvmfPkg/ResetVector/Main.asm create mode 100644 OvmfPkg/ResetVector/X64/IntelTdxMetadata.asm create mode 100644 OvmfPkg/Sec/IntelTdx.c create mode 100644 OvmfPkg/Sec/IntelTdx.h create mode 100644 UefiCpuPkg/Include/Library/VmTdExitLib.h create mode 100644 UefiCpuPkg/Library/MpInitLib/MpIntelTdx.h create mode 100644 UefiCpuPkg/Library/MpInitLib/MpLibTdx.c create mode 100644 UefiCpuPkg/Library/MpInitLib/MpLibTdxNull.c create mode 100644 UefiCpuPkg/Library/MpInitLib/X64/IntelTdcall.nasm create mode 100644 UefiCpuPkg/Library/VmTdExitLibNull/VmTdExitLibNull.c create mode 100644 UefiCpuPkg/Library/VmTdExitLibNull/VmTdExitLibNull.inf -- 2.29.2.windows.2