From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+115642+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id E495A7803E4
	for <rebecca@openfw.io>; Tue, 20 Feb 2024 08:15:09 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=Gqekii65OA2tl6MuuneJ43woDT6roDLlAVMHXZ4G4oU=;
 c=relaxed/simple; d=groups.io;
 h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Disposition;
 s=20140610; t=1708416908; v=1;
 b=KayHvT4bglJ31+0jaLw83gWmXb3BxqyhYiV3UaAxZl7rTImYlMPxJFn5f5flq0ecmDYX5TPX
 16OH8qdr+APe2B584uaoEYG6FfxEh2vEDewNez1jhotkfM38XoOoavb6Dy0Cb/ltant5kK7wGVi
 7t5kpEBw8XGdYDaKF05OwFjs=
X-Received: by 127.0.0.2 with SMTP id 9SntYY7687511x2C69cLIWz7; Tue, 20 Feb 2024 00:15:08 -0800
X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by mx.groups.io with SMTP id smtpd.web10.8917.1708416907819052118
 for <devel@edk2.groups.io>;
 Tue, 20 Feb 2024 00:15:08 -0800
X-Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-219-G197nlFAMKWYT3q42ZCPfQ-1; Tue, 20 Feb 2024 03:15:03 -0500
X-MC-Unique: G197nlFAMKWYT3q42ZCPfQ-1
X-Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id EFCC010651EF;
	Tue, 20 Feb 2024 08:15:02 +0000 (UTC)
X-Received: from sirius.home.kraxel.org (unknown [10.39.193.175])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 9B2E01121E;
	Tue, 20 Feb 2024 08:15:02 +0000 (UTC)
X-Received: by sirius.home.kraxel.org (Postfix, from userid 1000)
	id 9A0DA1800DCF; Tue, 20 Feb 2024 09:15:01 +0100 (CET)
Date: Tue, 20 Feb 2024 09:15:01 +0100
From: "Gerd Hoffmann" <kraxel@redhat.com>
To: devel@edk2.groups.io, min.m.xu@intel.com
Cc: "lersek@redhat.com" <lersek@redhat.com>, 
	Michael Roth <michael.roth@amd.com>, Oliver Steffen <osteffen@redhat.com>, 
	"Yao, Jiewen" <jiewen.yao@intel.com>, Tom Lendacky <thomas.lendacky@amd.com>, 
	Ard Biesheuvel <ardb+tianocore@kernel.org>, "Aktas, Erdem" <erdemaktas@google.com>, 
	"Sun, Yi Y" <yi.y.sun@intel.com>, "Huang, Jiaqing" <jiaqing.huang@intel.com>
Subject: Re: [edk2-devel] [PATCH v3 1/4] OvmfPkg/Sec: Setup MTRR early in the boot process.
Message-ID: <jm7733erbsakaons4lj7alz4ybgehqny325snf377mn6jkbkja@wgavi5iyxzc7>
References: <20240130130441.772484-1-kraxel@redhat.com>
 <20240130130441.772484-2-kraxel@redhat.com>
 <fe5483d3-2357-f26f-d4d9-3b2ed564ab1a@redhat.com>
 <7b3177f0-9696-07e1-ad0e-040d5392b067@redhat.com>
 <PH0PR11MB506428341CAC3F6072D34C66C5432@PH0PR11MB5064.namprd11.prod.outlook.com>
 <scq6hrtgpidwiwxfu3fphcajlf64wtocp2uzef66iv6cbim343@ughkuh4gwwkn>
 <zxibxv5pe7cxhgqc6h6spy2mcprajw4754w2wmt6hli3gmlmn7@pcaktipqzlff>
 <PH0PR11MB5064FF88F61C98BF7A2E16DFC5502@PH0PR11MB5064.namprd11.prod.outlook.com>
MIME-Version: 1.0
In-Reply-To: <PH0PR11MB5064FF88F61C98BF7A2E16DFC5502@PH0PR11MB5064.namprd11.prod.outlook.com>
X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.5
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,kraxel@redhat.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: VDNDWFb26oMnXt4k3wM23DVjx7686176AA=
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=KayHvT4b;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=redhat.com (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io

On Tue, Feb 20, 2024 at 06:27:21AM +0000, Min Xu wrote:
> On Monday, February 12, 2024 11:22 PM, Gerd Hoffmann wrote:
> > On Thu, Feb 01, 2024 at 10:38:43AM +0100, Gerd Hoffmann wrote:
> > >   Hi,
> > >
> > > > > Can you confirm (a) this patch is OK for
> > > > > "OvmfPkg/IntelTdx/Sec/SecMain.c", and (b) this series fixes the slowdown
> > you had encountered?
> > > > >
> > > > > (that's what's left before we can merge this series)
> > > > >
> > > > We test the patch in TDX and find EXIT_REASON_CR_ACCESS is triggered in
> > DXE phase.
> > >
> > > Hmm.  Sure this caused by this patch series?  For the PEI-less TDX
> > > build this series moves the MTRR setup to a different place in SEC.
> > > Once the DXE phase started the MTRR configuration should be identical
> > > with and without this patch series, and the series also doesn't touch
> > > any control register.
> > 
> > Ping.  Can you double-check please?  Our QE ran a test build with this series
> > applied through regression testing (including TDX) and has not found any
> > issues.
> 
> We double check the patch-set (v3) for both OvmfPkgX64 and IntelTdx.
> It triggered EXIT_REASON_CR_ACCESS in DXE phase when launching a
> td-guest.

Have you been able to figure which control register access caused the
EXIT_REASON_CR_ACCESS?

> @Gerd, what's the qemu command and test environment your QE
> run the case? We'd like run it in our side.

<quote>

Tested edk2-ovmf-20231122-1.el9.rhel21704.20240202.1130.noarch with TDX guest, no issue found

Version:

edk2-ovmf-20231122-1.el9.rhel21704.20240202.1130.noarch

guest kernel: 5.14.0-415.el9.x86_64

qemu-kvm-8.0.0-15.el9s.x86_64
host kernel-5.14.0-411.test.el9s.x86_64

Steps:

$ sudo /usr/libexec/qemu-kvm  -accel kvm   -drive file=/home/zixchen/rhel94_tdx.qcow2,if=none,id=virtio-disk0   -device virtio-blk-pci,drive=virtio-disk0   -cpu host -smp 16 -m 10240 -object tdx-guest,id=tdx,debug=on   -machine q35,hpet=off,kernel_irqchip=split,memory-encryption=tdx,confidential-guest-support=tdx,memory-backend=ram1   -object memory-backend-ram,id=ram1,size=10240M,private=on  -nographic -vga none   -nodefaults -bios /usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd  -serial stdio  -netdev user,id=user.0 -device e1000,netdev=user.0

$ dmesg|grep -i tdx
[    0.000000] tdx: Guest detected
[    0.719122] TECH PREVIEW: Intel Trusted Domain Extensions (TDX) may not be fully supported.
[    0.719122]  Intel TDX
[    0.719122] process: using TDX aware idle routine

</quote>

Host configuration with the tdx test packages:
https://sigs.centos.org/virt/tdx/host/

Latest edk2 build (stable202311 + patches) has the patch series
included:

https://kojihub.stream.centos.org/koji/buildinfo?buildID=56985

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115642): https://edk2.groups.io/g/devel/message/115642
Mute This Topic: https://groups.io/mt/104052591/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-