From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.54]) by mx.groups.io with SMTP id smtpd.web12.4117.1650374636579720362 for ; Tue, 19 Apr 2022 06:23:57 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=KcV7qJMg; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.237.54, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PiEgRffnXpTbaSWnac+4XKI5PDu0BzzAYMwRzrBxkx0Bqo/IcENlptLiqDrGceNdex79/rt59yjqA0IeUuh73jD1Yy547Bpl8NgvOHqEgKhFdpDY1nQSSq5/bXRUbIvte7jGDFr/lpeMWb7wxylWmN4VoarWd2vIVX1+iewlL6kFULa+4Wx3aWm3BIuywyJ7K1/aBQBdZEqYPUvMRFi4P9hBTeUYzdpnxj+twiAkpNmIhzsOd2OhBnA1B9rzMe6qkxCqCLtIp0EDbxe4gWeZeVQy2/tmJIBYGF/vaLa2/xi8lNHFjJiWOTciLuqgZ1PwKRBDsu4nP6uY+um4sFmJ/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DoO4yVE9Z07C7bO1FTyV89DHwVRuz57jq64TZzq2LEs=; b=kGitJcC2CEY4TowOfUugO0P2NdBN/+hwK2Zh7K+GLI6HgGVLguvXAIHuEHWQ5c01bt1wfRRgjUXrG8487WpZb1un1t0/XM/dpnLtX4zxAIu5TH0749jVOKht+hTa4NxUVL/9WhPu6JfvLjhc6vlEpAkTPyeU0HymHuqUfVfoi5b6rc2sf+3u4mIPPDiaGSjYbeHkhOpEApOR4kbw9V5cNQCHrKapUCzx5nKqIlfxo6c7PZ63wLxmDZK21uPwnBTpQT3Vt6ooZwaF+pMBhvJ6gQ4gaObMEpS47GFXmlko6Sj8OUlaAtvU9L/9SMjnYdvYczTvjoLklNUAdRvls1YmYQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DoO4yVE9Z07C7bO1FTyV89DHwVRuz57jq64TZzq2LEs=; b=KcV7qJMgBgLJwUrN33ms8ICzH4aI8HguPL01JleUtcaadxGctjwwS+sVSMX7iC4HFoEYHTgZCXX7ii6Tmcbt6zWakuydKnWI8x57fPemUgFyDf+zubScELM24zikSmwOVUyUcSvafExbWPwGh/wGYI1p8P40U10XzW0mz1ruvww= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by BYAPR12MB3030.namprd12.prod.outlook.com (2603:10b6:a03:ae::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5164.20; Tue, 19 Apr 2022 13:23:53 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::781d:15d6:8f63:a4e7]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::781d:15d6:8f63:a4e7%5]) with mapi id 15.20.5164.025; Tue, 19 Apr 2022 13:23:53 +0000 Message-ID: Date: Tue, 19 Apr 2022 08:23:50 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0 Subject: Re: [edk2-devel] [PATCH] OvmfPkg: Set PciLib for TdxDxe driver To: "Yao, Jiewen" , "Xu, Min M" , "devel@edk2.groups.io" Cc: Brijesh Singh , "Aktas, Erdem" , James Bottomley References: <20220419015828.899-1-min.m.xu@intel.com> From: "Lendacky, Thomas" In-Reply-To: X-ClientProxiedBy: CH0PR03CA0244.namprd03.prod.outlook.com (2603:10b6:610:e5::9) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: Thomas.Lendacky@amd.