From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by mx.groups.io with SMTP id smtpd.web10.10693.1639400242692099801 for ; Mon, 13 Dec 2021 04:57:23 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="signature has expired" header.i=@intel.com header.s=intel header.b=edX3y1bp; spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: min.m.xu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1639400242; x=1670936242; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=jaKr2oS+yV+Qf+fZn1Aj8vaj+g9dppPpZPIOkn54VVw=; b=edX3y1bpq+2nJn6PekXnkIAu+pGPrvq7bOgnOh6om9HzCG2Fm8L4Cq3h OttpSZ8Dj70AJ+gFk/DDskZewyUFou7CSOiSJwo08+n9Ys1JeLnpCoOsP eEcmxgqfTNyreRxE1Y9tERWnmE5q+fkbJvb3dsVbhCeoDX3U0m6XaOBme CM+rYgHTjULS/yNE7UZ2A88oX6rI3L1CP2M72QtUtkvUbrLqPwwqGR6k7 P9EwKoCLT+wyH9yw7+HxUJP09eWgalXjjVe13Ky651ozk46cdl3nXylEe VVbKV57rrgC6RDXZ6U8gyrmxNa3fFWm/DCFfARf3IFNepVKrHE5HZLsId g==; X-IronPort-AV: E=McAfee;i="6200,9189,10196"; a="238669153" X-IronPort-AV: E=Sophos;i="5.88,202,1635231600"; d="scan'208";a="238669153" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Dec 2021 04:57:21 -0800 X-IronPort-AV: E=Sophos;i="5.88,202,1635231600"; d="scan'208";a="517738132" Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.173.142]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Dec 2021 04:57:16 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Brijesh Singh , Eric Dong , Erdem Aktas , Hao A Wu , Jian J Wang , James Bottomley , Jiewen Yao , Liming Gao , Michael D Kinney , Ray Ni , Rahul Kumar , Tom Lendacky , Zhiguang Liu , Gerd Hoffmann Subject: [PATCH V4 00/31] Enable Intel TDX in OvmfPkg (Config-A) Date: Mon, 13 Dec 2021 20:56:31 +0800 Message-Id: X-Mailer: git-send-email 2.29.2.windows.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3249 Intel's Trust Domain Extensions (Intel TDX) refers to an Intel technology that extends Virtual Machines Extensions (VMX) and Multi-Key Total Memory Encryption (MKTME) with a new kind of virutal machines guest called a Trust Domain (TD). A TD is desinged to run in a CPU mode that protects the confidentiality of TD memory contents and the TD's CPU state from other software, including the hosting Virtual-Machine Monitor (VMM), unless explicitly shared by the TD itself. There are 2 configurations for TDVF to upstream. See below link for the definitions of the 2 configurations. https://edk2.groups.io/g/devel/message/76367 This patch-set is to enable Config-A in OvmfPkg. - Merge the *basic* TDVF feature to existing OvmfX64Pkg.dsc. (Align with existing SEV) - Threat model: VMM is NOT out of TCB. (We don’t make things worse.) - The OvmfX64Pkg.dsc includes SEV/TDX/normal OVMF basic boot capability. The final binary can run on SEV/TDX/normal OVMF - No changes to existing OvmfPkgX64 image layout. - No need to add additional security features if they do not exist today - No need to remove features if they exist today. - RTMR is not supported - PEI phase is NOT skipped in either Td or Non-Td Note: To improve the review efficiency the whole TDVF upstream to EDK2 is splitted into several waves. Wave-1 is focused on the changes in OvmfPkg/ResetVector. It has been merged into master branch. Patch 01 - 17 are changes in SEC phase. Also some libraries in these patches are workable in SEC/PEI/DXE. Patch 22 - 22 are changes for PEI phase. Patch 23 - 27 are changes in DXE phase. Patch 28 - 31 are for local Apic timer DXE driver. They're under review in another separate patch-set. But to keep the code complete and workable, they're