This patch causes a regression when launching a vm guest with below command:
$ /usr/libexec/qemu-kvm \
-name guestVM1 -machine q35 -accel kvm -m 10240 -smp 8 -cpu host -monitor pty \
-drive format=raw,file=/home/tdvf/centos-stream-9.img \
-bios /home/tdvf/OVMF.fd \
-nic user,hostfwd=tcp::-:2
Thanks much Johnson! We will investigate it based on your comments.
> -Original Message-
> From: Brian J. Johnson
> Sent: Tuesday, January 23, 2024 3:12 AM
> To: devel@edk2.groups.io; kra...@redhat.com; West, Catharine
>
> Cc: Xu, Min M ; Ni, Ray ; Wu,
> MingliangX ; Yao, Jiewen
> ; Xue,
Add intel linux guys in CC list.
> -Original Message-
> From: Gerd Hoffmann
> Sent: Wednesday, January 24, 2024 12:12 AM
> To: Laszlo Ersek
> Cc: devel@edk2.groups.io; Johnson, Brian ; West,
> Catharine ; Xu, Min M ; Ni,
> Ray ; Wu, MingliangX ; Yao,
> Jiewen ; Xue, Shengfeng
> ; Dong, E
Reviewed-by: Min Xu
> -Original Message-
> From: Sun, CepingX
> Sent: Monday, October 23, 2023 5:06 PM
> To: devel@edk2.groups.io
> Cc: Sun, CepingX ; Aktas, Erdem
> ; James Bottomley ; Yao,
> Jiewen ; Xu, Min M ; Tom
> Lendacky ; Michael Roth
> ; Gerd Hoffman
> https://cdrdv2.intel.com/v1/dl/getContent/726790
>
> Cc: Liming Gao
> Cc: Michael D Kinney
> Cc: Erdem Aktas
> Cc: James Bottomley
> Cc: Min Xu
> Cc: Tom Lendacky
> Cc: Michael Roth
> Acked-by: Gerd Hoffmann
> Reviewed-by: Jiewen Yao
> Signed-off-by: C
Reviewed-by: Min Xu
> -Original Message-
> From: Sun, CepingX
> Sent: Monday, November 27, 2023 8:41 AM
> To: devel@edk2.groups.io
> Cc: Sun, CepingX ; Yao, Jiewen
> ; Xu, Min M
> Subject: [PATCH V1 1/1] SecurityPkg/DxeTpm2MeasureBootLib: Check the
> Integer ov
On Monday, February 12, 2024 11:22 PM, Gerd Hoffmann wrote:
> On Thu, Feb 01, 2024 at 10:38:43AM +0100, Gerd Hoffmann wrote:
> > Hi,
> >
> > > > Can you confirm (a) this patch is OK for
> > > > "OvmfPkg/IntelTdx/Sec/SecMain.c", and (b) this series fixes the slowdown
> you had encountered?
> > > >
t; 7 files changed, 224 insertions(+), 53 deletions(-)
>
Test the patch-set in TDX (OvmfPkgX64 and Intel/IntelTdx) and both passed.
Tested-by: Min Xu
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115714): https://edk2.groups.io/g/de
Reviewed-by: Min Xu
> -Original Message-
> From: Sun, CepingX
> Sent: Tuesday, February 27, 2024 5:19 AM
> To: devel@edk2.groups.io
> Cc: Sun, CepingX ; Liming Gao
> ; Kinney, Michael D
> ; Aktas, Erdem ;
> James Bottomley ; Yao, Jiewen
> ; Xu, Min M ; To
Reviewed-by: Min Xu
> -Original Message-
> From: Sun, CepingX
> Sent: Tuesday, February 27, 2024 5:19 AM
> To: devel@edk2.groups.io
> Cc: Sun, CepingX ; Liming Gao
> ; Kinney, Michael D
> ; Aktas, Erdem ;
> James Bottomley ; Yao, Jiewen
> ; Xu, Min M ; To
Reviewed-by: Min Xu
> -Original Message-
> From: Sun, CepingX
> Sent: Tuesday, February 27, 2024 5:19 AM
> To: devel@edk2.groups.io
> Cc: Sun, CepingX ; Aktas, Erdem
> ; James Bottomley ; Yao,
> Jiewen ; Xu, Min M ; Tom
> Lendacky ; Michael Roth
> ; Gerd H
Reviewed-by: Min Xu
> -Original Message-
> From: Sun, CepingX
> Sent: Tuesday, February 27, 2024 5:19 AM
> To: devel@edk2.groups.io
> Cc: Sun, CepingX ; Aktas, Erdem
> ; James Bottomley ; Yao,
> Jiewen ; Xu, Min M ; Tom
> Lendacky ; Michael Roth
> ; Gerd H
On Thursday, April 11, 2024 4:13 PM, Gerd Hoffmann wrote:
>
> On my end the state of affairs is unchanged. Our builds have the patch
> included and there are zero problems so far, the issue reported by Min
> doesn't reproduce and it is still unclear what is going on.