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b4dc9799-ae52-4d95-bcd6-08da2207d920 X-MS-TrafficTypeDiagnostic: BYAPR12MB3030:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: hwOBxO/EnVwfIAFwPNkAbnJ2gFZs3gUWgims2ysfIrNemLWSl/jFawhL4jl42XWF0ZhEViL/wqm9xOM0eR+2ikbYoSpuSU05y61egdR0RFWNLtdJr7Jvop4GmMPZ1J+4hNTlnnHRm5upXBHvkj1PlIkx9PFvT6APlWJC2cdBNsgXTJDlCScgJXIxkNuIUhXc1YrhXRddsUD8fKtE6ra62f051AsFejfhaBobcETeBdDOI+Dqjnaz2dJYHoGBXPvj4BEE5XQ9UCXzdjRAuonC3CCJKkJ3S7KJIH4aZlWOG2+34wVE+ZvPcSo18dyxcL+KQN9fkCHeqkfFtLWIRdGFVBSemRnXkqr6m1IOmgNZ/Fa2wYwxdcOqfpHmG5Q+qRdcvZaoadVAGUBPLnsS6HEZXIi37sYyZYYpHCvR7CI3+DCc7trjmHM86WOeTRGmLQOIXwH9s1OrGiADFBHkIAhNDe9do2x7en44UTepMXa8V3vhkBI9LkE9iP0WHUIOS5l0LXMItga2aC7F1judVJLQQelN5ACeySmcEkXkJ9WPhbgoruATHtehuR6T15Pp8Ug1qy5Vw54KF/Z4EaNXvFygWisPJSPLBanfrt/5/RveRwstXHJpBsHjrXM3nOSZdWOXbGAdtvG0a2fksNXe93Zgbn1NFWYZAviF1gE2It2RMcm5Tw4TCKsDyVfBYzCqVrSURCs04+KnHADpWPN9gUn3VEb/vYZe+ylEKHv83Z+Sg1A9ACZnNEqY8Y0gvRVK1KyrhASb5T+3zi0Nm2UQcFgrdADEp8Cr+zhPl4PL/ZLIUeQQKtX4izT6ZwlKWKZ+FTm3 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(4636009)(366004)(36756003)(31686004)(2616005)(6512007)(83380400001)(110136005)(4326008)(26005)(5660300002)(8936002)(66476007)(66946007)(38100700002)(316002)(66556008)(8676002)(19627235002)(2906002)(54906003)(31696002)(186003)(6486002)(508600001)(966005)(86362001)(6506007)(53546011)(45080400002)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?czU5UnVuU2RvOFNucHFNc3hEbHY3MXlYcTN1MTNzTzA1dnhiVEhYRkpCSWd2?= =?utf-8?B?SmIwOEVyWmoyaFRlYlkzZnZmZDlSK3pwaTk4cEk2SHFGMjlXSjdBTVl4M2xM?= =?utf-8?B?eDNNQ1ArWHVxRXc1a0hIcWtJVlpHZVU4U0VzNm9kWWNadVNIcXVvTDZqUk5E?= =?utf-8?B?ZE9MajJXYS9kQ2Z0M3NFSFdVVEhxaC9PN1R1T3RNbzQ1Q2tyTG1rT0NmTi9n?= =?utf-8?B?Qjg2SDNRcXo1WllWY2ZmdzZUZ1FwOUJDc2FwUXl3UUx1WGRiNmpuM0ZBOElD?= =?utf-8?B?TkdYbzh2a2RhaXo4cHdqUmRLaDVEakRPNndURndLTzh1Z2Fxa3lZZnVadmZZ?= =?utf-8?B?ZXlFb0hMV2ZIeVhVRzRqSjJ1dFBqYU5NdHZUTDl3WXFucUlNaGZReFBVL3hX?= =?utf-8?B?M2UyRFNiV2ZKR2lsTEdwekxtdTU5aVJpRjIvUkxuVVEvS3d0S2U0d0V4c1B1?= =?utf-8?B?cVBYcHQwZlRvMFU4VXRiY2ZRaEhOZHdwc3pHc09NeFRQWXk0OHNoUENrOHFs?= =?utf-8?B?R2laUUtrU2NYSUd1S3FuVVFTN09xZXA1MDRvT2pEcjFwN202ZzVVa3BNMUVx?= =?utf-8?B?K2NhdEVjTElpcXBiLzl6VVN6OHhWWmw0UytFc3MvbWdodFNYcjJDd2NvMkRH?= =?utf-8?B?YmIyRkdROUxtWWF4ZGlDMTNjRjliK0ZMMjlvYUxqZmNJakFOZkI4TDRrL0JG?= =?utf-8?B?bmQxd2xlVU54bSs0bDJuanZqbnFZWUc5MXc4MFhrL1hmcVpnQnBINFNYaURt?= =?utf-8?B?THpNU3lZb0hwNXh2NGs5b2RQN3l0U2tjUEpPbTZnaGxlbmFvSnF5NHlvN2tl?= =?utf-8?B?bGpUODdYZFlVTStYVEd4QnVjdEczZ3R3eTRpVFFpenhpN1pMUjkyRGJCZEZp?= =?utf-8?B?TkNEWFNqWlFSMGlJdnBmdzRGNDRuOFFuWGhEVGFib3RNWC9YMHlIamJ2VnQ4?= =?utf-8?B?aUJiR3JidGQ0MW4xdW9CWnVrUjZreXRCc0pUbEZvMVR1RFV0Zm45RHpYQk8r?= =?utf-8?B?cmdjRWFIdmsvUk9vSENHU0twUUdHTFNrV0JGQWpIMWRUYkJzTWpTQVE3VTFN?