[PATCH V4 00/31] Enable Intel TDX in OvmfPkg (Config-A)

["Min Xu" <min.m.xu@intel.com>]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3249

Intel's Trust Domain Extensions (Intel TDX) refers to an Intel technology
that extends Virtual Machines Extensions (VMX) and Multi-Key Total Memory
Encryption (MKTME) with a new kind of virutal machines guest called a 
Trust Domain (TD). A TD is desinged to run in a CPU mode that protects the
confidentiality of TD memory contents and the TD's CPU state from other
software, including the hosting Virtual-Machine Monitor (VMM), unless
explicitly shared by the TD itself.

There are 2 configurations for TDVF to upstream. See below link for
the definitions of the 2 configurations.
https://edk2.groups.io/g/devel/message/76367

This patch-set is to enable Config-A in OvmfPkg.
 - Merge the *basic* TDVF feature to existing OvmfX64Pkg.dsc. (Align
   with existing SEV)
 - Threat model: VMM is NOT out of TCB. (We don’t make things worse.)
 - The OvmfX64Pkg.dsc includes SEV/TDX/normal OVMF basic boot capability.
   The final binary can run on SEV/TDX/normal OVMF
 - No changes to existing OvmfPkgX64 image layout.
 - No need to add additional security features if they do not exist today
 - No need to remove features if they exist today.
 - RTMR is not supported
 - PEI phase is NOT skipped in either Td or Non-Td

Note:
To improve the review efficiency the whole TDVF upstream to EDK2 is
splitted into several waves. Wave-1 is focused on the changes in
OvmfPkg/ResetVector. It has been merged into master branch.

Patch 01 - 17 are changes in SEC phase. Also some libraries in these
patches are workable in SEC/PEI/DXE.

Patch 22 - 22 are changes for PEI phase.

Patch 23 - 27 are changes in DXE phase.

Patch 28 - 31 are for local Apic timer DXE driver. They're under review
in another separate patch-set. But to keep the code complete and
workable, they're included in this patch-set. They can be skipped.

[TDX]: https://software.intel.com/content/dam/develop/external/us/en/
documents/tdx-whitepaper-final9-17.pdf

[TDX-Module]: https://software.intel.com/content/dam/develop/external/
us/en/documents/tdx-module-1.0-public-spec-v0.931.pdf

[TDVF]: https://software.intel.com/content/dam/develop/external/us/en/
documents/tdx-virtual-firmware-design-guide-rev-1.pdf

[GCHI]: https://software.intel.com/content/dam/develop/external/us/en/
documents/intel-tdx-guest-hypervisor-communication-interface-1.0-344426-002.pdf

Code is at https://github.com/mxu9/edk2/tree/tdvf_wave2.v4

v4 changes:
 - Split the TdxLib into 2 libraries. The TDX basic functions
   (TdCall / TdVmCall / TdIsEnabled) are moved to BaseLib (#2).
   The other functions are in TdxLib. (#3)
 - Based on above changes (TdCall/TdVmCall/TdIsEnabled in BaseLib)
   the TdxLib.inf is not necessary in some Pkgs, such as
   UefiPayloadPkg. The duplicated source code are deleted (BaseIoLib
   is the sample).
 - Drop the Accepting pages with TDX MP service. Instead only BSP
   accepts pages. There maybe boot performance issue. There are some
   mitigations to it, such as 2M accept page size, lazy accept, etc.
   We will re-visit this issue in a separate patch-set.
 - Relocate Mailbox in TdxDxe driver instead of in PlatformPei. This
   is to keep consistence with Config-B (PEI is skipped in Config-B).
 - SetMmioSharedBit in TdxDxe driver instead of in DxeIplPeim after
   CreateIdentityMappingPageTables. This is to keep consistence with
   Config-B (PEI is skipped in Config-B).
 - Some other minor changes, such as switch-case indention.
 - Rebase the code base (commit: 8c06c53b585a) and update the code with
   uncrustify.

v4 not-addressed comments:
 - Comments in MpInitLib have not been addressed yet. It will be
   addressed in the next version.
 - BaseMemEncryptTdxLib is suggested to be merged with
   BaseMemEncryptSevLib. It will be addressed in the next version.
 - Gerd suggests a generic page table walker which is able to set
   and clear bits for a given memory range in both SEV and TDX guest.
   This suggestion will be addressed in the next version.
 - Some comments may be missed. I will re-visit the review emails.
 - Thanks much for your understanding.

