RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429
OvmfPkg/PlatformPei is updated to support Tdx guest. There are below
major changes.
- Set Tdx related PCDs
- Publish Tdx RamRegions
In this patch there is another new function BuildPlatformInfoHob ().
This function builds EFI_HOB_PLATFORM_INFO which contains the
HostBridgeDevId. The hob is built in both Td guest and Non-Td guest.
Cc: Ard Biesheuvel <ardb+tianoc...@kernel.org>
Cc: Jordan Justen <jordan.l.jus...@intel.com>
Cc: Brijesh Singh <brijesh.si...@amd.com>
Cc: Erdem Aktas <erdemak...@google.com>
Cc: James Bottomley <j...@linux.ibm.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: Gerd Hoffmann <kra...@redhat.com>
Signed-off-by: Min Xu <min.m...@intel.com>
---
OvmfPkg/OvmfPkg.dec | 1 +
OvmfPkg/PlatformPei/FeatureControl.c | 7 +++-
OvmfPkg/PlatformPei/IntelTdx.c | 54 ++++++++++++++++++++++++++++
OvmfPkg/PlatformPei/MemDetect.c | 13 +++++--
OvmfPkg/PlatformPei/Platform.c | 18 ++++++++++
OvmfPkg/PlatformPei/Platform.h | 19 ++++++++++
OvmfPkg/PlatformPei/PlatformPei.inf | 4 +++
7 files changed, 113 insertions(+), 3 deletions(-)
create mode 100644 OvmfPkg/PlatformPei/IntelTdx.c
diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index f3d06411b51b..746050d64ba7 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -133,6 +133,7 @@
gGrubFileGuid = {0xb5ae312c, 0xbc8a, 0x43b1, {0x9c,
0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}}
gConfidentialComputingSecretGuid = {0xadf956ad, 0xe98c, 0x484c, {0xae,
0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}}
gConfidentialComputingSevSnpBlobGuid = {0x067b1f5f, 0xcf26, 0x44c5, {0x85,
0x54, 0x93, 0xd7, 0x77, 0x91, 0x2d, 0x42}}
+ gUefiOvmfPkgPlatformInfoGuid = {0xdec9b486, 0x1f16, 0x47c7, {0x8f,
0x68, 0xdf, 0x1a, 0x41, 0x88, 0x8b, 0xa5}}
[Ppis]
# PPI whose presence in the PPI database signals that the TPM base address
diff --git a/OvmfPkg/PlatformPei/FeatureControl.c
b/OvmfPkg/PlatformPei/FeatureControl.c
index 9af58c2655f8..5864ee0c214d 100644
--- a/OvmfPkg/PlatformPei/FeatureControl.c
+++ b/OvmfPkg/PlatformPei/FeatureControl.c
@@ -12,6 +12,7 @@
#include <Library/QemuFwCfgLib.h>
#include <Ppi/MpServices.h>
#include <Register/ArchitecturalMsr.h>
+#include <IndustryStandard/Tdx.h>
#include "Platform.h"
@@ -37,7 +38,11 @@ WriteFeatureControl (
IN OUT VOID *WorkSpace
)
{
- AsmWriteMsr64 (MSR_IA32_FEATURE_CONTROL, mFeatureControlValue);
+ if (TdIsEnabled ()) {
+ TdVmCall (TDVMCALL_WRMSR, (UINT64)MSR_IA32_FEATURE_CONTROL,
mFeatureControlValue, 0, 0, 0);
+ } else {
+ AsmWriteMsr64 (MSR_IA32_FEATURE_CONTROL, mFeatureControlValue);
+ }
}
/**
diff --git a/OvmfPkg/PlatformPei/IntelTdx.c b/OvmfPkg/PlatformPei/IntelTdx.c
new file mode 100644
index 000000000000..dabb35dadeff
--- /dev/null
+++ b/OvmfPkg/PlatformPei/IntelTdx.c
@@ -0,0 +1,54 @@
+/** @file
+ Initialize Intel TDX support.
+
+ Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/HobLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <IndustryStandard/Tdx.h>
+#include <IndustryStandard/QemuFwCfg.h>
+#include <Library/QemuFwCfgLib.h>
+#include <Library/PeiServicesLib.h>
+#include <Library/TdxLib.h>
+#include <Library/PlatformInitLib.h>
+#include <WorkArea.h>
+#include <ConfidentialComputingGuestAttr.h>
+#include "Platform.h"
+
+/**
+ This Function checks if TDX is available, if present then it sets
+ the dynamic PCDs for Tdx guest.