>
> Min, any update?
>
Hi,
l
Cc: Jiewen Yao
Cc: Gerd Hoffmann
Signed-off-by: Min Xu
Min M Xu (5):
Security/SecTpmMeasurementLibTdx: Delete unused
SecTpmMeasurementLibTdx
OmvfPkg/HashLibTdx: Add HashLibTdx
OvmfPkg/TdTcg2Dxe: Add TdTcg2Dxe
OvmfPkg: Update TdTcg2Dxe path in OvmfPkgX64 and IntelTdxX6
From: Min M Xu
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4752
Cc: Jiewen Yao
Cc: Gerd Hoffmann
Signed-off-by: Min Xu
---
.../SecTpmMeasurementLibTdx.c | 175 --
.../SecTpmMeasurementLibTdx.inf | 34
SecurityPkg/SecurityPkg.dsc
. SecurityPkg/Library/HashLibTdx will be deleted in the next patch.
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Cc: Gerd Hoffmann
Signed-off-by: Min Xu
---
OvmfPkg/Library/HashLibTdx/HashLibTdx.c | 213 ++
OvmfPkg/Library/HashLibTdx/HashLibTdx.inf | 37
2 files changed, 250 insertions
/Tcg/TdTcg2Dxe will be deleted in the next patch.
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Cc: Gerd Hoffmann
Signed-off-by: Min Xu
---
OvmfPkg/Tcg/TdTcg2Dxe/MeasureBootPeCoff.c | 407
OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c | 2522 +
OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf
Biesheuvel
Cc: Jiewen Yao
Cc: Gerd Hoffmann
Signed-off-by: Min Xu
---
OvmfPkg/IntelTdx/IntelTdxX64.dsc | 4 ++--
OvmfPkg/IntelTdx/IntelTdxX64.fdf | 2 +-
OvmfPkg/OvmfPkgX64.dsc | 4 ++--
OvmfPkg/OvmfPkgX64.fdf | 2 +-
4 files changed, 6 insertions(+), 6 deletions(-)
diff --git a
From: Min M Xu
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4752
TdTcg2Dxe and HashLibTdx have been moved to OvmfPkg. So delete the codes
in SecurityPkg and update SecurityPkg.dsc.
Cc: Jiewen Yao
Cc: Gerd Hoffmann
Signed-off-by: Min Xu
---
SecurityPkg/Library/HashLibTdx/HashLibTdx.c
entLibTdx is not used anymore. So it is deleted in this
> patch-set.
>
> Cc: Ard Biesheuvel
> Cc: Jiewen Yao
> Cc: Gerd Hoffmann
> Signed-off-by: Min Xu
>
> Min M Xu (5):
> Security/SecTpmMeasurementLibTdx: Delete unused
> SecTpmMeasurementLibTdx
> OmvfPkg/
: Min Xu
---
OvmfPkg/IntelTdx/{README => README.md} | 56 --
1 file changed, 34 insertions(+), 22 deletions(-)
rename OvmfPkg/IntelTdx/{README => README.md} (57%)
diff --git a/OvmfPkg/IntelTdx/README b/OvmfPkg/IntelTdx/README.md
similarity index 57%
rename from O
On Thursday, April 18, 2024 7:50 PM, Gerd Hoffmann wrote:
>
> > -The Intel? TDX Virtual Firmware Design Guide is at
> > +The Intel TDX Virtual Firmware Design Guide is at
>
> '' looks more like HTML than markdown.
Thanks for reminder. It is fixed in v2.
>
> text updates look fine to me.
>
Tha
: Min Xu
---
OvmfPkg/IntelTdx/{README => README.md} | 64 +++---
1 file changed, 38 insertions(+), 26 deletions(-)
rename OvmfPkg/IntelTdx/{README => README.md} (52%)
diff --git a/OvmfPkg/IntelTdx/README b/OvmfPkg/IntelTdx/README.md
similarity index 52%
rename from O
On September 7, 2022 1:31 PM, Gerd Hoffmann wrote:
> On Sun, Sep 04, 2022 at 11:34:14AM +, Xu, Min M wrote:
> > On September 1, 2022 11:48 PM, Gerd Hoffmann wrote:
> > > Hi,
> > >
> > > > EFI_RESOURCE_MEMORY_UNACCEPTED is defined for unaccepted
> memory.
