Hi, > > Looks like two PCDs for basically the same thing. > > Should we create a common CC PCD here? > > > 1. The current situation of PcdPteMemoryEncryptionAddressOrMask is: > 1.1 PcdPteMemoryEncryptionAddressOrMask is now set by AmdSev. > 1.2 In CreateIdentityMappingPageTables(), this value (AddressEncMask) is set > to the page tables in SEV guest. > 1.3 This PCD is also used as an indicator in InternalMemEncryptSevStatus() if > ReadSevMsr is TRUE or FALSE. > 1.4 This PCD is also used in BootScriptExecutorEntryPoint()
Yes. Creating a common CC PCD may require some changes on the SEV side too. The code (1.3 for example) assumes sev is active when PcdPteMemoryEncryptionAddressOrMask is set, which will obviously not be the case any more when tdx uses it too. But there are other ways to check for sev which can be used instead ... > 2. The meaning and usage scenario of PcdTdxSharedBitMask are somehow > different from PcdPteMemoryEncryptionAddressOrMask. > 2.1 Guest physical address (GPA) space of Td guest is divided into private > and shared sub-spaces, determined by the shared bit of GPA.[1] Well, there are some differences in detail but the underlying concept is the same. The page table bit says whenever the page is private to the vm or not. With SEV the bit enables/disables encryption. With TDX the bit switches between private and shared encryption key. > 2.2 PcdTdxSharedBitMask indicates the above shared bit of GPA. And > only the shared GPA has the shared bit set. This breaks 1.2. Hmm, ok. So the logic is different. SEV enables the bit for private pages whereas TDX enables the bit for shared pages. Too bad. That indeed makes it impossible to share a single PCD. We could still define something generic, like a "set-this-bit-for-shared-pages" pcd and a "set-this-bit-for-private-pages" pcd. But at the end of the day that probably wouldn't be very different from having PcdPteMemoryEncryptionAddressOrMask + PcdTdxSharedBitMask ... take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#84446): https://edk2.groups.io/g/devel/message/84446 Mute This Topic: https://groups.io/mt/86739889/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
