> -----Original Message-----
> From: Gerd Hoffmann <kra...@redhat.com>
> Sent: Monday, April 24, 2023 5:55 PM
> To: Tom Lendacky <thomas.lenda...@amd.com>
> Cc: Tan, Dun <dun....@intel.com>; devel@edk2.groups.io; Ard Biesheuvel
> <ardb+tianoc...@kernel.org>; Yao, Jiewen <jiewen....@intel.com>; Justen,
> Jordan L <jordan.l.jus...@intel.com>; Ni, Ray <ray...@intel.com>
> Subject: Re: [Patch V3 03/11] OvmfPkg:Remove code that apply
> AddressEncMask to non-leaf entry
>
> On Fri, Apr 21, 2023 at 09:26:44AM -0500, Tom Lendacky wrote:
> > On 4/21/23 03:36, Dun Tan wrote:
> > > Remove code that apply AddressEncMask to non-leaf entry when split
> > > smm page table by MemEncryptSevLib. In FvbServicesSmm driver, it
> > > calls MemEncryptSevClearMmioPageEncMask to clear AddressEncMask
> > > bit in page table for a specific range. In AMD SEV feature, this
> > > AddressEncMask bit in page table is used to indicate if the memory
> > > is guest private memory or shared memory. But all memory used by
> > > page table are treated as encrypted regardless of encryption bit.
> > > So remove the EncMask bit for smm non-leaf page table entry
> > > doesn't impact AMD SEV feature.
> > > If page split happens in the AddressEncMask bit clear process,
> > > there will be some new non-leaf entries with AddressEncMask
> > > applied in smm page table. When ReadyToLock, code in PiSmmCpuDxe
> > > module will use CpuPageTableLib to modify smm page table. So
> > > remove code to apply AddressEncMask for new non-leaf entries
> > > since CpuPageTableLib doesn't consume the EncMask PCD.
> >
> > I'm really not a fan of removing the encryption mask, because technically it
> > is correct to have it present in non-leaf entries. I really think the
> > pagetable library should be able to work correctly with or without the
> > encryption mask.
>
> Agree. We have a bunch of custom page page code in TDX and SEV support
> libraries. See here:
>
> - Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
> - Library/BaseMemEncryptTdxLib/MemoryEncryption.c
> - Library/PeilessStartupLib/X64/VirtualMemory.c
>
> I'd like to see those switched over to use the pagetable library, and
> that probably requires support for the tdx/sev specific page table bits.
Gerd,
Changing all TDX/SEV code to use PageTableLib would be the best.
And we have evaluated TDX/SEV spec/code-logic and concluded that
either the C_bit (SEV) or Share_bit (TDX) is not required to set in the page
table non-leaf entry.
+@Xu, Min M for confirmation from TDX part.
I don't want PageTableLib to be aware of the EncMask bit because if the guest
page table is compliant to spec to not have EncMask bit set in non-leaf entry,
PageTableLib can well support the SEV/TDX scenario.
>
> take care,
> Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#103507): https://edk2.groups.io/g/devel/message/103507
Mute This Topic: https://groups.io/mt/98406586/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe:
https://edk2.groups.io/g/devel/leave/9847357/21656/1706620634/xyzzy
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