v3 changes:
 - LocalApicTimerDxe is split out to be a separate patch-series.
 - VmTdExitLibNull/VmgExitLib are removed. Instead the VmgExitLib
   is extended to handle #VE exception. (Patch 3-5)
 - Split the Tdx support of base IoLib into 4 commits. (Patch 6-9)
 - Alter of MADT table is updated. In previous version it was
   created from scratch. Now it gets the installed table, copy
   it to a larger buffer and append the ACPI_MADT_MPWK to it.
   (Patch 25)
 - Changes in BaseXApicX2ApicLib is refined based on the
   feedbacks. (Add spec link of MSR access definition, rename
   some funtion name, etc.) (Patch 11)
 - Use PcdConfidentialComputingGuestAttr to probe TDX guest instead
   of CPUID. But in some cases PcdConfidentialComputingGuestAttr
   cannot be used because it has not been set yet.
 - Some other minor changes.
 
v3 not-addressed comments:
 - Some of the comments have not been addressed. This is because I
   need more time to consider how to address these comments.
   At the same time I want to submit a new version based on the above
   changes so that community can review in a more efficient way.
   (v2 is the version one month ago).
 - Comments in MpInitLib have not been addressed yet. It will be
   addressed in v4.
 - BaseMemEncryptTdxLib should be merged with BaseMemEncryptSevLib.
   It will be addressed in v4.
 - Some comments may be missed. I will re-visit the review emails.
 - Thanks much for your understanding.

v2 changes:
 - Remove TdxProbeLib. It is to reduce the depencies of the lib.
 - In v1 a new function (AllocatePagesWithMemoryType) is added in
   PeiMemoryAllocationLib. This function is not necessary. It can
   be replaced by PeiServicesAllocatePages.
 - IoLibFifo.c is added in BaseIoLibIntrinsic. This file includes
   the functions of read/write of I/O  port fifo. These functions
   will call TdIoReadFifo or SevIoReadFifo by checking TDX or SEV
   in run-time.
 - DXE related patches are added. (Patch 22-28)
 - Fix typo in commit/comment message, or some minor changes.
 - Rebase the edk2 code base. (4cc1458dbe00)

Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>

Min Xu (31):
  MdePkg: Add Tdx.h
  MdePkg: Introduce basic Tdx functions in BaseLib
  MdePkg: Add TdxLib to wrap Tdx operations
  UefiCpuPkg: Extend VmgExitLibNull to handle #VE exception
  OvmfPkg: Extend VmgExitLib to handle #VE exception
  UefiCpuPkg/CpuExceptionHandler: Add base support for the #VE exception
  MdePkg: Add helper functions for Tdx guest in BaseIoLibIntrinsic
  MdePkg: Support mmio for Tdx guest in BaseIoLibIntrinsic
  MdePkg: Support IoFifo for Tdx guest in BaseIoLibIntrinsic
  MdePkg: Support IoRead/IoWrite for Tdx guest in BaseIoLibIntrinsic
  UefiCpuPkg: Support TDX in BaseXApicX2ApicLib
  MdePkg: Add macro to check SEV / TDX guest
  UefiCpuPkg: Enable Tdx support in MpInitLib
  OvmfPkg: Add IntelTdx.h in OvmfPkg/Include/IndustryStandard
  OvmfPkg: Add TdxMailboxLib
  MdePkg: Add EFI_RESOURCE_ATTRIBUTE_ENCRYPTED in PiHob.h
  OvmfPkg: Update Sec to support Tdx
  OvmfPkg: Check Tdx in QemuFwCfgPei to avoid DMA operation
  MdeModulePkg: EFER should not be changed in TDX
  MdeModulePkg: Add PcdTdxSharedBitMask
  UefiCpuPkg: Update AddressEncMask in CpuPageTable
  OvmfPkg: Update PlatformPei to support TDX
  OvmfPkg: Update AcpiPlatformDxe to alter MADT table
  OvmfPkg: Add TdxDxe driver
  OvmfPkg/BaseMemEncryptTdxLib: Add TDX helper library
  OvmfPkg/QemuFwCfgLib: Support Tdx in QemuFwCfgDxe
  OvmfPkg: Update IoMmuDxe to support TDX
  OvmfPkg: Rename XenTimerDxe to LocalApicTimerDxe
  UefiCpuPkg: Setting initial-count register as the last step
  OvmfPkg: Switch timer in build time for OvmfPkg
  OvmfPkg: Move LocalApicTimerDxe to UefiCpuPkg

 MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf       |   1 +
 .../Core/DxeIplPeim/X64/VirtualMemory.c       |   7 +
 MdeModulePkg/MdeModulePkg.dec                 |   9 +
 .../Include/ConfidentialComputingGuestAttr.h  |   3 +
 MdePkg/Include/IndustryStandard/Tdx.h         | 203 ++++
 MdePkg/Include/Library/BaseLib.h              |  62 ++
 MdePkg/Include/Library/TdxLib.h               |  97 ++
 MdePkg/Include/Pi/PiHob.h                     |   8 +
 .../BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf |   2 +
 .../BaseIoLibIntrinsicSev.inf                 |   7 +
 MdePkg/Library/BaseIoLibIntrinsic/IoLib.c     |  81 +-
 MdePkg/Library/BaseIoLibIntrinsic/IoLibFifo.c | 216 ++++
 MdePkg/Library/BaseIoLibIntrinsic/IoLibGcc.c  |  51 +-
 .../BaseIoLibIntrinsic/IoLibInternalTdx.c     | 675 +++++++++++++
 .../BaseIoLibIntrinsic/IoLibInternalTdxNull.c | 497 +++++++++
 MdePkg/Library/BaseIoLibIntrinsic/IoLibMsc.c  |  73 +-
 MdePkg/Library/BaseIoLibIntrinsic/IoLibSev.h  | 166 +++
 MdePkg/Library/BaseIoLibIntrinsic/IoLibTdx.h  | 410 ++++++++
 .../BaseIoLibIntrinsic/X64/IoFifoSev.nasm     |  34 +-
 MdePkg/Library/BaseLib/BaseLib.inf            |  11 +
 MdePkg/Library/BaseLib/IntelTdxNull.c         |  83 ++
 MdePkg/Library/BaseLib/X64/TdCall.nasm        |  85 ++
 MdePkg/Library/BaseLib/X64/TdProbe.c          |  62 ++
 MdePkg/Library/BaseLib/X64/TdVmcall.nasm      | 145 +++
 MdePkg/Library/TdxLib/AcceptPages.c           | 180 ++++
 MdePkg/Library/TdxLib/Rtmr.c                  |  83 ++
 MdePkg/Library/TdxLib/TdInfo.c                | 114 +++
 MdePkg/Library/TdxLib/TdxLib.inf              |  37 +
 MdePkg/Library/TdxLib/TdxLibNull.c            | 107 ++
 MdePkg/MdePkg.dec                             |   3 +
 MdePkg/MdePkg.dsc                             |   1 +
 OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf   |   1 +
 OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpi.c       |  14 +-
 OvmfPkg/AmdSev/AmdSevX64.dsc                  |   5 +-
 OvmfPkg/AmdSev/AmdSevX64.fdf                  |   3 +-
 OvmfPkg/Include/IndustryStandard/IntelTdx.h   |  76 ++
 OvmfPkg/Include/Library/MemEncryptTdxLib.h    |  81 ++
 OvmfPkg/Include/Library/TdxMailboxLib.h       |  76 ++
 .../Include/Protocol/QemuAcpiTableNotify.h    |  27 +
 OvmfPkg/Include/TdxCommondefs.inc             |  51 +
 OvmfPkg/IoMmuDxe/AmdSevIoMmu.c                | 103 +-
 OvmfPkg/IoMmuDxe/AmdSevIoMmu.h                |   6 +-
 OvmfPkg/IoMmuDxe/IoMmuDxe.c                   |   6 +-
 OvmfPkg/IoMmuDxe/IoMmuDxe.inf                 |   5 +
 .../BaseMemEncryptTdxLib.inf                  |  44 +
 .../BaseMemEncryptTdxLibNull.inf              |  35 +
 .../BaseMemoryEncryptionNull.c                |  90 ++
 .../BaseMemEncryptTdxLib/MemoryEncryption.c   | 941 ++++++++++++++++++
 .../BaseMemEncryptTdxLib/VirtualMemory.h      | 181 ++++
 OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c   |   9 +-
 .../Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf  |   1 +
 .../QemuFwCfgLib/QemuFwCfgLibInternal.h       |  11 +
 OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c   |  32 +
 .../Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf  |   2 +
