From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-delivery-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.61])
 by mx.groups.io with SMTP id smtpd.web12.22730.1574338133431019879
 for <devel@edk2.groups.io>;
 Thu, 21 Nov 2019 04:08:53 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=GxBFSgo7;
 spf=pass (domain: redhat.com, ip: 205.139.110.61, mailfrom: lersek@redhat.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1574338132;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=7Z5sLQqgCpTWScLEQ275F439qPPqoKJzyCoYoQyX36s=;
	b=GxBFSgo7FTNjD1Eg1DcwjZt30EliOVv+FAo3Sz/HL8pu+MgAnnJEKVrKc9xbvxEi/p56AW
	yjl6oNqewCc5P+7SJo3rFwPT9b3JHD4XeWqx4qMK7tEEno9IL3LXmLXvxO6LZgvv+71xSm
	tvEfHWVk1nJR0lCEX+dSd0mSODUmBOA=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-122-HzFeyZ8cP5-H3QfcSV-klA-1; Thu, 21 Nov 2019 07:08:49 -0500
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 941AE801E5B;
	Thu, 21 Nov 2019 12:08:47 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-197.ams2.redhat.com [10.36.116.197])
	by smtp.corp.redhat.com (Postfix) with ESMTP id B6539608B8;
	Thu, 21 Nov 2019 12:08:45 +0000 (UTC)
Subject: Re: [edk2-devel] [RFC PATCH v3 31/43] OvmfPkg/Sec: Enable cache early to speed up booting
To: devel@edk2.groups.io, thomas.lendacky@amd.com
Cc: Jordan Justen <jordan.l.justen@intel.com>,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>,
 Michael D Kinney <michael.d.kinney@intel.com>,
 Liming Gao <liming.gao@intel.com>, Eric Dong <eric.dong@intel.com>,
 Ray Ni <ray.ni@intel.com>, Brijesh Singh <brijesh.singh@amd.com>
References: <cover.1574280425.git.thomas.lendacky@amd.com>
 <1239290da9310bd688d9d25fb83737c5ca122882.1574280425.git.thomas.lendacky@amd.com>
From: "Laszlo Ersek" <lersek@redhat.com>
Message-ID: <f0bba948-db4e-8a9f-4f8b-8cefd56fa92f@redhat.com>
Date: Thu, 21 Nov 2019 13:08:44 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <1239290da9310bd688d9d25fb83737c5ca122882.1574280425.git.thomas.lendacky@amd.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-MC-Unique: HzFeyZ8cP5-H3QfcSV-klA-1
X-Mimecast-Spam-Score: 0
Content-Language: en-US
Content-Type: text/plain; charset=WINDOWS-1252
Content-Transfer-Encoding: quoted-printable

On 11/20/19 21:06, Lendacky, Thomas wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2198
>=20
> Currently, the OVMF code relies on the hypervisor to enable the cache
> support on the processor in order to improve the boot speed. However,
> with SEV-ES, the hypervisor is not allowed to change the CR0 register
> to enable caching.
>=20
> Update the OVMF Sec support to enable caching in order to improve the
> boot speed when running as an SEV-ES guest.
>=20
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> ---
>  OvmfPkg/Sec/SecMain.c | 45 +++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 45 insertions(+)
>=20
> diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
> index db319030ee58..53c850134897 100644
> --- a/OvmfPkg/Sec/SecMain.c
> +++ b/OvmfPkg/Sec/SecMain.c
> @@ -25,6 +25,9 @@
>  #include <Library/ExtractGuidedSectionLib.h>
>  #include <Library/LocalApicLib.h>
>  #include <Library/CpuExceptionHandlerLib.h>
> +#include <Register/Cpuid.h>
> +#include <Register/Amd/Cpuid.h>
> +#include <Register/Amd/Fam17Msr.h>
> =20
>  #include <Ppi/TemporaryRamSupport.h>
> =20
> @@ -713,6 +716,39 @@ FindAndReportEntryPoints (
>    return;
>  }
> =20
> +STATIC
> +BOOLEAN
> +SevEsIsEnabled (
> +  VOID
> +  )
> +{
> +  UINT32                            RegEax;
> +  CPUID_MEMORY_ENCRYPTION_INFO_EAX  Eax;
> +  MSR_SEV_STATUS_REGISTER           Msr;
> +
> +  //
> +  // Check if the memory encryption leaf exist
> +  //
> +  AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL);
> +  if (RegEax >=3D CPUID_MEMORY_ENCRYPTION_INFO) {
> +    //
> +    // CPUID Fn8000_001F[EAX] Bit 1 (Sev supported)
> +    //
> +    AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, &Eax.Uint32, NULL, NULL, NUL=
L);
> +    if (Eax.Bits.SevBit && Eax.Bits.SevEsBit) {
> +      //
> +      // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled)
> +      //
> +      Msr.Uint32 =3D AsmReadMsr32 (MSR_SEV_STATUS);
> +      if (Msr.Bits.SevEsBit) {
> +        return TRUE;
> +      }
> +    }
> +  }
> +
> +  return FALSE;
> +}
> +
>  VOID
>  EFIAPI
>  SecCoreStartupWithStack (
> @@ -755,6 +791,15 @@ SecCoreStartupWithStack (
> =20
>    ProcessLibraryConstructorList (NULL, NULL);
> =20
> +  //
> +  // Under SEV-ES, the hypervisor can't modify CR0 and so can't enable
> +  // caching in order to speed up the boot. Enable caching early for
> +  // an SEV-ES guest.
> +  //
> +  if (SevEsIsEnabled()) {
> +    AsmEnableCache ();
> +  }
> +
>    DEBUG ((EFI_D_INFO,
>      "SecCoreStartupWithStack(0x%x, 0x%x)\n",
>      (UINT32)(UINTN)BootFv,
>=20

Reviewed-by: Laszlo Ersek <lersek@redhat.com>

(If you agree with the suggestions I made for the previous patch in the
series, then you may have to move the comment block added here inside
the braces -- that's OK, it won't invalidate my R-b given here.)

Thanks!
Laszlo