From nobody Thu May 16 16:48:25 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+89043+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+89043+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1650333525; cv=none; d=zohomail.com; s=zohoarc; b=Rv2u1LftYkoNhCmRgym93+ecPvGqOGKONvaBPUQsa15ScpHE+3noVjQi54O9D7g5FS8Il50Qq1L5nLjGfLuH3/TAwphznthndZoGyfUT6RevKn5Idts/ti0EmwcI00ain2CMJsPh90URclHtVYy6+QXz5GmbMDMRuOnC5POxF7o= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1650333525; h=Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To; bh=xuIGiHCvXlTWClWM9Yz6u04x2cSIu2utFGpkwJkZ/nU=; b=BAtY9pc98O7YqDT67j6fH9q31QcUckoz+Tf0AOcz9zDNxfKEi/LGIolNS3OLkEuXjcHo2w/5q7EA2SPv+JW7jR0Afyx4bYoCOJzuPi94UCLC52z/K+s7oY6fRlwYpRht1qeVxXwX5zHDb5Usb1CVIMaCU9cqurExILy4X7J+tyU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+89043+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1650333525241428.9903354332064; Mon, 18 Apr 2022 18:58:45 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id dW00YY1788612xoY3yifZnit; Mon, 18 Apr 2022 18:58:44 -0700 X-Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by mx.groups.io with SMTP id smtpd.web08.4733.1650333522393990844 for ; Mon, 18 Apr 2022 18:58:43 -0700 X-IronPort-AV: E=McAfee;i="6400,9594,10321"; a="262512362" X-IronPort-AV: E=Sophos;i="5.90,271,1643702400"; d="scan'208";a="262512362" X-Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Apr 2022 18:58:41 -0700 X-IronPort-AV: E=Sophos;i="5.90,271,1643702400"; d="scan'208";a="554492396" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.171.121]) by orsmga007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Apr 2022 18:58:39 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky Subject: [edk2-devel] [PATCH] OvmfPkg: Set PciLib for TdxDxe driver Date: Tue, 19 Apr 2022 09:58:28 +0800 Message-Id: <20220419015828.899-1-min.m.xu@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: awoYaudPEgCnPPGzPWdIEKPKx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1650333524; bh=0NItQWvf35zcyTpRoQB9ry5fkU//RiJCMsQDS8muNVQ=; h=Cc:Date:From:Reply-To:Subject:To; b=Woh1QlwVnYKdsMEVJIqmSkpsLG5GtluIr+pe7rV6ZOG0o/j4d19z04jkljA4H65Z8D1 poUG1Op/TudqTbbk+YJBZ22J2fl/kXeccKn+0lC1yShVxT6fDfx0EUWwT8iWKXGmGGUzj Ux00lQVPWmWuPrEZ+KRe7OScF8aYw8GxAjw= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1650333526759100003 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3904 TdxDxe driver is introduced for Intel TDX feature. Unfortunately, this driver also breaks boot process in SEV-ES guest. The root cause is in the PciLib which is imported by TdxDxe driver. In a SEV-ES guest the AmdSevDxe driver performs a MemEncryptSevClearMmioPageEncMask() call against the PcdPciExpressBaseAddress range to mark it shared/unencrypted. However, the TdxDxe driver is loaded before the AmdSevDxe driver, and the PciLib in TdxDxe is DxePciLibI440FxQ35 which will access the PcdPciExpressBaseAddress range. Since the range has not been marked shared/unencrypted, the #VC handler terminates the guest for trying to do MMIO to an encrypted region. To fix the issue TdxDxe driver set the PciLib to BasePciLibCf8.inf as AmdSevDxe driver does. Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky SEV-Tested-by: Tom Lendacky TDX-Tested-by: Min Xu Signed-off-by: Min Xu --- OvmfPkg/IntelTdx/IntelTdxX64.dsc | 5 ++++- OvmfPkg/OvmfPkgX64.dsc | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX6= 4.dsc index 245155d41b..f58f14a1d8 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -704,7 +704,10 @@ OvmfPkg/PlatformDxe/Platform.inf OvmfPkg/IoMmuDxe/IoMmuDxe.inf =20 - OvmfPkg/TdxDxe/TdxDxe.inf + OvmfPkg/TdxDxe/TdxDxe.inf { + + PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf + } =20 # # Variable driver stack (non-SMM) diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index fb2899f8a1..68e7d051d0 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -967,7 +967,10 @@ } OvmfPkg/IoMmuDxe/IoMmuDxe.inf =20 - OvmfPkg/TdxDxe/TdxDxe.inf + OvmfPkg/TdxDxe/TdxDxe.inf { + + PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf + } =20 !if $(SMM_REQUIRE) =3D=3D TRUE OvmfPkg/SmmAccess/SmmAccess2Dxe.inf --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#89043): https://edk2.groups.io/g/devel/message/89043 Mute This Topic: https://groups.io/mt/90554139/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-