On April 16, 2022 4:52 AM, Lendacky, Thomas wrote: > > Unfortunately, this driver also breaks SEV-ES. I bypassed the TDX code in the > SEC library, but then hit an issue because this driver is loaded before the > AmdSevDxe driver. The AmdSevDxe driver performs a > MemEncryptSevClearMmioPageEncMask() call against the > PcdPciExpressBaseAddress range to mark it shared/unencrypted. However, > the TdxDxe driver is loaded before the AmdSevDxe driver, and it appears the > dependencies result in an MMIO being performed to an address in the > PcdPciExpressBaseAddress range. Since the range has not been marked > shared/unencrypted, the #VC handler terminates the guest for trying to do > MMIO to an encrypted region. > I carefully check the code TdxDxeEntryPoint@TdxDxe.c. If the working guest is NOT td guest, before it returns, it just does below: 1. check if the GuidHob exists 2. Set PcdOvmfHostBridgePciDevId with the information in the GuidHob
SetMmioSharedBit() is called if the working guest is Td guest. So if it is sev guest, SetMmioSharedBit will not be called. I don't have a SEV-ES in hand. Can you help to add some debug information in TdxDxe to see what the last code before the exception is triggered? BTW, have you tried to load AmdSev.inf before TdxDxe.inf? I tried it in my TDX guest and it works fine. Thanks Min -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#88958): https://edk2.groups.io/g/devel/message/88958 Mute This Topic: https://groups.io/mt/90495224/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
