Re: [edk2-devel] [PATCH V5 25/33] OvmfPkg: Update PlatformPei to support Tdx guest

Thu, 17 Feb 2022 00:43:54 -0800 

Hi
 
> > +/**
> > +  This Function checks if TDX is available, if present then it sets
> > +  the dynamic PCDs for Tdx guest. It also builds Guid hob which
> > +contains
> > +  the Host Bridge DevId.
> > +  **/
> > +VOID
> > +IntelTdxInitialize (
> > +  VOID
> > +  )
> > +{
> > + #ifdef MDE_CPU_X64
> > +  EFI_HOB_PLATFORM_INFO  PlatformInfoHob;
> > +  RETURN_STATUS          PcdStatus;
> > +
> > +  if (!TdIsEnabled ()) {
> > +    return;
> > +  }
> > +
> > +  PcdStatus = PcdSet64S (PcdConfidentialComputingGuestAttr,
> > + CCAttrIntelTdx);  ASSERT_RETURN_ERROR (PcdStatus);
> > +
> > +  PcdStatus = PcdSetBoolS (PcdIa32EferChangeAllowed, FALSE);
> > + ASSERT_RETURN_ERROR (PcdStatus);
> > +
> > +  PcdStatus = PcdSet64S (PcdTdxSharedBitMask, TdSharedPageMask ());
> > + ASSERT_RETURN_ERROR (PcdStatus);
> > +
> > +  PcdStatus = PcdSetBoolS (PcdSetNxForStack, TRUE);
> > + ASSERT_RETURN_ERROR (PcdStatus);
> > +
> > +  ZeroMem (&PlatformInfoHob, sizeof (PlatformInfoHob));
> > + PlatformInfoHob.HostBridgePciDevId = mHostBridgeDevId;
> > +
> > +  BuildGuidDataHob (&gUefiOvmfPkgTdxPlatformGuid, &PlatformInfoHob,
> > +sizeof (EFI_HOB_PLATFORM_INFO));  #endif }
> 
> So, what is the plan for this with pei-less boot?
In Pei-less boot PCDs cannot be set. So these settings are saved in 
PlatformInfoHob which will be set in early Dxe phase.
> 
> I think we should move this to PlatformInitLib, then link either into
> PlatformPei or the early dxe module for pei-less boot?
> 
1. PlatformInitLib is designed without Dynamic PCDs because it is for both SEC 
and PEI.

2. When boot with PEI phase, some PCDs are mandatory.
For example, PcdIa32EferChangeAllowed indicates whether IA32_EFER can be 
modified or not. Because in Tdx guest change of IA32_EFER is not allowed. But 
in boot with PEI phase, DxeIplPei tries to update IA32_EFER (see 
IsEnableNonExecNeeded).
Another example is PcdConfidentialComputingGuestAttr. It is used in 
MpInitLib/MpLib.c (for CpuMpPei).

3. In Pei-less boot, there is no such limitation. Because the PCDs can be set 
before they're consumed.

Based on above consideration, I would suggest keep above logics.

Thanks
Min


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#86724): https://edk2.groups.io/g/devel/message/86724
Mute This Topic: https://groups.io/mt/88617550/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to