On April 25, 2023 10:51 AM, Ni Ray wrote: > > > > On Fri, Apr 21, 2023 at 09:26:44AM -0500, Tom Lendacky wrote: > > > On 4/21/23 03:36, Dun Tan wrote: > > > > Remove code that apply AddressEncMask to non-leaf entry when split > > > > smm page table by MemEncryptSevLib. In FvbServicesSmm driver, it > > > > calls MemEncryptSevClearMmioPageEncMask to clear AddressEncMask > > > > bit in page table for a specific range. In AMD SEV feature, this > > > > AddressEncMask bit in page table is used to indicate if the memory > > > > is guest private memory or shared memory. But all memory used by > > > > page table are treated as encrypted regardless of encryption bit. > > > > So remove the EncMask bit for smm non-leaf page table entry > > > > doesn't impact AMD SEV feature. > > > > If page split happens in the AddressEncMask bit clear process, > > > > there will be some new non-leaf entries with AddressEncMask > > > > applied in smm page table. When ReadyToLock, code in PiSmmCpuDxe > > > > module will use CpuPageTableLib to modify smm page table. So > > > > remove code to apply AddressEncMask for new non-leaf entries since > > > > CpuPageTableLib doesn't consume the EncMask PCD. > > > > > > I'm really not a fan of removing the encryption mask, because > > > technically it is correct to have it present in non-leaf entries. I > > > really think the pagetable library should be able to work correctly > > > with or without the encryption mask. > > > > Agree. We have a bunch of custom page page code in TDX and SEV > > support libraries. See here: > > > > - Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c > > - Library/BaseMemEncryptTdxLib/MemoryEncryption.c > > - Library/PeilessStartupLib/X64/VirtualMemory.c > > > > I'd like to see those switched over to use the pagetable library, and > > that probably requires support for the tdx/sev specific page table bits. > > Gerd, > Changing all TDX/SEV code to use PageTableLib would be the best. > And we have evaluated TDX/SEV spec/code-logic and concluded that either > the C_bit (SEV) or Share_bit (TDX) is not required to set in the page table > non- > leaf entry. > > +@Xu, Min M for confirmation from TDX part. Td guest creates the page table with Share_bit cleared. Only the leaf entries are set the share_bit if needed.
Thanks Min -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#103631): https://edk2.groups.io/g/devel/message/103631 Mute This Topic: https://groups.io/mt/98406586/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