> > > > But this defitinion has not be
On September 7, 2022 1:42 PM, Gerd Hoffmann wrote:
> Hi,
>
> > + //
> > + // This memory region is split into 2 parts. The left part is
> > accepted.
> > + //
> > + PhysicalEnd= MaxAcceptedMemoryAddress;
> > + ResourceLength = PhysicalEnd - Physi
On September 7, 2022 1:37 PM, Gerd Hoffmann wrote:
> On Mon, Sep 05, 2022 at 04:35:02PM +0800, Min Xu wrote:
> > From: Min M Xu
> >
> > RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3937
> >
> > There are below major changes in PlatformInitLib/PlatformPe
performance.
Cc: Zhichao Gao
Cc: Michael D Kinney
Cc: Zhiguang Liu
Cc: Jian J Wang
Cc: Liming Gao
Cc: Ray Ni
Cc: Erdem Aktas
Cc: Gerd Hoffmann
Cc: James Bottomley
Cc: Jiewen Yao
Cc: Tom Lendacky
Signed-off-by: Jiaqi Gao
Signed-off-by: Min Xu
Jiaqi Gao (1):
MdePk
/Include/Pi/PrePiHob.h.
Cc: Jian J Wang
Cc: Liming Gao
Cc: Ray Ni
Cc: Erdem Aktas
Cc: Gerd Hoffmann
Cc: James Bottomley
Cc: Jiewen Yao
Cc: Tom Lendacky
Acked-by: Gerd Hoffmann
Signed-off-by: Min Xu
---
MdeModulePkg/Include/Pi/PrePiHob.h | 20
1 file changed, 20 insertions
: Gerd Hoffmann
Signed-off-by: Min Xu
---
OvmfPkg/Library/PeilessStartupLib/Hob.c| 5 ++---
OvmfPkg/Library/PlatformInitLib/IntelTdx.c | 10 +-
2 files changed, 7 insertions(+), 8 deletions(-)
diff --git a/OvmfPkg/Library/PeilessStartupLib/Hob.c
b/OvmfPkg/Library/PeilessStartupLib
Lendacky
Reviewed-by: Jiewen Yao
Signed-off-by: Min Xu
---
MdePkg/Include/Pi/PiHob.h | 11 ++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/MdePkg/Include/Pi/PiHob.h b/MdePkg/Include/Pi/PiHob.h
index e9f0ab4309d1..4605da56e247 100644
--- a/MdePkg/Include/Pi/PiHob.h
+++ b
: Tom Lendacky
Reviewed-by: Jiewen Yao
Acked-by: Gerd Hoffmann
Signed-off-by: Min Xu
---
MdeModulePkg/Include/Pi/PrePiDxeCis.h | 25 +
MdePkg/Include/Pi/PiDxeCis.h | 10 +-
MdePkg/Include/Uefi/UefiMultiPhase.h | 5 +
3 files changed, 39 insertions
: Ray Ni
Cc: Erdem Aktas
Cc: Gerd Hoffmann
Cc: James Bottomley
Cc: Jiewen Yao
Cc: Tom Lendacky
Acked-by: Gerd Hoffmann
Signed-off-by: Min Xu
---
MdeModulePkg/Core/Dxe/Gcd/Gcd.c | 6 +++
MdeModulePkg/Core/Dxe/Mem/Page.c | 63 +++-
2 files changed, 52 insertions
Hoffmann
Acked-by: Zhichao Gao
Signed-off-by: Min Xu
---
.../Library/UefiShellDebug1CommandsLib/MemMap.c | 13 +
.../UefiShellDebug1CommandsLib.uni | 3 ++-
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/ShellPkg/Library/UefiShellDebug1CommandsLib
will re-visit here in the future when on-demand accept memory is
required.
2. TransferTdxHobList
Transfer the unaccepted memory hob to EFI_RESOURCE_SYSTEM_MEMORY hob
if it is accepted.
Cc: Erdem Aktas
Cc: Gerd Hoffmann
Cc: James Bottomley
Cc: Jiewen Yao
Cc: Tom Lendacky
Signed-off-by: Min
Signed-off-by: Min Xu
---
MdePkg/Include/Protocol/MemoryAccept.h | 37 ++
MdePkg/MdePkg.dec | 3 +++
2 files changed, 40 insertions(+)
create mode 100644 MdePkg/Include/Protocol/MemoryAccept.h
diff --git a/MdePkg/Include/Protocol/MemoryAccept.h
b/MdePkg
private, it must be accepted again.
EdkiiMemoryAcceptProtocol is defined in MdePkg and is implementated /
installed in TdxDxe for Intel TDX memory acceptance.