 OvmfPkg/Library/TdxMailboxLib/TdxMailbox.c    | 140 +++
 .../Library/TdxMailboxLib/TdxMailboxLib.inf   |  52 +
 .../Library/TdxMailboxLib/TdxMailboxNull.c    |  85 ++
 OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf  |   4 +-
 OvmfPkg/Library/VmgExitLib/VmTdExitHandler.h  |  32 +
 .../Library/VmgExitLib/VmTdExitVeHandler.c    | 562 +++++++++++
 OvmfPkg/Library/VmgExitLib/VmgExitLib.inf     |   3 +
 .../Library/VmgExitLib/X64/TdVmcallCpuid.nasm | 146 +++
 OvmfPkg/Microvm/MicrovmX64.dsc                |   2 +-
 OvmfPkg/Microvm/MicrovmX64.fdf                |   2 +-
 OvmfPkg/OvmfPkg.dec                           |  16 +
 OvmfPkg/OvmfPkgIa32.dsc                       |  11 +-
 OvmfPkg/OvmfPkgIa32.fdf                       |   8 +-
 OvmfPkg/OvmfPkgIa32X64.dsc                    |  13 +-
 OvmfPkg/OvmfPkgIa32X64.fdf                    |   8 +-
 OvmfPkg/OvmfPkgX64.dsc                        |  20 +-
 OvmfPkg/OvmfPkgX64.fdf                        |  11 +-
 OvmfPkg/OvmfXen.dsc                           |   2 +-
 OvmfPkg/OvmfXen.fdf                           |   2 +-
 OvmfPkg/PlatformPei/FeatureControl.c          |   8 +-
 OvmfPkg/PlatformPei/IntelTdx.c                | 223 +++++
 OvmfPkg/PlatformPei/IntelTdxNull.c            |  49 +
 OvmfPkg/PlatformPei/MemDetect.c               |  56 +-
 OvmfPkg/PlatformPei/Platform.c                |   1 +
 OvmfPkg/PlatformPei/Platform.h                |  22 +
 OvmfPkg/PlatformPei/PlatformPei.inf           |  12 +
 OvmfPkg/Sec/IntelTdx.c                        | 557 +++++++++++
 OvmfPkg/Sec/IntelTdx.h                        |  46 +
 OvmfPkg/Sec/SecMain.c                         |  46 +-
 OvmfPkg/Sec/SecMain.inf                       |   7 +
 OvmfPkg/Sec/X64/SecEntry.nasm                 |  82 ++
 OvmfPkg/TdxDxe/TdxAcpiTable.c                 | 213 ++++
 OvmfPkg/TdxDxe/TdxAcpiTable.h                 |  60 ++
 OvmfPkg/TdxDxe/TdxDxe.c                       | 251 +++++
 OvmfPkg/TdxDxe/TdxDxe.inf                     |  64 ++
 OvmfPkg/TdxDxe/X64/ApRunLoop.nasm             |  87 ++
 UefiCpuPkg/CpuDxe/CpuDxe.inf                  |   1 +
 UefiCpuPkg/CpuDxe/CpuPageTable.c              |   4 +
 UefiCpuPkg/Include/Library/VmgExitLib.h       |  28 +
 .../BaseXApicX2ApicLib/BaseXApicX2ApicLib.c   | 170 +++-
 .../PeiDxeSmmCpuException.c                   |  17 +
 .../SecPeiCpuException.c                      |  18 +
 UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf |   3 +
 UefiCpuPkg/Library/MpInitLib/DxeMpLib.c       |  15 +-
 UefiCpuPkg/Library/MpInitLib/MpIntelTdx.h     |  71 ++
 UefiCpuPkg/Library/MpInitLib/MpLib.c          |  27 +
 UefiCpuPkg/Library/MpInitLib/MpLibTdx.c       | 128 +++
 UefiCpuPkg/Library/MpInitLib/MpLibTdxNull.c   |  73 ++
 UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf |   3 +
 .../Library/VmgExitLibNull/VmTdExitNull.c     |  38 +
 .../Library/VmgExitLibNull/VmgExitLibNull.inf |   1 +
 .../LocalApicTimerDxe/LocalApicTimerDxe.c     |  15 +-
 .../LocalApicTimerDxe/LocalApicTimerDxe.h     |   4 +-
 .../LocalApicTimerDxe/LocalApicTimerDxe.inf   |  22 +-
 UefiCpuPkg/UefiCpuPkg.dsc                     |   1 +
 109 files changed, 8692 insertions(+), 163 deletions(-)
