HI Min/Gerd I think we have multiple ways to enable 5 level paging. 1) We do not change to 5 level in initial paging in reset vector. We can switch from 4 level to 5 level later when permanent memory is available. We don't need change flash layout.
2) We can enable 5 level paging in initial paging. 2.1) We can enable 5 level paging with 1G paging support. We don't need change flash layout. Only 3 pages is needed. (12K) I don't know if we can real case that a CPU support 5 level but without 1G paging. 2.2) We can still enable 5 level paging with 2M paging. 2.2.1) We can change flash layout to increase 6 pages (24K) memory to 7 pages (28K). So the CR3 in 5 level is same as the CR3 in 4 level. 2.2.2) We don't change flash layout but steal another page in somewhere else - PcdOvmfPml5Base That means CR3 in 5 level is different with CR4 in 4 level. Personally, I don't like the idea to create PcdOvmfPml5Base/Size Other AP MUST check 5 level and 4 level to get right CR3 location. That is tricky and unnecessary. In current patch, 2.2.2) is used. I suggest we also evaluate option 1), 2.1) and 2.2.1). If changing layout is NOT a concern then we can do 2.2.1). If we don't want to change layout, we can do 2.1) and fall back to 1). Thank you Yao Jiewen > -----Original Message----- > From: Xu, Min M <min.m...@intel.com> > Sent: Thursday, September 2, 2021 3:49 PM > To: kra...@redhat.com > Cc: devel@edk2.groups.io; Ard Biesheuvel <ardb+tianoc...@kernel.org>; Justen, > Jordan L <jordan.l.jus...@intel.com>; Brijesh Singh <brijesh.si...@amd.com>; > Erdem Aktas <erdemak...@google.com>; James Bottomley > <j...@linux.ibm.com>; Yao, Jiewen <jiewen....@intel.com>; Tom Lendacky > <thomas.lenda...@amd.com> > Subject: RE: [edk2-devel] [PATCH V5 2/2] OvmfPkg/ResetVector: Enable Intel > TDX in ResetVector of Ovmf > > On September 2, 2021 3:18 PM, Gerd Hoffmann wrote: > > Hi, > > > > > > Sure. And I think we should add proper 5-level paging support to > > > > the current ovmf implementation instead of adding hacks to the tdx code. > > > My understanding is that we should first add 5-level paging support in > > OVMF, right? > > > > Well, the page table setup should be in common code not tdx code as 5-level > > paging isn't something tdx-specific. > Agree. > > > > I'd suggest to add this to OvmfPkg/ResetVector/Ia32/PageTables64.asm. > > Reserve one more page, setup the tables for 5-level paging by inserting a > > level 5 page directory. > In the current patch a page (defined by PcdOvmfSecGhcbPageTableBase) > reserved in MEMFD > is used as the 5-level page directory. > Now One new page will be reserved in MEMFD to hold the level 5 page directory. > Like below: > 0x00C000|0x001000 > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTo > kenSpaceGuid.PcdOvmfSecGhcbBackupSize > > +0x00D000|0x001000 > +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPml5Base|gUefiOvmfPkgTokenSpace > Guid.PcdOvmfPml5Size > > > > When using 5-level paging let cr3 point to the first page (level 5 pagedir), > > when using 4-level paging let cr3 point to the second page (level 4 > > pagedir). > Yes. CPUID.(EAX=07H, ECX=0):ECX[bit 16] will be used to check if 5-level > paging > is supported. > > > > Can be part of this patch series, just make it a separate patch for easier > > review. > Sure. > > > > Whenever we should enable 5-level paging even in non-tdx mode or use 5- > > level paging only with tdx is a separate question. We can continue to use > > 4- > > level paging in non-tdx mode for now and discuss that later. > Agree. > > > > I'm not sure which implications this would have for booting older kernels, > > when handing over control to a OS kernel without 5-level paging support but > > 5-level paging enabled (non-issue for tdx as this requires a new tdx-aware > > guest kernel anyway ...). > > Thanks! > Min -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80190): https://edk2.groups.io/g/devel/message/80190 Mute This Topic: https://groups.io/mt/85242569/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