Cc: Erdem Aktas
Cc: Gerd Hoffmann
Cc: James Bottomley
Cc: Jiewen Yao
Cc: Tom Lendacky
Acked-by: Gerd Hoffmann
Signed-off-by: Min Xu
Hoffmann
Signed-off-by: Min Xu
---
.../BaseMemEncryptTdxLib/BaseMemEncryptTdxLib.inf| 3 +++
.../Library/BaseMemEncryptTdxLib/MemoryEncryption.c | 12 +---
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLib.inf
b
Hi, Ard
I am checking the measurement behavior when loading the kernel via the QEMU
-kernel option. I find it is implemented by below 2 driver/lib:
- OvmfPkg/QemuKernelLoaderFsDxe
This is a separate DXE driver that exposes the virtual SimpleFileSystem
implementation that carries the kernel and i
On September 18, 2022 8:52 PM, Ard Biesheuvel wrote:
> Hello Min Xu,
>
> On Sat, 17 Sept 2022 at 04:53, Xu, Min M wrote:
> >
> > Hi, Ard
> >
> > I am checking the measurement behavior when loading the kernel via the
> QEMU -kernel option. I find it
On September 19, 2022 2:59 PM, Ard Biesheuvel wrote:
> On Mon, 19 Sept 2022 at 04:13, Xu, Min M wrote:
> >
> > On September 18, 2022 8:52 PM, Ard Biesheuvel wrote:
> > > Hello Min Xu,
> > >
> > > On Sat, 17 Sept 2022 at 04:53, Xu, Min M wrote:
&g
Hi, Gerd
Do you have any comments on this patch?
> -Original Message-
> From: devel@edk2.groups.io On Behalf Of Min Xu
> Sent: Wednesday, September 7, 2022 10:18 AM
> To: devel@edk2.groups.io
> Cc: Xu, Min M ; Aktas, Erdem
> ; Gerd Hoffmann ; James
> Bottomle
memory under 4G will be accepted. This is to
> optimize the performance.
>
> Cc: Zhichao Gao
> Cc: Michael D Kinney
> Cc: Zhiguang Liu
> Cc: Jian J Wang
> Cc: Liming Gao
> Cc: Ray Ni
> Cc: Erdem Aktas
> Cc: Gerd Hoffmann
> Cc: James Bottomley
> Cc: Jiewen
On September 27, 2022 11:01 AM, Jiewen Yao wrote:
>
> My feeling is that this mPageTablePool is an driver *internal* data.
> It is not the best idea to expose an internal data structure to *public*
> space.
>
> Can we have a way to move mPageTablePool to stack instead of global data
> area? such
-by: Min Xu
---
.../PeilessStartupLib/X64/VirtualMemory.c | 117 ++
1 file changed, 68 insertions(+), 49 deletions(-)
diff --git a/OvmfPkg/Library/PeilessStartupLib/X64/VirtualMemory.c
b/OvmfPkg/Library/PeilessStartupLib/X64/VirtualMemory.c
index 6877e521e485..b444c052d1bf
On September 22, 2022 1:25 PM, Min Xu wrote:
>
> Hi, Liming/Jian/Zhiguang/Michael
> Can you help to review below patches for the lazy-accept feature? Because
> you're the maintainer/reviewer of the related modules.
> Any comment is welcome.
>
There is still no comme
On October 10, 2022 10:28 AM, Gao Liming wrote:
>
> Min:
> I have no comments for new unaccepted resource type and unaccepted gcd
> type. In fact, they are mapping to UEFI EfiUnacceptedMemoryType.
>
> For new protocol EfiMemoryAcceptProtocol, I see another patch serial
> https://edk2.groups.i
The name of EDKII_MEMORY_ACCEPT_PROTOCOL indicates it is only used in edk2.
It's not going to be included in UEFI spec, at least in current stage.
In our design of the protocol (EDKII_MEMORY_ACCEPT_PROTOCOL), it contains the
function of EDKII_ACCEPT_MEMORY which is to accept the un-accepted memor
On October 10, 2022 10:28 AM, Gao Liming wrote:
>
> Min:
> I have no comments for new unaccepted resource type and unaccepted gcd
> type. In fact, they are mapping to UEFI EfiUnacceptedMemoryType.
>
> For new protocol EfiMemoryAcceptProtocol, I see another patch serial
> https://edk2.groups.i
On October 19, 2022 9:18 AM, Gao Liming wrote:
>
> Min:
> I understand that they are for the different purpose and usage. But, their
> protocol name are very similar.
Yes. They do look very similar.
> If there is no better protocol name, I will also be fine.
Dionna, what's your thought?