= =?utf-8?B?M2oyaE5WWWFMZVNGOVRoUCtTUndtWVh2dW4wS2pwbnEzMkwwdmZDcmg5QXNq?= =?utf-8?B?VDRCU2k4Ty9OT055UFRuSTZXMkhQMTdKUDdDOUtTckgzekxvRHhLZHBaS2E2?= =?utf-8?B?NE40aTNpeXBDYmxoSDcxdjd3a1R2Mi9qQU0yVms0czVwMUhxUExnYjNwQ0Mv?= =?utf-8?B?b0JHRXhxVVNRYUpYcGNWbFJGSWd1RFpGaXRKd2ZqSEg4NS9aYnZtNFlZRUJM?= =?utf-8?B?YXRtNC9sV3dEMWphWjhzZVVXbHhPc1N6ZHAyZW16WW1WMEgvOVNiL1U4OWlB?= =?utf-8?B?dkI2WWpKSTlaM3FLMlQxL2wxS3NrU1VhY1hjTzVmOFJGRTBZMXlkdDdGcTc5?= =?utf-8?B?LzVTUXpqdW1CUVJCaS9LbG1ERDM1T3p5NEo3Rm9saDAyaDExVmJjRmQ4YnJj?= =?utf-8?B?bWYyOXJhTUVPNlhXVkZkeUk4cXA4QWdRTkErMCtUcWxLRElkR29henFtMFh2?= =?utf-8?B?OUJqaGRtVFp4ZmVlTm5Qa2pBckpvbnkzOG4yRXJpNC84WGMwTmI5V1AwSjVt?= =?utf-8?B?OFFWOHc5VWhGanVNNmV2azljaWpIckoyVkJibzUwUjBvM00rUFZxSTZGT3or?= =?utf-8?B?RmxLK3MrVC9FOEtGV2hoVTAvODdVRFdPcG00QVZVaEZqMnVnZERRUnI1bTJS?= =?utf-8?B?WEp5RTZUMzdyYTk0Y05kKzk0UmxiOFgyaFplalA2aDlTTGVnQzZod25mMGl2?= =?utf-8?B?clhscnRZaWNlS1lOSENsNmZmemk3U0M1RERPN1lsWmErVlBGZ0prdk8rRC8y?= =?utf-8?B?eTlYT2t5VVV0c0RmbzFtc3ROYTRqcWZCYmRudGJFaXdTdmtlMnVtRVVsZjRr?= =?utf-8?B?elUwNW8rSWFMeHAvalJFbFpDdkNzZGZsN3FJNzdQY2RKNk9NWHRPd29NS1d3?= =?utf-8?B?VVMwb2F0Ulh4cXR1YWtudmhtWkdMTUhYZU9uN1FHQ1c4SDhvcXoxTzZLY0R6?= =?utf-8?B?NzM2V1A3SURRM01USVhBOUV3VENSNlRSM1VkY20yYkFVSVQ5SjQ1NUl5bFhF?= =?utf-8?B?azBnTEtsNTNBbXV1clU5RC80R1V2M2xTbCtDVFNPcnJ5TkxRSGJyWFNBL1FS?= =?utf-8?B?VmFrMnJHVzhJOXF2dGFxRFIrTjFQSzVKN2VuYzFGNm04Y1RRcmE3eU00UmtF?= =?utf-8?B?WHFaaitOczZseFI3eEtLdEl2NDRUaVFHTnhwd2tQL3BrUGJWcTJhUlF4UU5y?= =?utf-8?B?UmV2cGRYUjlNOFROZVNMVHF1UWhkWDNybk51VUJOeVFtN01pbTREZz09?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: b4dc9799-ae52-4d95-bcd6-08da2207d920 X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Apr 2022 13:23:53.5043 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: k+Pw3wfd5deITEFsdVF+Za6WUsHu+zYeajc9DFnkBRZWk7Xn9Jnq/QlAHQUMAeqfaoqmKKPQzK+eG0tzbxeqEw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB3030 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 4/18/22 23:47, Yao, Jiewen wrote: > Can SEV clear the C-bit in SEC phase? Not really. IIRC, even if cleared in the SEC phase, the DXE phase replaces the page tables and it has to be cleared again. Thanks, Tom > > I think that is right way to ensure PCI Express can always be accessed by anyone. > > >> -----Original Message----- >> From: Xu, Min M >> Sent: Tuesday, April 19, 2022 12:39 PM >> To: Yao, Jiewen ; devel@edk2.groups.io >> Cc: Brijesh Singh ; Aktas, Erdem >> ; James Bottomley ; Tom >> Lendacky >> Subject: RE: [edk2-devel] [PATCH] OvmfPkg: Set PciLib for TdxDxe driver >> >> In