 create mode 100644 MdePkg/Include/IndustryStandard/Tdx.h
 create mode 100644 MdePkg/Include/Library/TdxLib.h
 create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibFifo.c
 create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibInternalTdx.c
 create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibInternalTdxNull.c
 create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibSev.h
 create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibTdx.h
 create mode 100644 MdePkg/Library/BaseLib/IntelTdxNull.c
 create mode 100644 MdePkg/Library/BaseLib/X64/TdCall.nasm
 create mode 100644 MdePkg/Library/BaseLib/X64/TdProbe.c
 create mode 100644 MdePkg/Library/BaseLib/X64/TdVmcall.nasm
 create mode 100644 MdePkg/Library/TdxLib/AcceptPages.c
 create mode 100644 MdePkg/Library/TdxLib/Rtmr.c
 create mode 100644 MdePkg/Library/TdxLib/TdInfo.c
 create mode 100644 MdePkg/Library/TdxLib/TdxLib.inf
 create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.c
 create mode 100644 OvmfPkg/Include/IndustryStandard/IntelTdx.h
 create mode 100644 OvmfPkg/Include/Library/MemEncryptTdxLib.h
 create mode 100644 OvmfPkg/Include/Library/TdxMailboxLib.h
 create mode 100644 OvmfPkg/Include/Protocol/QemuAcpiTableNotify.h
 create mode 100644 OvmfPkg/Include/TdxCommondefs.inc
 create mode 100644 OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLib.inf
 create mode 100644 OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLibNull.inf
 create mode 100644 OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemoryEncryptionNull.c
 create mode 100644 OvmfPkg/Library/BaseMemEncryptTdxLib/MemoryEncryption.c
 create mode 100644 OvmfPkg/Library/BaseMemEncryptTdxLib/VirtualMemory.h
 create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailbox.c
 create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf
 create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailboxNull.c
 create mode 100644 OvmfPkg/Library/VmgExitLib/VmTdExitHandler.h
 create mode 100644 OvmfPkg/Library/VmgExitLib/VmTdExitVeHandler.c
 create mode 100644 OvmfPkg/Library/VmgExitLib/X64/TdVmcallCpuid.nasm
 create mode 100644 OvmfPkg/PlatformPei/IntelTdx.c
 create mode 100644 OvmfPkg/PlatformPei/IntelTdxNull.c
 create mode 100644 OvmfPkg/Sec/IntelTdx.c
 create mode 100644 OvmfPkg/Sec/IntelTdx.h
 create mode 100644 OvmfPkg/TdxDxe/TdxAcpiTable.c
 create mode 100644 OvmfPkg/TdxDxe/TdxAcpiTable.h
 create mode 100644 OvmfPkg/TdxDxe/TdxDxe.c
 create mode 100644 OvmfPkg/TdxDxe/TdxDxe.inf
 create mode 100644 OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
 create mode 100644 UefiCpuPkg/Library/MpInitLib/MpIntelTdx.h
 create mode 100644 UefiCpuPkg/Library/MpInitLib/MpLibTdx.c
 create mode 100644 UefiCpuPkg/Library/MpInitLib/MpLibTdxNull.c
 create mode 100644 UefiCpuPkg/Library/VmgExitLibNull/VmTdExitNull.c
 rename OvmfPkg/XenTimerDxe/XenTimerDxe.c => UefiCpuPkg/LocalApicTimerDxe/LocalApicTimerDxe.c (94%)
 rename OvmfPkg/XenTimerDxe/XenTimerDxe.h => UefiCpuPkg/LocalApicTimerDxe/LocalApicTimerDxe.h (96%)
 rename OvmfPkg/XenTimerDxe/XenTimerDxe.inf => UefiCpuPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf (56%)

-- 
2.29.2.windows.2