> >
Hi, Liming
In Dionna's latest patch-sets the name of accept_all_unaccepted_memory has been
changed to BZ3987_MEMORY_ACCEPTANCE_PROTOCOL.
https://edk2.groups.io/g/devel/message/95525
https://edk2.groups.io/g/devel/message/95530
So now these 2 protocols are named as "BZ3987_MEMORY_ACCEPTANCE_PROTO
On October 12, 2021 3:43 PM, Gerd Hoffmann wrote:
> Hi,
>
> > +; Load the GDT and set the CR0.
> > +;
> > +; Modified: EAX, EBX, CR0, CR4, DS, ES, FS, GS, SS, CS ;
> > +ReloadFlat32:
> > +
> > +cli
> > +mov ebx, ADDR_OF(gdtr)
> > +lgdt[ebx]
>
> No need to modify ebx here, e
On October 12, 2021 4:22 PM, Gerd Hoffmann wrote:
> > +// PageSize is mapped to PageLevel like below:
> > +// 4KB - 0, 2MB - 1
> > +UINT64 mTdxAcceptPageLevelMap[2] = {
> > + SIZE_4KB,
> > + SIZE_2MB
>
> No 1G pages?
TDX:
https://software.intel.com/content/dam/develop/external/us/en/documents/
On October 12, 2021 6:06 PM, Gerd Hoffmann wrote:
> On Tue, Oct 05, 2021 at 11:39:17AM +0800, Min Xu wrote:
> > RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429
> >
> > Intel TDX architecture does not prescribe a specific software
> > convention to perform I/O
On October 12, 2021 6:16 PM, Gerd Hoffman wrote:
> Hi,
>
> > + do {
> > +AsmCpuid (0, &LargestEax, &Ebx, &Ecx, &Edx);
>
> Use ConfidentialComputing PCD ?
BaseXApicX2ApicLib (LocalApicLib) is included by the drivers/libs not only in
DXE phase, but also in SEC/PEI. For example, SecPeiCpuExc
On October 12, 2021 6:32 PM, Gerd Hoffman wrote:
> Hi,
>
> > + do {
> > +AsmCpuid (0, &LargestEax, &Ebx, &Ecx, &Edx);
>
> Again: this should use PCD.
ConfidentialComputing PCD is set in PlatformPei. So any check of this PCD
should be after PlatformPei.
MpInitLib will be included in CpuMpP
On October 12, 2021 6:39 PM, Gerd Hoffmann wrote:
> Hi,
>
> > - AcceptPages:
> >To mitigate the performance impact of accepting pages in SEC phase on
> >BSP, BSP will parse memory resources and assign each AP the task of
> >accepting a subset of pages. This command may be called sev
On October 13, 2021 11:46 PM, Brijesh Singh wrote:
> On 10/12/21 5:58 PM, Xu, Min M wrote:
> > On October 12, 2021 9:23 PM, Lendacky Thomas wrote:
> Good point Tom. The WORK_AREA_GUEST_TYPE define should be moved
> outside the ARCH_X86. I missed it mainly because we renamed the
> ESWorkArea to Gene
On October 12, 2021 8:16 PM, Gerd Hoffmann wrote:
> Hi,
>
> > +#define IO_MMU_LEGACY 0x0
> > +#define IO_MMU_SEV 0x01
> > +#define IO_MMU_TDX 0x02
> > +
> > +UINTN mIoMmuType = IO_MMU_LEGACY;
>
> Yet another place where you should be able to just use the
> ConfidentialComputing PCD.
Th
On October 12, 2021 9:02 PM, Gerd Hoffmann wrote:
> On Tue, Oct 05, 2021 at 11:39:39AM +0800, Min Xu wrote:
> > RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429
> >
> > TDX guest supports LocalApicTimer. But in current OvmfPkg the
> > supporte
On October 12, 2021 11:27 PM, Sami Mujawar wrote:
> Hi Min,
>
> Thank you for this patch.
>
> I think it would greatly help if the EFI_TD_PROTOCOL is changed to something
> more architecture neutral. As I understand, this patch series is removing the
> dependency on TPM for measurement and is ins
On October 14, 2021 1:38 PM, Gerd Hoffmann wrote:
> Hi,
>
> > > Calling CPUID should not be needed, we have a new fancy
> > > ConfidentialComputing PCD for that now.
> > The gUefiCpuPkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr is
> defined in UefiCpuPkg. While BaseIoLibIntrinsicSev is in
On October 14, 2021 2:05 PM, Gerd Hoffmann wrote:
> On Thu, Oct 14, 2021 at 12:27:13AM +, Xu, Min M wrote:
> > On October 12, 2021 6:32 PM, Gerd Hoffman wrote:
> > > Hi,
> > >
> > > > + do {
> > > > +AsmCpuid (0, &LargestEax, &Ebx, &Ecx, &Edx);
> > >
> > > Again: this should use PCD.