included in this patch-set. They can be skipped. [TDX]: https://software.intel.com/content/dam/develop/external/us/en/ documents/tdx-whitepaper-final9-17.pdf [TDX-Module]: https://software.intel.com/content/dam/develop/external/ us/en/documents/tdx-module-1.0-public-spec-v0.931.pdf [TDVF]: https://software.intel.com/content/dam/develop/external/us/en/ documents/tdx-virtual-firmware-design-guide-rev-1.pdf [GCHI]: https://software.intel.com/content/dam/develop/external/us/en/ documents/intel-tdx-guest-hypervisor-communication-interface-1.0-344426-002.pdf Code is at https://github.com/mxu9/edk2/tree/tdvf_wave2.v4 v4 changes: - Split the TdxLib into 2 libraries. The TDX basic functions (TdCall / TdVmCall / TdIsEnabled) are moved to BaseLib (#2). The other functions are in TdxLib. (#3) - Based on above changes (TdCall/TdVmCall/TdIsEnabled in BaseLib) the TdxLib.inf is not necessary in some Pkgs, such as UefiPayloadPkg. The duplicated source code are deleted (BaseIoLib is the sample). - Drop the Accepting pages with TDX MP service. Instead only BSP accepts pages. There maybe boot performance issue. There are some mitigations to it, such as 2M accept page size, lazy accept, etc. We will re-visit this issue in a separate patch-set. - Relocate Mailbox in TdxDxe driver instead of in PlatformPei. This is to keep consistence with Config-B (PEI is skipped in Config-B). - SetMmioSharedBit in TdxDxe driver instead of in DxeIplPeim after CreateIdentityMappingPageTables. This is to keep consistence with Config-B (PEI is skipped in Config-B). - Some other minor changes, such as switch-case indention. - Rebase the code base (commit: 8c06c53b585a) and update the code with uncrustify. v4 not-addressed comments: - Comments in MpInitLib have not been addressed yet. It will be addressed in the next version. - BaseMemEncryptTdxLib is suggested to be merged with BaseMemEncryptSevLib. It will be addressed in the next version. - Gerd suggests a generic page table walker which is able to set and clear bits for a given memory range in both SEV and TDX guest. This suggestion will be addressed in the next version. - Some comments may be missed. I will re-visit the review emails. - Thanks much for your understanding. v3 changes: - LocalApicTimerDxe is split out to be a separate patch-series. - VmTdExitLibNull/VmgExitLib are removed. Instead the VmgExitLib is extended to handle #VE exception. (Patch 3-5) - Split the Tdx support of base IoLib into 4 commits. (Patch 6-9) - Alter of MADT table is updated. In previous version it was created from scratch. Now it gets the installed table, copy it to a larger buffer and append the ACPI_MADT_MPWK to it. (Patch 25) - Changes in BaseXApicX2ApicLib is refined based on the feedbacks. (Add spec link of MSR access definition, rename some funtion name, etc.) (Patch 11) - Use PcdConfidentialComputingGuestAttr to probe TDX guest instead of CPUID. But in some cases PcdConfidentialComputingGuestAttr cannot be used because it has not been set yet. - Some other minor changes. v3 not-addressed comments: - Some of the comments have not been addressed. This is because I need more time to consider how to address these comments. At the same time I want to submit a new version based on the above changes so that community can review in a more efficient way. (v2 is the version one month ago). - Comments in MpInitLib have not been addressed yet. It will be addressed in v4. - BaseMemEncryptTdxLib should be merged with BaseMemEncryptSevLib. It