From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web12.43668.1635772972691691836 for ; Mon, 01 Nov 2021 06:22:53 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: min.m.xu@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10154"; a="254617466" X-IronPort-AV: E=Sophos;i="5.87,199,1631602800"; d="scan'208";a="254617466" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Nov 2021 06:16:35 -0700 X-IronPort-AV: E=Sophos;i="5.87,199,1631602800"; d="scan'208";a="500035433" Received: from mxu9-mobl1.ccr.corp.intel.com ([10.255.29.216]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Nov 2021 06:16:31 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Brijesh Singh , Eric Dong , Erdem Aktas , Hao A Wu , Jian J Wang , James Bottomley , Jiewen Yao , Liming Gao , Michael D Kinney , Ray Ni , Rahul Kumar , Tom Lendacky , Zhiguang Liu , Gerd Hoffmann Subject: [PATCH V3 00/29] Enable Intel TDX in OvmfPkg (Config-A) Date: Mon, 1 Nov 2021 21:15:49 +0800 Message-Id: X-Mailer: git-send-email 2.29.2.windows.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3249 Intel's Trust Domain Extensions (Intel TDX) refers to an Intel technology that extends Virtual Machines Extensions (VMX) and Multi-Key Total Memory Encryption (MKTME) with a new kind of virutal machines guest called a Trust Domain (TD). A TD is desinged to run in a CPU mode that protects the confidentiality of TD memory contents and the TD's CPU state from other software, including the hosting Virtual-Machine Monitor (VMM), unless explicitly shared by the TD itself. There are 2 configurations for TDVF to upstream. See below link for the definitions of the 2 configurations. https://edk2.groups.io/g/devel/message/76367 This patch-set is to enable Config-A in OvmfPkg. - Merge the *basic* TDVF feature to existing OvmfX64Pkg.dsc. (Align with existing SEV) - Threat model: VMM is NOT out of TCB. (We don’t make things worse.) - The OvmfX64Pkg.dsc includes SEV/TDX/normal OVMF basic boot capability. The final binary can run on SEV/TDX/normal OVMF - No changes to existing OvmfPkgX64 image layout. - No need to add additional security features if they do not exist today - No need to remove features if they exist today. - RTMR is not supported - PEI phase is NOT skipped in either Td or Non-Td Note: To improve the review efficiency the whole TDVF upstream to EDK2 is splitted into several waves. Wave-1 is focused on the changes in OvmfPkg/ResetVector. It has been merged into master branch. This patch-set is Wave-2 which is focused on the changes in SEC/PEI/DXE phases. During the code review of Wave-2, there are some other patch-series under review parallelly. These patch are submitted by SEV but is also shared by TDX. After they're merged, Wave-2 will be rebased on the latest code base.Thanks for your understanding. Patch 01 - 19 are changes in SEC phase. Also some libraries in these patches are workable in SEC/PEI/DXE. Patch 12 is copied from SEV's patch which defines a new PCD (PcdConfidentialComputingGuestAttr). Because SEV is also doing the upstream and some of the code is shared between TDX and SEV. Reviewer can skip this patch. Patch 20 - 24 are changes for PEI phase. Patch 25 - 29 are changes in DXE phase. [TDX]: https://software.intel.com/content/dam/develop/external/us/en/ documents/tdx-whitepaper-final9-17.pdf [TDX-Module]: https://software.intel.com/content/dam/develop/external/ us/en/documents/tdx-module-1.0-public-spec-v0.931.pdf [TDVF]: https://software.intel.com/content/dam/develop/external/us/en/ documents/tdx-virtual-firmware-design-guide-rev-1.pdf [GCHI]: https://software.intel.com/content/dam/develop/external/us/en/ documents/intel-tdx-guest-hypervisor-communication-interface-1.0-344426-002.pdf