> >
On October 13, 2021 1:31 PM, Ray Ni wrote:
> Min,
> Comments below:
>
> +**/
> +BOOLEAN
> +EFIAPI
>
> 1. EFIAPI is for public lib API. Is this a public API?
No, it is not a public API. The EFIAPI will be removed. Thanks for reminder.
>
> +BaseXApicIsTdxGuest (
> + VOID
> + )
> +{
> + UINT32
On October 13, 2021 2:01 PM, Ray Ni wrote:
> Min,
> The change is to provide a totally different MP service in TDX case.
> It makes the MpInitLib more complicated.
>
> How about?
> 1. Change CpuMpPei/CpuMpDxe to return directly in TDX case.
> 2. Add new TdxCpuMpPei/TdxCpuMpDxe to provide a new set
UefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize =
> +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize -
> +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHead
> er
> +############
> ###
> +###
> +
>
> #
> ###
>
> [FV.SECFV]
> --
&g
gt; only.
> But now, that work area header contains fields that nonencrypted VMs and SEV
> VMs can use. They can be built for IA32. So, moving the work area defines
> outside of X64.
>
> Fixes: 80e67af9afca ("OvmfPkg: introduce a common work area")
> Cc: James Bottomley
On October 12, 2021 7:50 PM, Gerd Hoffmann wrote:
> Hi,
>
> > Besides above features, TdxDxe driver will update the ACPI MADT
> > Mutiprocessor Wakeup Table.
>
> > + ACPI_MADT_MPWK_STRUCT *MadtMpWk;
>
> > + NewBufferSize = 1 * sizeof (*Madt)
Jiewen
I just create a new PR based on the latest commit (2108698346) for the
patch-set of "work area fixes" and it seems all checks have passed.
https://github.com/tianocore/edk2/pull/2078
I suspect the previous failure was caused by the un-stability of EDK2 CI
system. Maybe you can create a n
On October 19, 2021 5:52 PM, Sami Mujawar wrote:
> I will start providing the feedback for this series starting today.
> I may need some help to understand the sequence of the various patch
> series that enable this feature and would be grateful if you could point me to
> a Github branch that I can
Lendacky
Signed-off-by: Min Xu
Min Xu (4):
OvmfPkg: Copy Main.asm from UefiCpuPkg to OvmfPkg's ResetVector
OvmfPkg: Clear WORK_AREA_GUEST_TYPE in Main.asm
OvmfPkg: Add IntelTdxMetadata.asm
OvmfPkg: Enable TDX in ResetVector
OvmfPkg/OvmfPkg.dec
Pkg/ResetVector/Main.asm
Cc: Ard Biesheuvel
Cc: Jordan Justen
Cc: Gerd Hoffmann
Cc: Brijesh Singh
Cc: Erdem Aktas
Cc: James Bottomley
Cc: Jiewen Yao
Cc: Tom Lendacky
Acked-by: Gerd Hoffmann
Signed-off-by: Min Xu
---
OvmfPkg/ResetVector/Main.asm | 103 +++
1 f
duced in next commit in this patch-set). WORK_AREA_GUEST_TYPE will
be cleared there.
Cc: Ard Biesheuvel
Cc: Jordan Justen
Cc: Gerd Hoffmann
Cc: Brijesh Singh
Cc: Erdem Aktas
Cc: James Bottomley
Cc: Jiewen Yao
Cc: Tom Lendacky
Signed-off-by: Min Xu
---
OvmfPkg/ResetVector/Ia32/PageTables6
Cc: Brijesh Singh
Cc: Erdem Aktas
Cc: James Bottomley
Cc: Jiewen Yao
Cc: Tom Lendacky
Acked-by: Gerd Hoffmann
Signed-off-by: Min Xu
---
OvmfPkg/OvmfPkg.dec | 9 ++
OvmfPkg/OvmfPkgDefines.fdf.inc | 9 ++
OvmfPkg/ResetVector/Ia16/ResetVectorVtf0
16/32 is used
in the ResetVectorVtf0.asm. It checks the 32-bit protected mode or 16-bit
real mode, then jump to the corresponding entry point.