+ **/
+VOID
+IntelTdxInitialize (
+ VOID
+ )
+{
+ #ifdef MDE_CPU_X64
+ RETURN_STATUS PcdStatus;
+
+ if (!TdIsEnabled ()) {
+ return;
+ }
+
+ PcdStatus = PcdSet64S (PcdConfidentialComputingGuestAttr, CCAttrIntelTdx);
+ ASSERT_RETURN_ERROR (PcdStatus);
+
+ PcdStatus = PcdSetBoolS (PcdIa32EferChangeAllowed, FALSE);
+ ASSERT_RETURN_ERROR (PcdStatus);
+
+ PcdStatus = PcdSet64S (PcdTdxSharedBitMask, TdSharedPageMask ());
+ ASSERT_RETURN_ERROR (PcdStatus);
+
+ PcdStatus = PcdSetBoolS (PcdSetNxForStack, TRUE);
+ ASSERT_RETURN_ERROR (PcdStatus);
+ #endif
+}
diff --git a/OvmfPkg/PlatformPei/MemDetect.c b/OvmfPkg/PlatformPei/MemDetect.c
index 9b62625f9d91..b610885d6f31 100644
--- a/OvmfPkg/PlatformPei/MemDetect.c
+++ b/OvmfPkg/PlatformPei/MemDetect.c
@@ -37,7 +37,6 @@ Module Name:
#include <Library/QemuFwCfgLib.h>
#include <Library/QemuFwCfgSimpleParserLib.h>
#include <Library/PlatformInitLib.h>
-
#include "Platform.h"
UINT8 mPhysMemAddressWidth;
@@ -219,7 +218,12 @@ GetPeiMemoryCap (
PdpEntries = 1 << (mPhysMemAddressWidth - 30);
ASSERT (PdpEntries <= 0x200);
} else {
- Pml4Entries = 1 << (mPhysMemAddressWidth - 39);
+ if (mPhysMemAddressWidth > 48) {
+ Pml4Entries = 0x200;
+ } else {
+ Pml4Entries = 1 << (mPhysMemAddressWidth - 39);
+ }
+
ASSERT (Pml4Entries <= 0x200);
PdpEntries = 512;
}
@@ -334,6 +338,11 @@ InitializeRamRegions (
VOID
)
{
+ if (TdIsEnabled ()) {
+ PlatformTdxPublishRamRegions ();
+ return;
+ }
+
PlatformInitializeRamRegions (
mQemuUc32Base,
mHostBridgeDevId,
diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
index 5f175bf7014d..bf144e1a62b6 100644
--- a/OvmfPkg/PlatformPei/Platform.c
+++ b/OvmfPkg/PlatformPei/Platform.c
@@ -367,6 +367,22 @@ MaxCpuCountInitialization (
ASSERT_RETURN_ERROR (PcdStatus);
}
+/**
+ * @brief Builds PlatformInfo Hob
+ */
+VOID
+BuildPlatformInfoHob (
+ VOID
+ )
+{
+ EFI_HOB_PLATFORM_INFO PlatformInfoHob;
+
+ ZeroMem (&PlatformInfoHob, sizeof (PlatformInfoHob));
+ PlatformInfoHob.HostBridgePciDevId = mHostBridgeDevId;
+
+ BuildGuidDataHob (&gUefiOvmfPkgPlatformInfoGuid, &PlatformInfoHob, sizeof
(EFI_HOB_PLATFORM_INFO));
+}
+
/**
Perform Platform PEI initialization.
@@ -437,8 +453,10 @@ InitializePlatform (
InstallClearCacheCallback ();
AmdSevInitialize ();
+ IntelTdxInitialize ();
MiscInitialization ();
InstallFeatureControlCallback ();
+ BuildPlatformInfoHob ();
return EFI_SUCCESS;
}
diff --git a/OvmfPkg/PlatformPei/Platform.h b/OvmfPkg/PlatformPei/Platform.h
index 64af9cde1002..7105d4288062 100644
--- a/OvmfPkg/PlatformPei/Platform.h
+++ b/OvmfPkg/PlatformPei/Platform.h
@@ -10,6 +10,7 @@
#define _PLATFORM_PEI_H_INCLUDED_
#include <IndustryStandard/E820.h>
+#include <IndustryStandard/IntelTdx.h>
VOID
AddressWidthInitialization (
@@ -66,6 +67,24 @@ AmdSevInitialize (
VOID
);
+/**
+ This Function checks if TDX is available, if present then it sets
+ the dynamic PCDs for Tdx guest. It also builds Guid hob which contains
+ the Host Bridge DevId.
+ **/
+VOID
+IntelTdxInitialize (
+ VOID
+ );
+
+/**
+ * @brief Builds PlatformInfo Hob
+ */
+VOID
+BuildPlatformInfoHob (
+ VOID
+ );
+
extern EFI_BOOT_MODE mBootMode;
VOID
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf
b/OvmfPkg/PlatformPei/PlatformPei.inf
index 65e417b2f254..bd99f944f050 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -31,6 +31,7 @@
MemTypeInfo.c
Platform.c
Platform.h
+ IntelTdx.c
[Packages]
EmbeddedPkg/EmbeddedPkg.dec
@@ -43,6 +44,7 @@
[Guids]
gEfiMemoryTypeInformationGuid
gFdtHobGuid
+ gUefiOvmfPkgPlatformInfoGuid
[LibraryClasses]
BaseLib
@@ -109,6 +111,8 @@
gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled
gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures
+ gEfiMdeModulePkgTokenSpaceGuid.PcdIa32EferChangeAllowed
+ gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask
[FixedPcd]
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase
--
2.29.2.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#87076): https://edk2.groups.io/g/devel/message/87076
Mute This Topic: https://groups.io/mt/89446180/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
