[edk2-devel] [PATCH V2 08/10] OvmfPkg: Update TdxDxe to set TDX PCDs

Min Xu Mon, 24 Jan 2022 22:36:02 -0800

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429


TDX_PEI_LESS_BOOT indicates the boot without PEI phase. In this case
settings in EFI_HOB_PLATFORM_INFO should be set to its according PCDs.
TdxDxe driver is workable for both Legacy guest and Tdx guest. It is
because for Legacy guest (in PEI-less boot) there should be a place
to set the PCDs based on EFI_HOB_PLATFORM_INFO hob. TdxDxe driver is
the right place to do this work.

Cc: Michael D Kinney <michael.d.kin...@intel.com>
Cc: Brijesh Singh <brijesh.si...@amd.com>
Cc: Erdem Aktas <erdemak...@google.com>
Cc: James Bottomley <j...@linux.ibm.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: Gerd Hoffmann <kra...@redhat.com>
Signed-off-by: Min Xu <min.m...@intel.com>
---
 OvmfPkg/TdxDxe/TdxDxe.c   | 71 +++++++++++++++++++++++++++++++++++++--
 OvmfPkg/TdxDxe/TdxDxe.inf |  5 +++
 2 files changed, 74 insertions(+), 2 deletions(-)

diff --git a/OvmfPkg/TdxDxe/TdxDxe.c b/OvmfPkg/TdxDxe/TdxDxe.c
index 36ef5c510771..be2b5ab388b9 100644
--- a/OvmfPkg/TdxDxe/TdxDxe.c
+++ b/OvmfPkg/TdxDxe/TdxDxe.c
@@ -24,12 +24,70 @@
 #include <Library/HobLib.h>
 #include <Protocol/Cpu.h>
 #include <Library/UefiBootServicesTableLib.h>
+#include <ConfidentialComputingGuestAttr.h>
 #include <IndustryStandard/Tdx.h>
 #include <IndustryStandard/IntelTdx.h>
 #include <Library/TdxLib.h>
 #include <TdxAcpiTable.h>
 #include <Library/MemEncryptTdxLib.h>
 
+VOID
+SetPcdSettings (
+  EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
+  )
+{
+  RETURN_STATUS  PcdStatus;
+
+  PcdStatus = PcdSet16S (PcdOvmfHostBridgePciDevId, 
PlatformInfoHob->HostBridgePciDevId);
+  ASSERT_RETURN_ERROR (PcdStatus);
+  PcdStatus = PcdSet64S (PcdConfidentialComputingGuestAttr, 
PlatformInfoHob->PcdConfidentialComputingGuestAttr);
+  ASSERT_RETURN_ERROR (PcdStatus);
+  PcdStatus = PcdSetBoolS (PcdSetNxForStack, 
PlatformInfoHob->PcdSetNxForStack);
+  ASSERT_RETURN_ERROR (PcdStatus);
+  PcdStatus = PcdSetBoolS (PcdIa32EferChangeAllowed, 
PlatformInfoHob->PcdIa32EferChangeAllowed);
+  ASSERT_RETURN_ERROR (PcdStatus);
+
+  DEBUG ((
+    DEBUG_INFO,
+    "HostBridgeDevId=0x%x, CCAttr=0x%x, SetNxForStack=%x, 
Ia32EferChangeAllowed=%x\n",
+    PlatformInfoHob->HostBridgePciDevId,
+    PlatformInfoHob->PcdConfidentialComputingGuestAttr,
+    PlatformInfoHob->PcdSetNxForStack,
+    PlatformInfoHob->PcdIa32EferChangeAllowed
+    ));
+
+  PcdStatus = PcdSet32S (PcdCpuBootLogicalProcessorNumber, 
PlatformInfoHob->PcdCpuBootLogicalProcessorNumber);
+  ASSERT_RETURN_ERROR (PcdStatus);
+  PcdStatus = PcdSet32S (PcdCpuMaxLogicalProcessorNumber, 
PlatformInfoHob->PcdCpuMaxLogicalProcessorNumber);
+
+  ASSERT_RETURN_ERROR (PcdStatus);
+  DEBUG ((
+    DEBUG_INFO,
+    "MaxCpuCount=0x%x, BootCpuCount=0x%x\n",
+    PlatformInfoHob->PcdCpuMaxLogicalProcessorNumber,
+    PlatformInfoHob->PcdCpuBootLogicalProcessorNumber
+    ));
+
+  if (TdIsEnabled ()) {
+    PcdStatus = PcdSet64S (PcdTdxSharedBitMask, TdSharedPageMask ());
+    ASSERT_RETURN_ERROR (PcdStatus);
+    DEBUG ((DEBUG_INFO, "TdxSharedBitMask=0x%llx\n", PcdGet64 
(PcdTdxSharedBitMask)));
+  } else {
+    PcdStatus = PcdSet64S (PcdPciMmio64Base, 
PlatformInfoHob->PcdPciMmio64Base);
+    ASSERT_RETURN_ERROR (PcdStatus);
+    PcdStatus = PcdSet64S (PcdPciMmio64Size, 
PlatformInfoHob->PcdPciMmio64Size);
+    ASSERT_RETURN_ERROR (PcdStatus);
+    PcdStatus = PcdSet64S (PcdPciMmio32Base, 
PlatformInfoHob->PcdPciMmio32Base);
+    ASSERT_RETURN_ERROR (PcdStatus);
+    PcdStatus = PcdSet64S (PcdPciMmio32Size, 
PlatformInfoHob->PcdPciMmio32Size);
+    ASSERT_RETURN_ERROR (PcdStatus);
+    PcdStatus = PcdSet64S (PcdPciIoBase, PlatformInfoHob->PcdPciIoBase);
+    ASSERT_RETURN_ERROR (PcdStatus);
+    PcdStatus = PcdSet64S (PcdPciIoSize, PlatformInfoHob->PcdPciIoSize);
+    ASSERT_RETURN_ERROR (PcdStatus);
+  }
+}
+
 /**
   Location of resource hob matching type and starting address
 
@@ -179,10 +237,19 @@ TdxDxeEntryPoint (
     return EFI_UNSUPPORTED;
   }
 
-  SetMmioSharedBit ();
-
   PlatformInfo = (EFI_HOB_PLATFORM_INFO *)GET_GUID_HOB_DATA (GuidHob);
 
+ #ifdef TDX_PEI_LESS_BOOT
+  SetPcdSettings (PlatformInfo);
+
+  if (!TdIsEnabled ()) {
+    return EFI_SUCCESS;
+  }
+
+ #endif
+
+  SetMmioSharedBit ();
+
   //
   // Call TDINFO to get actual number of cpus in domain
   //
diff --git a/OvmfPkg/TdxDxe/TdxDxe.inf b/OvmfPkg/TdxDxe/TdxDxe.inf
index 077769bcf70c..ca51122664fa 100644
--- a/OvmfPkg/TdxDxe/TdxDxe.inf
+++ b/OvmfPkg/TdxDxe/TdxDxe.inf
@@ -60,5 +60,10 @@
   gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio64Size
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId
   gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber
+  gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber
   gUefiCpuPkgTokenSpaceGuid.PcdCpuLocalApicBaseAddress
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFdBaseAddress
+  gEfiMdeModulePkgTokenSpaceGuid.PcdIa32EferChangeAllowed
+  gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
+  gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask
+  gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack
-- 
2.29.2.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#86046): https://edk2.groups.io/g/devel/message/86046
Mute This Topic: https://groups.io/mt/88666806/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V2 08/10] OvmfPkg: Update TdxDxe to set TDX PCDs

Reply via email to