will be addressed in v4. - Some comments may be missed. I will re-visit the review emails. - Thanks much for your understanding. v2 changes: - Remove TdxProbeLib. It is to reduce the depencies of the lib. - In v1 a new function (AllocatePagesWithMemoryType) is added in PeiMemoryAllocationLib. This function is not necessary. It can be replaced by PeiServicesAllocatePages. - IoLibFifo.c is added in BaseIoLibIntrinsic. This file includes the functions of read/write of I/O port fifo. These functions will call TdIoReadFifo or SevIoReadFifo by checking TDX or SEV in run-time. - DXE related patches are added. (Patch 22-28) - Fix typo in commit/comment message, or some minor changes. - Rebase the edk2 code base. (4cc1458dbe00) Cc: Brijesh Singh Cc: Eric Dong Cc: Erdem Aktas Cc: Hao A Wu Cc: Jian J Wang Cc: James Bottomley Cc: Jiewen Yao Cc: Liming Gao Cc: Michael D Kinney Cc: Ray Ni Cc: Rahul Kumar Cc: Tom Lendacky Cc: Zhiguang Liu Cc: Gerd Hoffmann Signed-off-by: Min Xu Min Xu (31): MdePkg: Add Tdx.h MdePkg: Introduce basic Tdx functions in BaseLib MdePkg: Add TdxLib to wrap Tdx operations UefiCpuPkg: Extend VmgExitLibNull to handle #VE exception OvmfPkg: Extend VmgExitLib to handle #VE exception UefiCpuPkg/CpuExceptionHandler: Add base support for the #VE exception MdePkg: Add helper functions for Tdx guest in BaseIoLibIntrinsic MdePkg: Support mmio for Tdx guest in BaseIoLibIntrinsic MdePkg: Support IoFifo for Tdx guest in BaseIoLibIntrinsic MdePkg: Support IoRead/IoWrite for Tdx guest in BaseIoLibIntrinsic UefiCpuPkg: Support TDX in BaseXApicX2ApicLib MdePkg: Add macro to check SEV / TDX guest UefiCpuPkg: Enable Tdx support in MpInitLib OvmfPkg: Add IntelTdx.h in OvmfPkg/Include/IndustryStandard OvmfPkg: Add TdxMailboxLib MdePkg: Add EFI_RESOURCE_ATTRIBUTE_ENCRYPTED in PiHob.h OvmfPkg: Update Sec to support Tdx OvmfPkg: Check Tdx in QemuFwCfgPei to avoid DMA operation MdeModulePkg: EFER should not be changed in TDX MdeModulePkg: Add PcdTdxSharedBitMask UefiCpuPkg: Update AddressEncMask in CpuPageTable OvmfPkg: Update PlatformPei to support TDX OvmfPkg: Update AcpiPlatformDxe to alter MADT table OvmfPkg: Add TdxDxe driver OvmfPkg/BaseMemEncryptTdxLib: Add TDX helper library OvmfPkg/QemuFwCfgLib: Support Tdx in QemuFwCfgDxe OvmfPkg: Update IoMmuDxe to support TDX OvmfPkg: Rename XenTimerDxe to LocalApicTimerDxe UefiCpuPkg: Setting initial-count register as the last step OvmfPkg: Switch timer in build time for OvmfPkg OvmfPkg: Move LocalApicTimerDxe to UefiCpuPkg MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 1 + .../Core/DxeIplPeim/X64/VirtualMemory.c | 7 + MdeModulePkg/MdeModulePkg.dec | 9 + .../Include/ConfidentialComputingGuestAttr.h | 3 + MdePkg/Include/IndustryStandard/Tdx.h | 203 ++++ MdePkg/Include/Library/BaseLib.h | 62 ++ MdePkg/Include/Library/TdxLib.h | 97 ++ MdePkg/Include/Pi/PiHob.h | 8 + .../BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf | 2 + .../BaseIoLibIntrinsicSev.inf | 7 + MdePkg/Library/BaseIoLibIntrinsic/IoLib.c | 81 +- MdePkg/Library/BaseIoLibIntrinsic/IoLibFifo.c | 216 ++++ MdePkg/Library/BaseIoLibIntrinsic/IoLibGcc.c | 51 +- .../BaseIoLibIntrinsic/IoLibInternalTdx.c | 675 +++++++++++++ .../BaseIoLibIntrinsic/IoLibInternalTdxNull.c | 497 +++++++++ MdePkg/Library/BaseIoLibIntrinsic/IoLibMsc.c | 73 +- MdePkg/Library/BaseIoLibIntrinsic/IoLibSev.h | 166 +++ MdePkg/Library/BaseIoLibIntrinsic/IoLibTdx.h | 410 ++++++++ .../BaseIoLibIntrinsic/X64/IoFifoSev.nasm | 34 +- MdePkg/Library/BaseLib/BaseLib.inf | 11 + MdePkg/Library/BaseLib/IntelTdxNull.c | 83 ++ MdePkg/Library/BaseLib/X64/TdCall.nasm | 85 ++ MdePkg/Library/BaseLib/X64/TdProbe.c | 62 ++ MdePkg/Library/BaseLib/X64/TdVmcall.nasm | 145 +++ MdePkg/Library/TdxLib/AcceptPages.c | 180 ++++ MdePkg/Library/TdxLib/Rtmr.c | 83 ++ MdePkg/Library/TdxLib/TdInfo.c | 114 +++ MdePkg/Library/TdxLib/TdxLib.inf | 37 + MdePkg/Library/TdxLib/TdxLibNull.c | 107 ++ MdePkg/MdePkg.dec | 3 + MdePkg/MdePkg.dsc | 1 + OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf | 1 + OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpi.c | 14 +- OvmfPkg/AmdSev/AmdSevX64.dsc | 5 +- OvmfPkg/AmdSev/AmdSevX64.fdf | 3 +- OvmfPkg/Include/IndustryStandard/IntelTdx.h | 76 ++ OvmfPkg/Include/Library/MemEncryptTdxLib.h | 81 ++ OvmfPkg/Include/Library/TdxMailboxLib.h | 76 ++ .../Include/Protocol/QemuAcpiTableNotify.h | 27 + OvmfPkg/Include/TdxCommondefs.inc | 51 + OvmfPkg/IoMmuDxe/AmdSevIoMmu.c | 103 +- OvmfPkg/IoMmuDxe/AmdSevIoMmu.h | 6 +- OvmfPkg/IoMmuDxe/IoMmuDxe.c | 6 +- OvmfPkg/IoMmuDxe/IoMmuDxe.inf | 5 + .../BaseMemEncryptTdxLib.inf | 44 + .../BaseMemEncryptTdxLibNull.inf | 35 + .../BaseMemoryEncryptionNull.c | 90 ++ .../BaseMemEncryptTdxLib/MemoryEncryption.c | 941 ++++++++++++++++++ .../BaseMemEncryptTdxLib/VirtualMemory.h | 181 ++++ OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c | 9 +- .../Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf | 1 + .../QemuFwCfgLib/QemuFwCfgLibInternal.h | 11 + OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c | 32 + .../Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf | 2 + OvmfPkg/Library/TdxMailboxLib/TdxMailbox.c | 140 +++ .../Library/TdxMailboxLib/TdxMailboxLib.inf | 52 + .../Library/TdxMailboxLib/TdxMailboxNull.c | 85 ++ OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf | 4 +- OvmfPkg/Library/VmgExitLib/VmTdExitHandler.h | 32 + .../Library/VmgExitLib/VmTdExitVeHandler.c | 562 +++++++++++ OvmfPkg/Library/VmgExitLib/VmgExitLib.inf | 3 + .../Library/VmgExitLib/X64/TdVmcallCpuid.nasm | 146 +++ OvmfPkg/Microvm/MicrovmX64.dsc | 2 +- OvmfPkg/Microvm/MicrovmX64.fdf | 2 +- OvmfPkg/OvmfPkg.dec | 16 + OvmfPkg/OvmfPkgIa32.dsc | 11 +- OvmfPkg/OvmfPkgIa32.fdf | 8 +- OvmfPkg/OvmfPkgIa32X64.dsc | 13 +- OvmfPkg/OvmfPkgIa32X64.fdf | 8 +- OvmfPkg/OvmfPkgX64.dsc | 20 +- OvmfPkg/OvmfPkgX64.fdf | 11 +- OvmfPkg/OvmfXen.dsc | 2 +- OvmfPkg/OvmfXen.fdf | 2 +- OvmfPkg/PlatformPei/FeatureControl.c | 8 +- OvmfPkg/PlatformPei/IntelTdx.c | 223 +++++ OvmfPkg/PlatformPei/IntelTdxNull.c | 49 + OvmfPkg/PlatformPei/MemDetect.c | 56 +- OvmfPkg/PlatformPei/Platform.c | 1 + OvmfPkg/PlatformPei/Platform.h | 22 + OvmfPkg/PlatformPei/PlatformPei.inf | 12 + OvmfPkg/Sec/IntelTdx.c | 557 +++++++++++ OvmfPkg/Sec/IntelTdx.h | 46 + OvmfPkg/Sec/SecMain.c | 46 +- OvmfPkg/Sec/SecMain.inf | 7 + OvmfPkg/Sec/X64/SecEntry.nasm | 82 ++ OvmfPkg/TdxDxe/TdxAcpiTable.c | 213 ++++ OvmfPkg/TdxDxe/TdxAcpiTable.h | 60 ++ OvmfPkg/TdxDxe/TdxDxe.c | 251 +++++ OvmfPkg/TdxDxe/TdxDxe.inf | 64 ++ OvmfPkg/TdxDxe/X64/ApRunLoop.nasm | 87 ++ UefiCpuPkg/CpuDxe/CpuDxe.inf | 1 + UefiCpuPkg/CpuDxe/CpuPageTable.c | 4 + UefiCpuPkg/Include/Library/VmgExitLib.h | 28 + .../BaseXApicX2ApicLib/BaseXApicX2ApicLib.c | 170 +++- .../PeiDxeSmmCpuException.c | 17 + .../SecPeiCpuException.c | 18 + UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 3 + UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 15 +- UefiCpuPkg/Library/MpInitLib/MpIntelTdx.h | 71 ++ UefiCpuPkg/Library/MpInitLib/MpLib.c | 27 + UefiCpuPkg/Library/MpInitLib/MpLibTdx.c | 128 +++ UefiCpuPkg/Library/MpInitLib/MpLibTdxNull.c | 73 ++ UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 3 + .../Library/VmgExitLibNull/VmTdExitNull.c | 38 + .../Library/VmgExitLibNull/VmgExitLibNull.inf | 1 + .../LocalApicTimerDxe/LocalApicTimerDxe.c | 15 +- .../LocalApicTimerDxe/LocalApicTimerDxe.h | 4 +- .../LocalApicTimerDxe/LocalApicTimerDxe.inf | 22 +- UefiCpuPkg/UefiCpuPkg.dsc | 1 + 109 files changed, 8692 insertions(+), 163 deletions(-) create mode 100644 MdePkg/Include/IndustryStandard/Tdx.h create mode 100644 MdePkg/Include/Library/TdxLib.h create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibFifo.c create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibInternalTdx.c create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibInternalTdxNull.c create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibSev.h create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibTdx.h create mode 100644 MdePkg/Library/BaseLib/IntelTdxNull.c create mode 100644 MdePkg/Library/BaseLib/X64/TdCall.nasm create mode 100644 MdePkg/Library/BaseLib/X64/TdProbe.c create mode 100644 MdePkg/Library/BaseLib/X64/TdVmcall.nasm create mode 100644 MdePkg/Library/TdxLib/AcceptPages.c create mode 100644 MdePkg/Library/TdxLib/Rtmr.c create mode 100644 MdePkg/Library/TdxLib/TdInfo.c create mode 100644 MdePkg/Library/TdxLib/TdxLib.inf create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.c create mode 100644 OvmfPkg/Include/IndustryStandard/IntelTdx.h create mode 100644 OvmfPkg/Include/Library/MemEncryptTdxLib.h create mode 100644 OvmfPkg/Include/Library/TdxMailboxLib.h create mode 100644 OvmfPkg/Include/Protocol/QemuAcpiTableNotify.h create mode 100644 OvmfPkg/Include/TdxCommondefs.inc create mode 100644 OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLib.inf create mode 100644 OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLibNull.inf create mode 100644 OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemoryEncryptionNull.c create mode 100644 OvmfPkg/Library/BaseMemEncryptTdxLib/MemoryEncryption.c create mode 100644 OvmfPkg/Library/BaseMemEncryptTdxLib/VirtualMemory.h create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailbox.c create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailboxNull.c create mode 100644 OvmfPkg/Library/VmgExitLib/VmTdExitHandler.h create mode 100644 OvmfPkg/Library/VmgExitLib/VmTdExitVeHandler.c create mode 100644 OvmfPkg/Library/VmgExitLib/X64/TdVmcallCpuid.nasm create mode 100644 OvmfPkg/PlatformPei/IntelTdx.c create mode 100644 OvmfPkg/PlatformPei/IntelTdxNull.c create mode 100644 OvmfPkg/Sec/IntelTdx.c create mode 100644 OvmfPkg/Sec/IntelTdx.h create mode 100644 OvmfPkg/TdxDxe/TdxAcpiTable.c create mode 100644 OvmfPkg/TdxDxe/TdxAcpiTable.h create mode 100644 OvmfPkg/TdxDxe/TdxDxe.c create mode 100644 OvmfPkg/TdxDxe/TdxDxe.inf create mode 100644 OvmfPkg/TdxDxe/X64/ApRunLoop.nasm create mode 100644 UefiCpuPkg/Library/MpInitLib/MpIntelTdx.h create mode 100644 UefiCpuPkg/Library/MpInitLib/MpLibTdx.c create mode 100644 UefiCpuPkg/Library/MpInitLib/MpLibTdxNull.c create mode 100644 UefiCpuPkg/Library/VmgExitLibNull/VmTdExitNull.c rename OvmfPkg/XenTimerDxe/XenTimerDxe.c => UefiCpuPkg/LocalApicTimerDxe/LocalApicTimerDxe.c (94%) rename OvmfPkg/XenTimerDxe/XenTimerDxe.h => UefiCpuPkg/LocalApicTimerDxe/LocalApicTimerDxe.h (96%) rename OvmfPkg/XenTimerDxe/XenTimerDxe.inf => UefiCpuPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf (56%) -- 2.29.2.windows.2