Code is at https://github.com/mxu9/edk2/tree/tdvf_wave2.v3 v3 changes: - LocalApicTimerDxe is split out to be a separate patch-series. - VmTdExitLibNull/VmgExitLib are removed. Instead the VmgExitLib is extended to handle #VE exception. (Patch 3-5) - Split the Tdx support of base IoLib into 4 commits. (Patch 6-9) - Alter of MADT table is updated. In previous version it was created from scratch. Now it gets the installed table, copy it to a larger buffer and append the ACPI_MADT_MPWK to it. (Patch 25) - Changes in BaseXApicX2ApicLib is refined based on the feedbacks. (Add spec link of MSR access definition, rename some funtion name, etc.) (Patch 11) - Use PcdConfidentialComputingGuestAttr to probe TDX guest instead of CPUID. But in some cases PcdConfidentialComputingGuestAttr cannot be used because it has not been set yet. - Some other minor changes. v3 not-addressed comments: - Some of the comments have not been addressed. This is because I need more time to consider how to address these comments. At the same time I want to submit a new version based on the above changes so that community can review in a more efficient way. (v2 is the version one month ago). - Comments in MpInitLib have not been addressed yet. It will be addressed in v4. - BaseMemEncryptTdxLib should be merged with BaseMemEncryptSevLib. It will be addressed in v4. - Some comments may be missed. I will re-visit the review emails. - Thanks much for your understanding. v2 changes: - Remove TdxProbeLib. It is to reduce the depencies of the lib. - In v1 a new function (AllocatePagesWithMemoryType) is added in PeiMemoryAllocationLib. This function is not necessary. It can be replaced by PeiServicesAllocatePages. - IoLibFifo.c is added in BaseIoLibIntrinsic. This file includes the functions of read/write of I/O port fifo. These functions will call TdIoReadFifo or SevIoReadFifo by checking TDX or SEV in run-time. - DXE related patches are added. (Patch 22-28) - Fix typo in commit/comment message, or some minor changes. - Rebase the edk2 code base. (4cc1458dbe00) Cc: Brijesh Singh Cc: Eric Dong Cc: Erdem Aktas Cc: Hao A Wu Cc: Jian J Wang Cc: James Bottomley Cc: Jiewen Yao Cc: Liming Gao Cc: Michael D Kinney Cc: Ray Ni Cc: Rahul Kumar Cc: Tom Lendacky Cc: Zhiguang Liu Cc: Gerd Hoffmann Signed-off-by: Min Xu Brijesh Singh via groups.io (1): UefiCpuPkg: Define ConfidentialComputingGuestAttr Min Xu (28): MdePkg: Add Tdx.h MdePkg: Add TdxLib to wrap Tdx operations UefiCpuPkg: Extend VmgExitLibNull to handle #VE exception OvmfPkg: Extend VmgExitLib to handle #VE exception UefiCpuPkg/CpuExceptionHandler: Add base support for the #VE exception MdePkg: Add helper functions for Tdx guest in BaseIoLibIntrinsic MdePkg: Support mmio for Tdx guest in BaseIoLibIntrinsic MdePkg: Support IoFifo for Tdx guest in BaseIoLibIntrinsic MdePkg: Support IoRead/IoWrite for Tdx guest in BaseIoLibIntrinsic UefiPayloadPkg: PreparePrepare UefiPayloadPkg to use TdxLib UefiCpuPkg: Support TDX in BaseXApicX2ApicLib MdePkg: Add macro to check SEV/TDX guest UefiCpuPkg: Enable Tdx support in MpInitLib OvmfPkg: Update SecEntry.nasm to support Tdx OvmfPkg: Add IntelTdx.h in OvmfPkg/Include/IndustryStandard OvmfPkg: Add TdxMailboxLib MdePkg: Add EFI_RESOURCE_ATTRIBUTE_ENCRYPTED in PiHob.h OvmfPkg: Enable Tdx in SecMain.c OvmfPkg: Check Tdx in QemuFwCfgPei to avoid DMA operation MdeModulePkg: EFER should not be changed in TDX MdeModulePkg: Set shared bit in Mmio region for Tdx guest UefiCpuPkg: Update AddressEncMask in CpuPageTable OvmfPkg: Update PlatformPei to support TDX OvmfPkg: Update AcpiPlatformDxe to alter MADT table OvmfPkg: Add TdxDxe driver OvmfPkg/BaseMemEncryptTdxLib: Add TDX helper library OvmfPkg/QemuFwCfgLib: Support Tdx in QemuFwCfgDxe OvmfPkg: Update IoMmuDxe to support TDX MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 3 + .../Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 2 +- .../Core/DxeIplPeim/X64/DxeIplTdVmcall.nasm | 146 +++ .../Core/DxeIplPeim/X64/VirtualMemory.c | 331 +++++- .../Core/DxeIplPeim/X64/VirtualMemory.h | 66 +- MdeModulePkg/MdeModulePkg.dec | 11 + .../Include/ConfidentialComputingGuestAttr.h | 28 + MdePkg/Include/IndustryStandard/Tdx.h | 203 ++++ MdePkg/Include/Library/TdxLib.h | 167 ++++ MdePkg/Include/Pi/PiHob.h | 8 + .../BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf | 2 + .../BaseIoLibIntrinsicSev.inf | 7 +- MdePkg/Library/BaseIoLibIntrinsic/IoLib.c | 82 +- MdePkg/Library/BaseIoLibIntrinsic/IoLibFifo.c | 216 ++++ MdePkg/Library/BaseIoLibIntrinsic/IoLibGcc.c | 49 +- .../BaseIoLibIntrinsic/IoLibInternalTdx.c | 704 +++++++++++++ .../BaseIoLibIntrinsic/IoLibInternalTdxNull.c | 499 ++++++++++ MdePkg/Library/BaseIoLibIntrinsic/IoLibMsc.c | 73 +- MdePkg/Library/BaseIoLibIntrinsic/IoLibSev.h | 166 ++++ MdePkg/Library/BaseIoLibIntrinsic/IoLibTdx.h | 411 ++++++++ .../BaseIoLibIntrinsic/X64/IoFifoSev.nasm | 34 +- MdePkg/Library/TdxLib/AcceptPages.c | 137 +++ MdePkg/Library/TdxLib/Rtmr.c | 83 ++ MdePkg/Library/TdxLib/TdInfo.c | 103 ++ MdePkg/Library/TdxLib/TdxLib.inf | 39 + MdePkg/Library/TdxLib/TdxLibNull.c | 192 ++++ MdePkg/Library/TdxLib/X64/Tdcall.nasm | 85 ++ MdePkg/Library/TdxLib/X64/Tdvmcall.nasm | 207 ++++ MdePkg/MdePkg.dec | 7 + MdePkg/MdePkg.dsc | 1 + OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpi.c | 12 +- .../QemuFwCfgAcpiPlatformDxe.inf | 1 + OvmfPkg/Include/IndustryStandard/IntelTdx.h | 76 ++ OvmfPkg/Include/Library/MemEncryptTdxLib.h | 81 ++ OvmfPkg/Include/Library/TdxMailboxLib.h | 75 ++ .../Include/Protocol/QemuAcpiTableNotify.h | 29 + OvmfPkg/Include/TdxCommondefs.inc | 51 + OvmfPkg/IoMmuDxe/AmdSevIoMmu.c | 104 +- OvmfPkg/IoMmuDxe/AmdSevIoMmu.h | 6 +- OvmfPkg/IoMmuDxe/IoMmuDxe.c | 6 +- OvmfPkg/IoMmuDxe/IoMmuDxe.inf | 5 + .../BaseMemEncryptTdxLib.inf | 44 + .../BaseMemEncryptTdxLibNull.inf | 35 + .../BaseMemoryEncryptionNull.c | 90 ++ .../BaseMemEncryptTdxLib/MemoryEncryption.c | 938 ++++++++++++++++++ .../BaseMemEncryptTdxLib/VirtualMemory.h | 181 ++++ OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c | 9 +- .../Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf | 1 + .../QemuFwCfgLib/QemuFwCfgLibInternal.h | 11 + OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c | 32 + .../Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf | 2 + OvmfPkg/Library/TdxMailboxLib/TdxMailbox.c | 138 +++ .../Library/TdxMailboxLib/TdxMailboxLib.inf | 52 + .../Library/TdxMailboxLib/TdxMailboxNull.c | 86 ++ OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf | 3 +- .../Library/VmgExitLib/VmTdExitVeHandler.c | 515 ++++++++++ OvmfPkg/Library/VmgExitLib/VmgExitLib.inf | 4 + OvmfPkg/OvmfPkg.dec | 22 + OvmfPkg/OvmfPkgIa32.dsc | 3 + OvmfPkg/OvmfPkgIa32X64.dsc | 3 + OvmfPkg/OvmfPkgX64.dsc | 12 + OvmfPkg/OvmfPkgX64.fdf | 3 + OvmfPkg/PlatformPei/FeatureControl.c | 8 +- OvmfPkg/PlatformPei/IntelTdx.c | 290 ++++++ OvmfPkg/PlatformPei/IntelTdxNull.c | 49 + OvmfPkg/PlatformPei/MemDetect.c | 57 +- OvmfPkg/PlatformPei/Platform.c | 1 + OvmfPkg/PlatformPei/Platform.h | 28 + OvmfPkg/PlatformPei/PlatformPei.inf | 14 + OvmfPkg/PlatformPei/X64/ApRunLoop.nasm | 83 ++ OvmfPkg/Sec/IntelTdx.c | 597 +++++++++++ OvmfPkg/Sec/IntelTdx.h | 33 + OvmfPkg/Sec/SecMain.c | 60 +- OvmfPkg/Sec/SecMain.inf | 7 + OvmfPkg/Sec/X64/SecEntry.nasm | 314 ++++++ OvmfPkg/TdxDxe/TdxAcpiTable.c | 112 +++ OvmfPkg/TdxDxe/TdxAcpiTable.h | 38 + OvmfPkg/TdxDxe/TdxDxe.c | 207 ++++ OvmfPkg/TdxDxe/TdxDxe.inf | 62 ++ UefiCpuPkg/CpuDxe/CpuDxe.inf | 1 + UefiCpuPkg/CpuDxe/CpuPageTable.c | 4 + UefiCpuPkg/Include/Library/VmgExitLib.h | 27 + .../BaseXApicX2ApicLib/BaseXApicX2ApicLib.c | 219 +++- .../BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf | 1 + .../PeiDxeSmmCpuException.c | 17 + .../SecPeiCpuException.c | 18 + UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 5 + UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 15 +- UefiCpuPkg/Library/MpInitLib/MpIntelTdx.h | 107 ++ UefiCpuPkg/Library/MpInitLib/MpLib.c | 27 + UefiCpuPkg/Library/MpInitLib/MpLibTdx.c | 126 +++ UefiCpuPkg/Library/MpInitLib/MpLibTdxNull.c | 117 +++ UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 5 + .../Library/MpInitLib/X64/IntelTdcall.nasm | 120 +++ .../Library/VmgExitLibNull/VmTdExitNull.c | 38 + .../Library/VmgExitLibNull/VmgExitLibNull.inf | 1 + UefiCpuPkg/UefiCpuPkg.dsc | 1 + UefiPayloadPkg/UefiPayloadPkg.dsc | 1 + 98 files changed, 9367 insertions(+), 135 deletions(-) create mode 100644 MdeModulePkg/Core/DxeIplPeim/X64/DxeIplTdVmcall.nasm create mode 100644 MdePkg/Include/ConfidentialComputingGuestAttr.h create mode 100644 MdePkg/Include/IndustryStandard/Tdx.h create mode 100644 MdePkg/Include/Library/TdxLib.h create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibFifo.c create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibInternalTdx.c create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibInternalTdxNull.c create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibSev.h create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibTdx.h create mode 100644 MdePkg/Library/TdxLib/AcceptPages.c create mode 100644 MdePkg/Library/TdxLib/Rtmr.c create mode 100644 MdePkg/Library/TdxLib/TdInfo.c create mode 100644 MdePkg/Library/TdxLib/TdxLib.inf create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.c create mode 100644 MdePkg/Library/TdxLib/X64/Tdcall.nasm create mode 100644 MdePkg/Library/TdxLib/X64/Tdvmcall.nasm create mode 100644 OvmfPkg/Include/IndustryStandard/IntelTdx.h create mode 100644 OvmfPkg/Include/Library/MemEncryptTdxLib.h create mode 100644 OvmfPkg/Include/Library/TdxMailboxLib.h create mode 100644 OvmfPkg/Include/Protocol/QemuAcpiTableNotify.h create mode 100644 OvmfPkg/Include/TdxCommondefs.inc create mode 100644 OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLib.inf create mode 100644 OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLibNull.inf create mode 100644 OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemoryEncryptionNull.c create mode 100644 OvmfPkg/Library/BaseMemEncryptTdxLib/MemoryEncryption.c create mode 100644 OvmfPkg/Library/BaseMemEncryptTdxLib/VirtualMemory.h create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailbox.c create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailboxNull.c create mode 100644 OvmfPkg/Library/VmgExitLib/VmTdExitVeHandler.c create mode 100644 OvmfPkg/PlatformPei/IntelTdx.c create mode 100644 OvmfPkg/PlatformPei/IntelTdxNull.c create mode 100644 OvmfPkg/PlatformPei/X64/ApRunLoop.nasm create mode 100644 OvmfPkg/Sec/IntelTdx.c create mode 100644 OvmfPkg/Sec/IntelTdx.h create mode 100644 OvmfPkg/TdxDxe/TdxAcpiTable.c create mode 100644 OvmfPkg/TdxDxe/TdxAcpiTable.h create mode 100644 OvmfPkg/TdxDxe/TdxDxe.c create mode 100644 OvmfPkg/TdxDxe/TdxDxe.inf create mode 100644 UefiCpuPkg/Library/MpInitLib/MpIntelTdx.h create mode 100644 UefiCpuPkg/Library/MpInitLib/MpLibTdx.c create mode 100644 UefiCpuPkg/Library/MpInitLib/MpLibTdxNull.c create mode 100644 UefiCpuPkg/Library/MpInitLib/X64/IntelTdcall.nasm create mode 100644 UefiCpuPkg/Library/VmgExitLibNull/VmTdExitNull.c -- 2.29.2.windows.2