AmdSevDxe's entry point it clears the C-bit from PcdPciExpressBaseAddress >> and other memory spaces if needed. Please see >> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fblob%2Fmaster%2FOvmfPkg%2FAmdSevDxe%2FAmdSev&data=04%7C01%7Cthomas.lendacky%40amd.com%7Cc39c49fd4e944900bdb708da21bfac91%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637859404370071519%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=9sxJnGXyaiHTdIzS%2BTzziBnwTAsKvSLFRMmHT4HGe60%3D&reserved=0 >> Dxe.c#L81-L95. After that OVMF can use PCI express. >> >> This broken is caused by the call sequence of TdxDxe driver and AmdSevDxe >> driver. Currently TdxDxe driver is loaded before AmdSevDxe, so in SEV-ES guest >> the C-bit of PcdPciExpressBaseAddress hasn't been cleared. In this situation the >> access to PciExpressBaseAddress trigger exceptions (lib constructor in TdxDxe). >> >> There are 2 options to fix this issue. >> 1. Adjust the load sequence of AmdSevDxe and TdxDxe (Load AmdSevDxe before >> TdxDxe) >> 2. Make TdxDxe to import BasePciLibCf8.inf instead of DxePciLibI440FxQ35.inf >> (just like AmdSevDxe) >> >> Tom and I tested above 2 options in SEV and TDX and all work. >> >>> -----Original Message----- >>> From: Yao, Jiewen >>> Sent: Tuesday, April 19, 2022 12:16 PM >>> To: Xu, Min M ; devel@edk2.groups.io >>> Cc: Brijesh Singh ; Aktas, Erdem >>> ; James Bottomley ; Tom >>> Lendacky >>> Subject: RE: [edk2-devel] [PATCH] OvmfPkg: Set PciLib for TdxDxe driver >>> >>> Do you mean, with SEV introduced, OVMF cannot use PCI express any more? >>> >>> Thank you >>> Yao Jiewen >>> >>> >>>> -----Original Message----- >>>> From: Xu, Min M >>>> Sent: Tuesday, April 19, 2022 11:05 AM >>>> To: Yao, Jiewen ; devel@edk2.groups.io >>>> Cc: Brijesh Singh ; Aktas, Erdem >>>> ; James Bottomley ; Tom >>>> Lendacky >>>> Subject: RE: [edk2-devel] [PATCH] OvmfPkg: Set PciLib for TdxDxe >>>> driver >>>> >>>> On April 19, 2022 10:54 AM, Yao Jiewen wrote: >>>>> >>>>> Why does TdxDxe call TdxMailbox in an SEV platform? >>>>> Or why does TdxMailbox call SynchronizationLib in an SEV platform? >>>>> >>>> TdxDxe will not call TdxMailbox/SynchronizationLib in SEV platform. >>>> The problem is in the lib constructor. When TdxDxe driver is loaded, >>>> before its entry point is called, the lib constructors will be called even in a >>> SEV platform. >>>>> >>>>> There are many places we can do CcProbe to stop action. Why we need >>>>> do it in DSC? >>>> So we cannot stop the lib constructor with CcProbe in this case. >>>> >>>> Thanks >>>> Min