Cc: Ard Biesheuvel
Cc: Jordan Justen
Cc: Gerd Hoffmann
Cc: Brijesh Singh
Cc: Erdem Aktas
Cc: James Bottomley
Cc: Jiewen Yao
Cc: Tom Lendacky
S
On October 14, 2021 1:30 PM, Gerd Hoffmann wrote:
> > > > +UINT8 *mExtendBufferAddress = NULL;
> > > > +TDX_EXTEND_BUFFER mExtendBuffer;
> > > > +
> > > > +/**
> > > > + TD.RTMR.EXTEND requires 64B-aligned guest physical address of
> > > > + 48B-extension data. In runtime we walk
On October 14, 2021 1:38 PM, Gerd Hoffmann wrote:
> > > Calling CPUID should not be needed, we have a new fancy
> > > ConfidentialComputing PCD for that now.
> > The gUefiCpuPkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr is
> defined in UefiCpuPkg. While BaseIoLibIntrinsicSev is in MdePkg.
> >
On October 23, 2021 12:14 PM, Brijesh Singh wrote:
>
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
>
> While initializing APs, the MpInitLib may need to know whether the guest is
> running with active AMD SEV or Intel TDX memory encryption.
>
> Add a new ConfidentialComputingGuestAtt
On October 12, 2021 9:02 PM, Gerd Hoffmann wrote:
> On Tue, Oct 05, 2021 at 11:39:39AM +0800, Min Xu wrote:
> > RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429
> >
> > TDX guest supports LocalApicTimer. But in current OvmfPkg the
> > supporte
On October 25, 2021 7:28 PM, Gerd Hoffmann wrote:
> On Mon, Oct 25, 2021 at 07:37:33AM +0000, Min Xu wrote:
> > On October 12, 2021 9:02 PM, Gerd Hoffmann wrote:
> > > On Tue, Oct 05, 2021 at 11:39:39AM +0800, Min Xu wrote:
> > > > RFC: https://bugzilla.tian
On October 12, 2021 6:27 PM, Gerd Hoffmann wrote:
> > + if (ExceptionType == VE_EXCEPTION) {
> > +EFI_STATUS Status;
> > +//
> > +// #VE needs to be handled immediately upon enabling exception handling
> > +// and therefore can't use the RegisterCpuInterruptHandler() interface.
>
On October 26, 2021 2:12 PM, Gerd Hoffmann wrote:
> On Tue, Oct 26, 2021 at 05:06:21AM +, Xu, Min M wrote:
> > On October 12, 2021 6:27 PM, Gerd Hoffmann wrote:
> > > > + if (ExceptionType == VE_EXCEPTION) {
> > > > +EFI_STATUS Status;
> > > > +//
> > > > +// #VE needs to be handl
On October 26, 2021 6:25 PM, Gerd Hoffmann wrote:
> Hi,
>
> > > > So it has to be implemented inside the exception lib.
> > >
> > > Well, no, you can also change the code to avoid triggering an exception.
> > >
> > > Adding a new lib for the exception means the lib must be added into
> > > each
On October 19, 2021 9:23 PM, Sami Mujawar wrote:
> > //
> > // Read the EFI Partition Table Header
> > //
> > @@ -156,6 +224,15 @@ Tcg2MeasureGptTable (
> > if (PrimaryHeader == NULL) {
> > return EFI_OUT_OF_RESOURCES;
> > }
> > +
> > + //
> > + // PrimaryHeader->SizeOfP
changes.
- TD based measurement is added. It is implemented in
DxeTpmMeasurementLib.
- Fix the typo in comments.
Cc: Michael D Kinney
Cc: Liming Gao
Cc: Zhiguang Liu
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Ken Lu
Cc: Sami Mujawar
Signed-off-by: Min Xu
Min Xu (3):
MdePkg: Introduce
Lu
Cc: Sami Mujawar
Signed-off-by: Min Xu
---
MdePkg/Include/Protocol/TdProtocol.h | 36 +++
MdePkg/Include/Protocol/TeeMeasurement.h | 296 +++
MdePkg/MdePkg.dec| 3 +
3 files changed, 335 insertions(+)
create mode 100644 MdePkg/Include
y
Cc: Liming Gao
Cc: Zhiguang Liu
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Sami Mujawar
Signed-off-by: Min Xu
---
.../DxeTpmMeasurementLib.c| 88 ++-
.../DxeTpmMeasurementLib.inf | 5 +-
2 files changed, 88 insertions(+), 5 deletions(-)
diff --
and PcrIndex.
CreateTeeEventFromTcg2Event is used to create the TeeEvent based on the
Tcg2Event.
Above 2 changes make the minimize changes to the existing code.
Cc: Michael D Kinney
Cc: Liming Gao
Cc: Zhiguang Liu
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Sami Mujawar
Signed-off-by: Min Xu
On October 29, 2021 10:06 AM, Liming Gao wrote:
> Min:
> I add my comments below.
> > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3625
> >
>
> Why adds MdePkg/Include/Protocol/TdProtocol.h? Can combine it into
> MdePkg/Include/Protocol/TeeMeasurement.h?
I once thought TdProtocol.h include
Cc: Gerd Hoffmann
Signed-off-by: Min Xu
---
.../XenTimerDxe.c => LocalApicTimerDxe/LocalApicTimerDxe.c} | 3 +--
.../XenTimerDxe.h => LocalApicTimerDxe/LocalApicTimerDxe.h} | 4 ++--
.../LocalApicTimerDxe.inf} | 6 +++---
OvmfPkg/Microvm/MicrovmX
: James Bottomley
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Gerd Hoffmann
Signed-off-by: Min Xu
Min Xu (2):
OvmfPkg: Rename XenTimerDxe to LocalApicTimerDxe
OvmfPkg: Switch timer in build time for OvmfPkg
OvmfPkg/AmdSev/AmdSevX64.dsc | 3 +--
OvmfPkg/AmdSev/AmdSevX64
port a CSM. So use
the LocalApicTimerDxe unconditionally.
Cc: Ard Biesheuvel
Cc: Jordan Justen
Cc: Brijesh Singh
Cc: Erdem Aktas
Cc: James Bottomley
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Gerd Hoffmann
Suggested-by: Gerd Hoffmann
Signed-off-by: Min Xu
---
OvmfPkg/AmdSev/Amd
On October 29, 2021 12:53 PM, Gerd Hoffmann wrote:
> On Fri, Oct 29, 2021 at 12:17:05AM +, Yao, Jiewen wrote:
> > I am OK to use EFI_CC_MEASUREMENT_PROTOCOL to replace
> > EFI_TEE_MEASUREMENT_PROTOCOL. (much better than COCO)
>
> Looks good to me. The PCD uses the term ConfidentialComputing t
On October 29, 2021 7:37 PM, Gerd Hoffmann wrote:
> > --- a/OvmfPkg/AmdSev/AmdSevX64.dsc
> > +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
> > @@ -670,10 +670,9 @@
> >}
> >
> >MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
> > - OvmfPkg/8259InterruptControllerDxe/8259.inf
> >UefiCpuPkg/CpuIo2Dxe/CpuIo2
Cc: Gerd Hoffmann
Signed-off-by: Min Xu
---
.../XenTimerDxe.c => LocalApicTimerDxe/LocalApicTimerDxe.c} | 3 +--
.../XenTimerDxe.h => LocalApicTimerDxe/LocalApicTimerDxe.h} | 4 ++--
.../LocalApicTimerDxe.inf} | 6 +++---
OvmfPkg/Microvm/MicrovmX
Biesheuvel
Cc: Jordan Justen
Cc: Brijesh Singh
Cc: Erdem Aktas
Cc: James Bottomley
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Gerd Hoffmann
Signed-off-by: Min Xu
Min Xu (2):
OvmfPkg: Rename XenTimerDxe to LocalApicTimerDxe
OvmfPkg: Switch timer in build time for OvmfPkg
OvmfPkg/AmdSev
port a CSM. So use
the lapic timer unconditionally.
Cc: Ard Biesheuvel
Cc: Jordan Justen
Cc: Brijesh Singh
Cc: Erdem Aktas
Cc: James Bottomley
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Gerd Hoffmann
Suggested-by: Gerd Hoffmann
Signed-off-by: Min Xu
---
OvmfPkg/AmdSev/AmdSevX64.dsc
RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429
Add macros CC_GUEST_IS_TDX/CC_GUEST_IS_SEV to check SEV/TDX guest.
Cc: Michael Roth
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Eric Dong
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
Cc: Ard Biesheuvel
Cc
,
while the APs are just in a wait-for-precedure state.
Cc: Brijesh Singh
Cc: Erdem Aktas
Cc: James Bottomley
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Eric Dong
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Gerd Hoffmann
Signed-off-by: Min Xu
---
UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 5 +
UefiCpuPkg
Hoffmann
Signed-off-by: Min Xu
---
OvmfPkg/Include/TdxCommondefs.inc | 51 +
OvmfPkg/Sec/SecMain.inf | 1 +
OvmfPkg/Sec/X64/SecEntry.nasm | 314 ++
3 files changed, 366 insertions(+)
create mode 100644 OvmfPkg/Include/TdxCommondefs.inc
diff --git
Justen
Cc: Brijesh Singh
Cc: Erdem Aktas
Cc: James Bottomley
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Gerd Hoffmann
Signed-off-by: Min Xu
---
OvmfPkg/Include/Library/TdxMailboxLib.h | 75 ++
OvmfPkg/Library/TdxMailboxLib/TdxMailbox.c| 138 ++
.../Library
1 - 100 of 1447 matches
Mail list logo
