From: "Gerd Hoffmann" <kraxel@redhat.com>
To: devel@edk2.groups.io, min.m.xu@intel.com
Cc: "lersek@redhat.com" <lersek@redhat.com>,
Michael Roth <michael.roth@amd.com>,
Oliver Steffen <osteffen@redhat.com>,
"Yao, Jiewen" <jiewen.yao@intel.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Ard Biesheuvel <ardb+tianocore@kernel.org>,
"Aktas, Erdem" <erdemaktas@google.com>,
"Sun, Yi Y" <yi.y.sun@intel.com>,
"Huang, Jiaqing" <jiaqing.huang@intel.com>
Subject: Re: [edk2-devel] [PATCH v3 1/4] OvmfPkg/Sec: Setup MTRR early in the boot process.
Date: Tue, 20 Feb 2024 09:15:01 +0100 [thread overview]
Message-ID: <jm7733erbsakaons4lj7alz4ybgehqny325snf377mn6jkbkja@wgavi5iyxzc7> (raw)
In-Reply-To: <PH0PR11MB5064FF88F61C98BF7A2E16DFC5502@PH0PR11MB5064.namprd11.prod.outlook.com>
On Tue, Feb 20, 2024 at 06:27:21AM +0000, Min Xu wrote:
> On Monday, February 12, 2024 11:22 PM, Gerd Hoffmann wrote:
> > On Thu, Feb 01, 2024 at 10:38:43AM +0100, Gerd Hoffmann wrote:
> > > Hi,
> > >
> > > > > Can you confirm (a) this patch is OK for
> > > > > "OvmfPkg/IntelTdx/Sec/SecMain.c", and (b) this series fixes the slowdown
> > you had encountered?
> > > > >
> > > > > (that's what's left before we can merge this series)
> > > > >
> > > > We test the patch in TDX and find EXIT_REASON_CR_ACCESS is triggered in
> > DXE phase.
> > >
> > > Hmm. Sure this caused by this patch series? For the PEI-less TDX
> > > build this series moves the MTRR setup to a different place in SEC.
> > > Once the DXE phase started the MTRR configuration should be identical
> > > with and without this patch series, and the series also doesn't touch
> > > any control register.
> >
> > Ping. Can you double-check please? Our QE ran a test build with this series
> > applied through regression testing (including TDX) and has not found any
> > issues.
>
> We double check the patch-set (v3) for both OvmfPkgX64 and IntelTdx.
> It triggered EXIT_REASON_CR_ACCESS in DXE phase when launching a
> td-guest.
Have you been able to figure which control register access caused the
EXIT_REASON_CR_ACCESS?
> @Gerd, what's the qemu command and test environment your QE
> run the case? We'd like run it in our side.
<quote>
Tested edk2-ovmf-20231122-1.el9.rhel21704.20240202.1130.noarch with TDX guest, no issue found
Version:
edk2-ovmf-20231122-1.el9.rhel21704.20240202.1130.noarch
guest kernel: 5.14.0-415.el9.x86_64
qemu-kvm-8.0.0-15.el9s.x86_64
host kernel-5.14.0-411.test.el9s.x86_64
Steps:
$ sudo /usr/libexec/qemu-kvm -accel kvm -drive file=/home/zixchen/rhel94_tdx.qcow2,if=none,id=virtio-disk0 -device virtio-blk-pci,drive=virtio-disk0 -cpu host -smp 16 -m 10240 -object tdx-guest,id=tdx,debug=on -machine q35,hpet=off,kernel_irqchip=split,memory-encryption=tdx,confidential-guest-support=tdx,memory-backend=ram1 -object memory-backend-ram,id=ram1,size=10240M,private=on -nographic -vga none -nodefaults -bios /usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd -serial stdio -netdev user,id=user.0 -device e1000,netdev=user.0
$ dmesg|grep -i tdx
[ 0.000000] tdx: Guest detected
[ 0.719122] TECH PREVIEW: Intel Trusted Domain Extensions (TDX) may not be fully supported.
[ 0.719122] Intel TDX
[ 0.719122] process: using TDX aware idle routine
</quote>
Host configuration with the tdx test packages:
https://sigs.centos.org/virt/tdx/host/
Latest edk2 build (stable202311 + patches) has the patch series
included:
https://kojihub.stream.centos.org/koji/buildinfo?buildID=56985
take care,
Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115642): https://edk2.groups.io/g/devel/message/115642
Mute This Topic: https://groups.io/mt/104052591/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2024-02-20 8:15 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-30 13:04 [edk2-devel] [PATCH v3 0/4] OvmfPkg/Sec: Setup MTRR early in the boot process Gerd Hoffmann
2024-01-30 13:04 ` [edk2-devel] [PATCH v3 1/4] " Gerd Hoffmann
2024-01-30 19:22 ` Laszlo Ersek
2024-01-31 12:06 ` Laszlo Ersek
2024-02-01 5:20 ` Min Xu
2024-02-01 6:10 ` Sun, Yi Y
2024-02-01 9:43 ` Gerd Hoffmann
2024-02-01 9:49 ` Sun, Yi Y
2024-02-01 9:38 ` Gerd Hoffmann
2024-02-12 15:22 ` Gerd Hoffmann
2024-02-20 6:27 ` Min Xu
2024-02-20 8:15 ` Gerd Hoffmann [this message]
2024-04-11 6:56 ` Corvin Köhne
2024-04-11 8:12 ` Gerd Hoffmann
2024-04-15 1:04 ` Min Xu
2024-05-22 8:59 ` Corvin Köhne
2024-05-30 9:03 ` Gerd Hoffmann
2024-06-03 7:13 ` Corvin Köhne
2024-06-03 10:38 ` Gerd Hoffmann
2024-01-30 13:04 ` [edk2-devel] [PATCH v3 2/4] MdePkg/ArchitecturalMsr.h: add #defines for MTRR cache types Gerd Hoffmann
2024-01-30 17:49 ` Michael D Kinney
2024-01-30 19:23 ` Laszlo Ersek
2024-01-30 19:28 ` Laszlo Ersek
2024-01-30 13:04 ` [edk2-devel] [PATCH v3 3/4] UefiCpuPkg/MtrrLib.h: use cache type #defines from ArchitecturalMsr.h Gerd Hoffmann
2024-01-30 17:49 ` Michael D Kinney
2024-01-30 19:24 ` Laszlo Ersek
2024-01-30 19:26 ` Laszlo Ersek
2024-01-30 19:29 ` Laszlo Ersek
2024-01-30 13:04 ` [edk2-devel] [PATCH v3 4/4] OvmfPkg/Sec: " Gerd Hoffmann
2024-01-30 19:25 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=jm7733erbsakaons4lj7alz4ybgehqny325snf377mn6jkbkja@wgavi5iyxzc7 \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox