REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3249

Intel's Trust Domain Extensions (Intel TDX) refers to an Intel technology
that extends Virtual Machines Extensions (VMX) and Multi-Key Total Memory
Encryption (MKTME) with a new kind of virutal machines guest called a 
Trust Domain (TD). A TD is desinged to run in a CPU mode that protects the
confidentiality of TD memory contents and the TD's CPU state from other
software, including the hosting Virtual-Machine Monitor (VMM), unless
explicitly shared by the TD itself.

There are 2 configurations for TDVF to upstream. See below link for
the definitions of the 2 configurations.
https://edk2.groups.io/g/devel/message/76367

This patch-set is to enable Config-A in OvmfPkg.
 - Merge the *basic* TDVF feature to existing OvmfX64Pkg.dsc. (Align
   with existing SEV)
 - Threat model: VMM is NOT out of TCB. (We don’t make things worse.)
 - The OvmfX64Pkg.dsc includes SEV/TDX/normal OVMF basic boot capability.
   The final binary can run on SEV/TDX/normal OVMF
 - No changes to existing OvmfPkgX64 image layout.
 - No need to add additional security features if they do not exist today
 - No need to remove features if they exist today.
 - RTMR is not supported
 - PEI phase is NOT skipped in either Td or Non-Td

Patch 01 - 23 are changes in SEC phase. Also some libraries in these
patches are workable in SEC/PEI/DXE.

Patch 17 - 20 extract the common codes from OvmfPkg/PlatformPei to a new
PlatformInitLib. Then OvmfPkg/PlatformPei is refactored with this lib.
This is because there are 3 variants of PlatformPei in OvmfPkg and hence
many codes are duplicated.
Patch 21 then add Tdx specific codes in PlatformInitLib.

Patch 24 - 29 are changes in PEI phase.

Patch 30 - 34 are changes in DXE phase.

Patch 35 - 37 are for local Apic timer DXE driver.

[TDX]: https://software.intel.com/content/dam/develop/external/us/en/
documents/tdx-whitepaper-final9-17.pdf

[TDX-Module]: https://software.intel.com/content/dam/develop/external/
us/en/documents/tdx-module-1.0-public-spec-v0.931.pdf

[TDVF]: https://software.intel.com/content/dam/develop/external/us/en/
documents/tdx-virtual-firmware-design-guide-rev-1.pdf

[GCHI]: https://software.intel.com/content/dam/develop/external/us/en/
documents/intel-tdx-guest-hypervisor-communication-interface-1.0-344426-002.pdf

Code is at https://github.com/mxu9/edk2/tree/tdvf_wave2.v7

v7 changes:
 - Based on the comments from last review, 8 PlatformInitLib patches
   are squashed into 4 patches (#17-#20). These 4 patches are not
   related to Tdx guest. Tdx related codes of PlatformInitLib is
   in #21.
 - gUefiOvmfPkgTdxPlatformGuid is renamed as gUefiOvmfPkgPlatformInfoGuid.
   Because this GUID is used not only by Tdx guest, but also by
   Legacy guest.
 - PlatformInitLibNull is deleted.
 - In PlatformPei Pml4Entries is cap at 512 entries when
   mPhysMemAddressWidth > 48.

v7 not-addressed comments
 - Comments in MpInitLib have not been addressed yet. It will be
   addressed in the following version.
 - Thanks much for your understanding.

v6 changes:
 - PlatformInitLib and OvmfPkg/PlatformPei refactoring are covered in
   patch from 17 - 24. These patches are not related to Tdx guest. Tdx
   related codes of PlatformInitLib is in patch 25.
 - In the previous patch-sets, TdHob is processed in
   OvmfPkg/Sec/IntelTdx.c. Per Gerd's suggestion they are now moved
   to PlatformInitLib/IntelTdx.c. So that they can be reused in Config-B.
 - The default Accept page size is changed from 4K to 2M.
 - The BspAcceptMemoryResourceRange is refactored according to Gerd's
   comment.
 - In ApRunLoop.nasm command field is set to zero as acknowledgement.
   This is a fix based on the ACPI Spec v6.4,Sec titled "Multiprocessor
   Wakeup Structure".

v6 not-addressed comments
 - Comments in MpInitLib have not been addressed yet. It will be
   addressed in the following version.
 - Thanks much for your understanding.

v5 changes:
 - PlatformInitLib is introduced which wraps the common functions in
   OvmfPkg/PlatformPei. It is because there are a lot of duplicated
   codes for Platform initialization in PEI phase and there are at least
   3 variants of PlatformPei. Another reason is that in TDVF Config-B
   PEI-less boot needs the similar initiliazation as PlatformPei. Based
   on the discussion with the community, PlatformInitLib is introduced.
   As the first stage OvmfPkg/PlatformPei is refactored with this lib.
   In the future the other 2 PlatformPei variants will be refactored
   as well.
 - PcdIgnoreVeHalt is deprecated.
 - Add spec link for Mailbox.
 - Other minor changes, such as comments, uncrustify formats, etc.

v5 not-addressed comments
 - Comments in MpInitLib have not been addressed yet. It will be
   addressed in the following version.
 - Some comments may be missed. I will re-visit the review emails.
 - Thanks much for your understanding.

v4 changes:
 - Split the TdxLib into 2 libraries. The TDX basic functions
   (TdCall / TdVmCall / TdIsEnabled) are moved to BaseLib (#2).
   The other functions are in TdxLib. (#3)
 - Based on above changes (TdCall/TdVmCall/TdIsEnabled in BaseLib)
   the TdxLib.inf is not necessary in some Pkgs, such as
   UefiPayloadPkg. The duplicated source code are deleted (BaseIoLib
   is the sample).
 - Drop the Accepting pages with TDX MP service. Instead only BSP
   accepts pages. There maybe boot performance issue. There are some
   mitigations to it, such as 2M accept page size, lazy accept, etc.
   We will re-visit this issue in a separate patch-set.
 - Relocate Mailbox in TdxDxe driver instead of in PlatformPei. This
   is to keep consistence with Config-B (PEI is skipped in Config-B).
 - SetMmioSharedBit in TdxDxe driver instead of in DxeIplPeim after
   CreateIdentityMappingPageTables. This is to keep consistence with
   Config-B (PEI is skipped in Config-B).
 - Some other minor changes, such as switch-case indention.
 - Rebase the code base (commit: 8c06c53b585a) and update the code with
   uncrustify.

v4 not-addressed comments:
 - Comments in MpInitLib have not been addressed yet. It will be
   addressed in the next version.
 - BaseMemEncryptTdxLib is suggested to be merged with
   BaseMemEncryptSevLib. It will be addressed in the next version.
 - Gerd suggests a generic page table walker which is able to set
   and clear bits for a given memory range in both SEV and TDX guest.
   This suggestion will be addressed in the next version.
 - Some comments may be missed. I will re-visit the review emails.
 - Thanks much for your understanding.

v3 changes:
 - LocalApicTimerDxe is split out to be a separate patch-series.
 - VmTdExitLibNull/VmgExitLib are removed. Instead the VmgExitLib
   is extended to handle #VE exception. (Patch 3-5)
 - Split the Tdx support of base IoLib into 4 commits. (Patch 6-9)
 - Alter of MADT table is updated. In previous version it was
   created from scratch. Now it gets the installed table, copy
   it to a larger buffer and append the ACPI_MADT_MPWK to it.
   (Patch 25)
 - Changes in BaseXApicX2ApicLib is refined based on the
   feedbacks. (Add spec link of MSR access definition, rename
   some funtion name, etc.) (Patch 11)
 - Use PcdConfidentialComputingGuestAttr to probe TDX guest instead
   of CPUID. But in some cases PcdConfidentialComputingGuestAttr
   cannot be used because it has not been set yet.
 - Some other minor changes.
 
v3 not-addressed comments:
 - Some of the comments have not been addressed. This is because I
   need more time to consider how to address these comments.
   At the same time I want to submit a new version based on the above
   changes so that community can review in a more efficient way.
   (v2 is the version one month ago).
 - Comments in MpInitLib have not been addressed yet. It will be
   addressed in v4.
 - BaseMemEncryptTdxLib should be merged with BaseMemEncryptSevLib.
   It will be addressed in v4.
 - Some comments may be missed. I will re-visit the review emails.
 - Thanks much for your understanding.

v2 changes:
 - Remove TdxProbeLib. It is to reduce the depencies of the lib.
 - In v1 a new function (AllocatePagesWithMemoryType) is added in
   PeiMemoryAllocationLib. This function is not necessary. It can
   be replaced by PeiServicesAllocatePages.
 - IoLibFifo.c is added in BaseIoLibIntrinsic. This file includes
   the functions of read/write of I/O  port fifo. These functions
   will call TdIoReadFifo or SevIoReadFifo by checking TDX or SEV
   in run-time.
 - DXE related patches are added. (Patch 22-28)
 - Fix typo in commit/comment message, or some minor changes.
 - Rebase the edk2 code base. (4cc1458dbe00)

Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>

Min Xu (37):
  MdePkg: Add Tdx.h
  MdePkg: Introduce basic Tdx functions in BaseLib
  MdePkg: Add TdxLib to wrap Tdx operations
  UefiCpuPkg: Extend VmgExitLibNull to handle #VE exception
  OvmfPkg: Extend VmgExitLib to handle #VE exception
  UefiCpuPkg/CpuExceptionHandler: Add base support for the #VE exception
  MdePkg: Add helper functions for Tdx guest in BaseIoLibIntrinsic
  MdePkg: Support mmio for Tdx guest in BaseIoLibIntrinsic
  MdePkg: Support IoFifo for Tdx guest in BaseIoLibIntrinsic
  MdePkg: Support IoRead/IoWrite for Tdx guest in BaseIoLibIntrinsic
  UefiCpuPkg: Support TDX in BaseXApicX2ApicLib
  MdePkg: Add macro to check SEV / TDX guest
  UefiCpuPkg: Enable Tdx support in MpInitLib
  OvmfPkg: Add IntelTdx.h in OvmfPkg/Include/IndustryStandard
  OvmfPkg: Add TdxMailboxLib
  MdePkg: Add EFI_RESOURCE_ATTRIBUTE_ENCRYPTED in PiHob.h
  OvmfPkg: Create initial version of PlatformInitLib
  OvmfPkg/PlatformInitLib: Add hob functions
  OvmfPkg/PlatformInitLib: Add memory functions
  OvmfPkg/PlatformInitLib: Add platform functions
  OvmfPkg: Update PlatformInitLib to process Tdx hoblist
  OvmfPkg/Sec: Declare local variable as volatile in
    SecCoreStartupWithStack
  OvmfPkg: Update Sec to support Tdx
  OvmfPkg: Check Tdx in QemuFwCfgPei to avoid DMA operation
  MdeModulePkg: EFER should not be changed in TDX
  MdeModulePkg: Add PcdTdxSharedBitMask
  UefiCpuPkg: Update AddressEncMask in CpuPageTable
  OvmfPkg: Update PlatformInitLib for Tdx guest to publish ram regions
  OvmfPkg: Update PlatformPei to support Tdx guest
  OvmfPkg: Update AcpiPlatformDxe to alter MADT table
  OvmfPkg/BaseMemEncryptTdxLib: Add TDX helper library
  OvmfPkg: Add TdxDxe driver
  OvmfPkg/QemuFwCfgLib: Support Tdx in QemuFwCfgDxe
  OvmfPkg: Update IoMmuDxe to support TDX
  OvmfPkg: Rename XenTimerDxe to LocalApicTimerDxe
  UefiCpuPkg: Setting initial-count register as the last step
  OvmfPkg: Switch timer in build time for OvmfPkg

 MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf       |   1 +
 .../Core/DxeIplPeim/X64/VirtualMemory.c       |   7 +
 MdeModulePkg/MdeModulePkg.dec                 |   9 +
 .../Include/ConfidentialComputingGuestAttr.h  |   3 +
 MdePkg/Include/IndustryStandard/Tdx.h         | 203 ++++
 MdePkg/Include/Library/BaseLib.h              |  62 ++
 MdePkg/Include/Library/TdxLib.h               |  97 ++
 MdePkg/Include/Pi/PiHob.h                     |   8 +
 .../BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf |   2 +
 .../BaseIoLibIntrinsicSev.inf                 |   7 +
 MdePkg/Library/BaseIoLibIntrinsic/IoLib.c     |  81 +-
 MdePkg/Library/BaseIoLibIntrinsic/IoLibFifo.c | 216 ++++
 MdePkg/Library/BaseIoLibIntrinsic/IoLibGcc.c  |  51 +-
 .../BaseIoLibIntrinsic/IoLibInternalTdx.c     | 675 +++++++++++++
 .../BaseIoLibIntrinsic/IoLibInternalTdxNull.c | 497 +++++++++
 MdePkg/Library/BaseIoLibIntrinsic/IoLibMsc.c  |  73 +-
 MdePkg/Library/BaseIoLibIntrinsic/IoLibSev.h  | 166 +++
 MdePkg/Library/BaseIoLibIntrinsic/IoLibTdx.h  | 410 ++++++++
 .../BaseIoLibIntrinsic/X64/IoFifoSev.nasm     |  34 +-
 MdePkg/Library/BaseLib/BaseLib.inf            |  11 +
 MdePkg/Library/BaseLib/IntelTdxNull.c         |  83 ++
 MdePkg/Library/BaseLib/X64/TdCall.nasm        |  85 ++
 MdePkg/Library/BaseLib/X64/TdProbe.c          |  62 ++
 MdePkg/Library/BaseLib/X64/TdVmcall.nasm      | 145 +++
 MdePkg/Library/TdxLib/AcceptPages.c           | 180 ++++
 MdePkg/Library/TdxLib/Rtmr.c                  |  83 ++
 MdePkg/Library/TdxLib/TdInfo.c                | 114 +++
 MdePkg/Library/TdxLib/TdxLib.inf              |  37 +
 MdePkg/Library/TdxLib/TdxLibNull.c            | 107 ++
 MdePkg/MdePkg.dec                             |   3 +
 MdePkg/MdePkg.dsc                             |   1 +
 OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf   |   1 +
 OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpi.c       |  14 +-
 OvmfPkg/AmdSev/AmdSevX64.dsc                  |   8 +-
 OvmfPkg/AmdSev/AmdSevX64.fdf                  |   3 +-
 OvmfPkg/Bhyve/BhyveX64.dsc                    |   2 +
 OvmfPkg/CloudHv/CloudHvX64.dsc                |   5 +-
 OvmfPkg/CloudHv/CloudHvX64.fdf                |   2 +-
 OvmfPkg/Include/IndustryStandard/IntelTdx.h   |  67 ++
 OvmfPkg/Include/Library/MemEncryptTdxLib.h    |  81 ++
 OvmfPkg/Include/Library/PlatformInitLib.h     | 286 ++++++
 OvmfPkg/Include/Library/TdxMailboxLib.h       |  76 ++
 .../Include/Protocol/QemuAcpiTableNotify.h    |  27 +
 OvmfPkg/Include/TdxCommondefs.inc             |  51 +
 OvmfPkg/IoMmuDxe/AmdSevIoMmu.c                | 103 +-
 OvmfPkg/IoMmuDxe/AmdSevIoMmu.h                |   6 +-
 OvmfPkg/IoMmuDxe/IoMmuDxe.c                   |   6 +-
 OvmfPkg/IoMmuDxe/IoMmuDxe.inf                 |   5 +
 .../BaseMemEncryptTdxLib.inf                  |  44 +
 .../BaseMemEncryptTdxLibNull.inf              |  35 +
 .../BaseMemoryEncryptionNull.c                |  90 ++
 .../BaseMemEncryptTdxLib/MemoryEncryption.c   | 948 ++++++++++++++++++
 .../BaseMemEncryptTdxLib/VirtualMemory.h      | 181 ++++
 .../PlatformInitLib}/Cmos.c                   |  32 +-
 OvmfPkg/Library/PlatformInitLib/IntelTdx.c    | 553 ++++++++++
 .../Library/PlatformInitLib/IntelTdxNull.c    |  46 +
 OvmfPkg/Library/PlatformInitLib/MemDetect.c   | 707 +++++++++++++
 OvmfPkg/Library/PlatformInitLib/Platform.c    | 597 +++++++++++
 .../PlatformInitLib/PlatformInitLib.inf       |  94 ++
 OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c   |   9 +-
 .../Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf  |   1 +
 .../QemuFwCfgLib/QemuFwCfgLibInternal.h       |  11 +
 OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c   |  32 +
 .../Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf  |   2 +
 OvmfPkg/Library/TdxMailboxLib/TdxMailbox.c    | 140 +++
 .../Library/TdxMailboxLib/TdxMailboxLib.inf   |  52 +
 .../Library/TdxMailboxLib/TdxMailboxNull.c    |  85 ++
 OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf  |   3 +-
 OvmfPkg/Library/VmgExitLib/VmTdExitHandler.h  |  32 +
 .../Library/VmgExitLib/VmTdExitVeHandler.c    | 559 +++++++++++
 OvmfPkg/Library/VmgExitLib/VmgExitLib.inf     |   2 +
 .../Library/VmgExitLib/X64/TdVmcallCpuid.nasm | 146 +++
 .../LocalApicTimerDxe.c}                      |   4 +-
 .../LocalApicTimerDxe.h}                      |   4 +-
 .../LocalApicTimerDxe.inf}                    |   7 +-
 OvmfPkg/Microvm/MicrovmX64.dsc                |   5 +-
 OvmfPkg/Microvm/MicrovmX64.fdf                |   2 +-
 OvmfPkg/OvmfPkg.dec                           |  17 +
 OvmfPkg/OvmfPkgIa32.dsc                       |  12 +-
 OvmfPkg/OvmfPkgIa32.fdf                       |   8 +-
 OvmfPkg/OvmfPkgIa32X64.dsc                    |  14 +-
 OvmfPkg/OvmfPkgIa32X64.fdf                    |   8 +-
 OvmfPkg/OvmfPkgX64.dsc                        |  29 +-
 OvmfPkg/OvmfPkgX64.fdf                        |  11 +-
 OvmfPkg/OvmfXen.dsc                           |   4 +-
 OvmfPkg/OvmfXen.fdf                           |   2 +-
 OvmfPkg/PlatformPei/Cmos.h                    |  48 -
 OvmfPkg/PlatformPei/FeatureControl.c          |   7 +-
 OvmfPkg/PlatformPei/IntelTdx.c                |  54 +
 OvmfPkg/PlatformPei/MemDetect.c               | 669 +-----------
 OvmfPkg/PlatformPei/Platform.c                | 522 ++--------
 OvmfPkg/PlatformPei/Platform.h                |  55 +-
 OvmfPkg/PlatformPei/PlatformPei.inf           |   7 +-
 OvmfPkg/Sec/SecMain.c                         |  44 +-
 OvmfPkg/Sec/SecMain.inf                       |   3 +
 OvmfPkg/Sec/X64/SecEntry.nasm                 |  82 ++
 OvmfPkg/TdxDxe/TdxAcpiTable.c                 | 213 ++++
 OvmfPkg/TdxDxe/TdxAcpiTable.h                 |  60 ++
 OvmfPkg/TdxDxe/TdxDxe.c                       | 261 +++++
 OvmfPkg/TdxDxe/TdxDxe.inf                     |  64 ++
 OvmfPkg/TdxDxe/X64/ApRunLoop.nasm             |  90 ++
 UefiCpuPkg/CpuDxe/CpuDxe.inf                  |   1 +
 UefiCpuPkg/CpuDxe/CpuPageTable.c              |   4 +
 UefiCpuPkg/Include/Library/VmgExitLib.h       |  28 +
 .../BaseXApicX2ApicLib/BaseXApicX2ApicLib.c   | 170 +++-
 .../PeiDxeSmmCpuException.c                   |  17 +
 .../SecPeiCpuException.c                      |  18 +
 UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf |   3 +
 UefiCpuPkg/Library/MpInitLib/DxeMpLib.c       |  15 +-
 UefiCpuPkg/Library/MpInitLib/MpIntelTdx.h     |  71 ++
 UefiCpuPkg/Library/MpInitLib/MpLib.c          |  27 +
 UefiCpuPkg/Library/MpInitLib/MpLibTdx.c       | 128 +++
 UefiCpuPkg/Library/MpInitLib/MpLibTdxNull.c   |  73 ++
 UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf |   3 +
 .../Library/VmgExitLibNull/VmTdExitNull.c     |  38 +
 .../Library/VmgExitLibNull/VmgExitLibNull.inf |   1 +
 116 files changed, 10233 insertions(+), 1327 deletions(-)
 create mode 100644 MdePkg/Include/IndustryStandard/Tdx.h
 create mode 100644 MdePkg/Include/Library/TdxLib.h
 create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibFifo.c
 create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibInternalTdx.c
 create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibInternalTdxNull.c
 create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibSev.h
 create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibTdx.h
 create mode 100644 MdePkg/Library/BaseLib/IntelTdxNull.c
 create mode 100644 MdePkg/Library/BaseLib/X64/TdCall.nasm
 create mode 100644 MdePkg/Library/BaseLib/X64/TdProbe.c
 create mode 100644 MdePkg/Library/BaseLib/X64/TdVmcall.nasm
 create mode 100644 MdePkg/Library/TdxLib/AcceptPages.c
 create mode 100644 MdePkg/Library/TdxLib/Rtmr.c
 create mode 100644 MdePkg/Library/TdxLib/TdInfo.c
 create mode 100644 MdePkg/Library/TdxLib/TdxLib.inf
 create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.c
 create mode 100644 OvmfPkg/Include/IndustryStandard/IntelTdx.h
 create mode 100644 OvmfPkg/Include/Library/MemEncryptTdxLib.h
 create mode 100644 OvmfPkg/Include/Library/PlatformInitLib.h
 create mode 100644 OvmfPkg/Include/Library/TdxMailboxLib.h
 create mode 100644 OvmfPkg/Include/Protocol/QemuAcpiTableNotify.h
 create mode 100644 OvmfPkg/Include/TdxCommondefs.inc
 create mode 100644 OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLib.inf
 create mode 100644 OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLibNull.inf
 create mode 100644 OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemoryEncryptionNull.c
 create mode 100644 OvmfPkg/Library/BaseMemEncryptTdxLib/MemoryEncryption.c
 create mode 100644 OvmfPkg/Library/BaseMemEncryptTdxLib/VirtualMemory.h
 rename OvmfPkg/{PlatformPei => Library/PlatformInitLib}/Cmos.c (61%)
 create mode 100644 OvmfPkg/Library/PlatformInitLib/IntelTdx.c
 create mode 100644 OvmfPkg/Library/PlatformInitLib/IntelTdxNull.c
 create mode 100644 OvmfPkg/Library/PlatformInitLib/MemDetect.c
 create mode 100644 OvmfPkg/Library/PlatformInitLib/Platform.c
 create mode 100644 OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
 create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailbox.c
 create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf
 create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailboxNull.c
 create mode 100644 OvmfPkg/Library/VmgExitLib/VmTdExitHandler.h
 create mode 100644 OvmfPkg/Library/VmgExitLib/VmTdExitVeHandler.c
 create mode 100644 OvmfPkg/Library/VmgExitLib/X64/TdVmcallCpuid.nasm
 rename OvmfPkg/{XenTimerDxe/XenTimerDxe.c => LocalApicTimerDxe/LocalApicTimerDxe.c} (95%)
 rename OvmfPkg/{XenTimerDxe/XenTimerDxe.h => LocalApicTimerDxe/LocalApicTimerDxe.h} (96%)
 rename OvmfPkg/{XenTimerDxe/XenTimerDxe.inf => LocalApicTimerDxe/LocalApicTimerDxe.inf} (80%)
 delete mode 100644 OvmfPkg/PlatformPei/Cmos.h
 create mode 100644 OvmfPkg/PlatformPei/IntelTdx.c
 create mode 100644 OvmfPkg/TdxDxe/TdxAcpiTable.c
 create mode 100644 OvmfPkg/TdxDxe/TdxAcpiTable.h
 create mode 100644 OvmfPkg/TdxDxe/TdxDxe.c
 create mode 100644 OvmfPkg/TdxDxe/TdxDxe.inf
 create mode 100644 OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
 create mode 100644 UefiCpuPkg/Library/MpInitLib/MpIntelTdx.h
 create mode 100644 UefiCpuPkg/Library/MpInitLib/MpLibTdx.c
 create mode 100644 UefiCpuPkg/Library/MpInitLib/MpLibTdxNull.c
 create mode 100644 UefiCpuPkg/Library/VmgExitLibNull/VmTdExitNull.c

-- 
2.29.2.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#87048): https://edk2.groups.io/g/devel/message/87048
Mute This Topic: https://groups.io/mt/89446146/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Min:
  I have two comments in MdePkg. The changes in MdeModulePkg are good to me. 
1. Seemly, new APIs (TdCall, TdVmCall, TdIsEnabled) in BaseLib are X86 specific. How about define them in #if defined (MDE_CPU_IA32) || defined (MDE_CPU_X64) in BaseLib.h?
2. I don't find new resource attribute EFI_RESOURCE_ATTRIBUTE_ENCRYPTED in the latest PI PI_Spec_1_7_A_final_May1.pdf. Can you let me know which spec defines it?

Thanks
Liming
> -----邮件原件-----
> 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Min Xu
> 发送时间: 2022年2月28日 15:21
> 收件人: devel@edk2.groups.io
> 抄送: Min Xu <min.m.xu@intel.com>; Brijesh Singh
> <brijesh.singh@amd.com>; Eric Dong <eric.dong@intel.com>; Erdem Aktas
> <erdemaktas@google.com>; Hao A Wu <hao.a.wu@intel.com>; Jian J Wang
> <jian.j.wang@intel.com>; James Bottomley <jejb@linux.ibm.com>; Jiewen
> Yao <jiewen.yao@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>;
> Michael D Kinney <michael.d.kinney@intel.com>; Ray Ni <ray.ni@intel.com>;
> Rahul Kumar <rahul1.kumar@intel.com>; Tom Lendacky
> <thomas.lendacky@amd.com>; Zhiguang Liu <zhiguang.liu@intel.com>; Gerd
> Hoffmann <kraxel@redhat.com>
> 主题: [edk2-devel] [PATCH V7 00/37] Enable Intel TDX in OvmfPkg (Config-A)
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3249
> 
> Intel's Trust Domain Extensions (Intel TDX) refers to an Intel technology
> that extends Virtual Machines Extensions (VMX) and Multi-Key Total Memory
> Encryption (MKTME) with a new kind of virutal machines guest called a
> Trust Domain (TD). A TD is desinged to run in a CPU mode that protects the
> confidentiality of TD memory contents and the TD's CPU state from other
> software, including the hosting Virtual-Machine Monitor (VMM), unless
> explicitly shared by the TD itself.
> 
> There are 2 configurations for TDVF to upstream. See below link for
> the definitions of the 2 configurations.
> https://edk2.groups.io/g/devel/message/76367
> 
> This patch-set is to enable Config-A in OvmfPkg.
>  - Merge the *basic* TDVF feature to existing OvmfX64Pkg.dsc. (Align
>    with existing SEV)
>  - Threat model: VMM is NOT out of TCB. (We don’t make things worse.)
>  - The OvmfX64Pkg.dsc includes SEV/TDX/normal OVMF basic boot capability.
>    The final binary can run on SEV/TDX/normal OVMF
>  - No changes to existing OvmfPkgX64 image layout.
>  - No need to add additional security features if they do not exist today
>  - No need to remove features if they exist today.
>  - RTMR is not supported
>  - PEI phase is NOT skipped in either Td or Non-Td
> 
> Patch 01 - 23 are changes in SEC phase. Also some libraries in these
> patches are workable in SEC/PEI/DXE.
> 
> Patch 17 - 20 extract the common codes from OvmfPkg/PlatformPei to a new
> PlatformInitLib. Then OvmfPkg/PlatformPei is refactored with this lib.
> This is because there are 3 variants of PlatformPei in OvmfPkg and hence
> many codes are duplicated.
> Patch 21 then add Tdx specific codes in PlatformInitLib.
> 
> Patch 24 - 29 are changes in PEI phase.
> 
> Patch 30 - 34 are changes in DXE phase.
> 
> Patch 35 - 37 are for local Apic timer DXE driver.
> 
> [TDX]: https://software.intel.com/content/dam/develop/external/us/en/
> documents/tdx-whitepaper-final9-17.pdf
> 
> [TDX-Module]: https://software.intel.com/content/dam/develop/external/
> us/en/documents/tdx-module-1.0-public-spec-v0.931.pdf
> 
> [TDVF]: https://software.intel.com/content/dam/develop/external/us/en/
> documents/tdx-virtual-firmware-design-guide-rev-1.pdf
> 
> [GCHI]: https://software.intel.com/content/dam/develop/external/us/en/
> documents/intel-tdx-guest-hypervisor-communication-interface-1.0-344426-
> 002.pdf
> 
> Code is at https://github.com/mxu9/edk2/tree/tdvf_wave2.v7
> 
> v7 changes:
>  - Based on the comments from last review, 8 PlatformInitLib patches
>    are squashed into 4 patches (#17-#20). These 4 patches are not
>    related to Tdx guest. Tdx related codes of PlatformInitLib is
>    in #21.
>  - gUefiOvmfPkgTdxPlatformGuid is renamed as
> gUefiOvmfPkgPlatformInfoGuid.
>    Because this GUID is used not only by Tdx guest, but also by
>    Legacy guest.
>  - PlatformInitLibNull is deleted.
>  - In PlatformPei Pml4Entries is cap at 512 entries when
>    mPhysMemAddressWidth > 48.
> 
> v7 not-addressed comments
>  - Comments in MpInitLib have not been addressed yet. It will be
>    addressed in the following version.
>  - Thanks much for your understanding.
> 
> v6 changes:
>  - PlatformInitLib and OvmfPkg/PlatformPei refactoring are covered in
>    patch from 17 - 24. These patches are not related to Tdx guest. Tdx
>    related codes of PlatformInitLib is in patch 25.
>  - In the previous patch-sets, TdHob is processed in
>    OvmfPkg/Sec/IntelTdx.c. Per Gerd's suggestion they are now moved
>    to PlatformInitLib/IntelTdx.c. So that they can be reused in Config-B.
>  - The default Accept page size is changed from 4K to 2M.
>  - The BspAcceptMemoryResourceRange is refactored according to Gerd's
>    comment.
>  - In ApRunLoop.nasm command field is set to zero as acknowledgement.
>    This is a fix based on the ACPI Spec v6.4,Sec titled "Multiprocessor
>    Wakeup Structure".
> 
> v6 not-addressed comments
>  - Comments in MpInitLib have not been addressed yet. It will be
>    addressed in the following version.
>  - Thanks much for your understanding.
> 
> v5 changes:
>  - PlatformInitLib is introduced which wraps the common functions in
>    OvmfPkg/PlatformPei. It is because there are a lot of duplicated
>    codes for Platform initialization in PEI phase and there are at least
>    3 variants of PlatformPei. Another reason is that in TDVF Config-B
>    PEI-less boot needs the similar initiliazation as PlatformPei. Based
>    on the discussion with the community, PlatformInitLib is introduced.
>    As the first stage OvmfPkg/PlatformPei is refactored with this lib.
>    In the future the other 2 PlatformPei variants will be refactored
>    as well.
>  - PcdIgnoreVeHalt is deprecated.
>  - Add spec link for Mailbox.
>  - Other minor changes, such as comments, uncrustify formats, etc.
> 
> v5 not-addressed comments
>  - Comments in MpInitLib have not been addressed yet. It will be
>    addressed in the following version.
>  - Some comments may be missed. I will re-visit the review emails.
>  - Thanks much for your understanding.
> 
> v4 changes:
>  - Split the TdxLib into 2 libraries. The TDX basic functions
>    (TdCall / TdVmCall / TdIsEnabled) are moved to BaseLib (#2).
>    The other functions are in TdxLib. (#3)
>  - Based on above changes (TdCall/TdVmCall/TdIsEnabled in BaseLib)
>    the TdxLib.inf is not necessary in some Pkgs, such as
>    UefiPayloadPkg. The duplicated source code are deleted (BaseIoLib
>    is the sample).
>  - Drop the Accepting pages with TDX MP service. Instead only BSP
>    accepts pages. There maybe boot performance issue. There are some
>    mitigations to it, such as 2M accept page size, lazy accept, etc.
>    We will re-visit this issue in a separate patch-set.
>  - Relocate Mailbox in TdxDxe driver instead of in PlatformPei. This
>    is to keep consistence with Config-B (PEI is skipped in Config-B).
>  - SetMmioSharedBit in TdxDxe driver instead of in DxeIplPeim after
>    CreateIdentityMappingPageTables. This is to keep consistence with
>    Config-B (PEI is skipped in Config-B).
>  - Some other minor changes, such as switch-case indention.
>  - Rebase the code base (commit: 8c06c53b585a) and update the code with
>    uncrustify.
> 
> v4 not-addressed comments:
>  - Comments in MpInitLib have not been addressed yet. It will be
>    addressed in the next version.
>  - BaseMemEncryptTdxLib is suggested to be merged with
>    BaseMemEncryptSevLib. It will be addressed in the next version.
>  - Gerd suggests a generic page table walker which is able to set
>    and clear bits for a given memory range in both SEV and TDX guest.
>    This suggestion will be addressed in the next version.
>  - Some comments may be missed. I will re-visit the review emails.
>  - Thanks much for your understanding.
> 
> v3 changes:
>  - LocalApicTimerDxe is split out to be a separate patch-series.
>  - VmTdExitLibNull/VmgExitLib are removed. Instead the VmgExitLib
>    is extended to handle #VE exception. (Patch 3-5)
>  - Split the Tdx support of base IoLib into 4 commits. (Patch 6-9)
>  - Alter of MADT table is updated. In previous version it was
>    created from scratch. Now it gets the installed table, copy
>    it to a larger buffer and append the ACPI_MADT_MPWK to it.
>    (Patch 25)
>  - Changes in BaseXApicX2ApicLib is refined based on the
>    feedbacks. (Add spec link of MSR access definition, rename
>    some funtion name, etc.) (Patch 11)
>  - Use PcdConfidentialComputingGuestAttr to probe TDX guest instead
>    of CPUID. But in some cases PcdConfidentialComputingGuestAttr
>    cannot be used because it has not been set yet.
>  - Some other minor changes.
> 
> v3 not-addressed comments:
>  - Some of the comments have not been addressed. This is because I
>    need more time to consider how to address these comments.
>    At the same time I want to submit a new version based on the above
>    changes so that community can review in a more efficient way.
>    (v2 is the version one month ago).
>  - Comments in MpInitLib have not been addressed yet. It will be
>    addressed in v4.
>  - BaseMemEncryptTdxLib should be merged with BaseMemEncryptSevLib.
>    It will be addressed in v4.
>  - Some comments may be missed. I will re-visit the review emails.
>  - Thanks much for your understanding.
> 
> v2 changes:
>  - Remove TdxProbeLib. It is to reduce the depencies of the lib.
>  - In v1 a new function (AllocatePagesWithMemoryType) is added in
>    PeiMemoryAllocationLib. This function is not necessary. It can
>    be replaced by PeiServicesAllocatePages.
>  - IoLibFifo.c is added in BaseIoLibIntrinsic. This file includes
>    the functions of read/write of I/O  port fifo. These functions
>    will call TdIoReadFifo or SevIoReadFifo by checking TDX or SEV
>    in run-time.
>  - DXE related patches are added. (Patch 22-28)
>  - Fix typo in commit/comment message, or some minor changes.
>  - Rebase the edk2 code base. (4cc1458dbe00)
> 
> Cc: Brijesh Singh <brijesh.singh@amd.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: Hao A Wu <hao.a.wu@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Signed-off-by: Min Xu <min.m.xu@intel.com>
> 
> Min Xu (37):
>   MdePkg: Add Tdx.h
>   MdePkg: Introduce basic Tdx functions in BaseLib
>   MdePkg: Add TdxLib to wrap Tdx operations
>   UefiCpuPkg: Extend VmgExitLibNull to handle #VE exception
>   OvmfPkg: Extend VmgExitLib to handle #VE exception
>   UefiCpuPkg/CpuExceptionHandler: Add base support for the #VE exception
>   MdePkg: Add helper functions for Tdx guest in BaseIoLibIntrinsic
>   MdePkg: Support mmio for Tdx guest in BaseIoLibIntrinsic
>   MdePkg: Support IoFifo for Tdx guest in BaseIoLibIntrinsic
>   MdePkg: Support IoRead/IoWrite for Tdx guest in BaseIoLibIntrinsic
>   UefiCpuPkg: Support TDX in BaseXApicX2ApicLib
>   MdePkg: Add macro to check SEV / TDX guest
>   UefiCpuPkg: Enable Tdx support in MpInitLib
>   OvmfPkg: Add IntelTdx.h in OvmfPkg/Include/IndustryStandard
>   OvmfPkg: Add TdxMailboxLib
>   MdePkg: Add EFI_RESOURCE_ATTRIBUTE_ENCRYPTED in PiHob.h
>   OvmfPkg: Create initial version of PlatformInitLib
>   OvmfPkg/PlatformInitLib: Add hob functions
>   OvmfPkg/PlatformInitLib: Add memory functions
>   OvmfPkg/PlatformInitLib: Add platform functions
>   OvmfPkg: Update PlatformInitLib to process Tdx hoblist
>   OvmfPkg/Sec: Declare local variable as volatile in
>     SecCoreStartupWithStack
>   OvmfPkg: Update Sec to support Tdx
>   OvmfPkg: Check Tdx in QemuFwCfgPei to avoid DMA operation
>   MdeModulePkg: EFER should not be changed in TDX
>   MdeModulePkg: Add PcdTdxSharedBitMask
>   UefiCpuPkg: Update AddressEncMask in CpuPageTable
>   OvmfPkg: Update PlatformInitLib for Tdx guest to publish ram regions
>   OvmfPkg: Update PlatformPei to support Tdx guest
>   OvmfPkg: Update AcpiPlatformDxe to alter MADT table
>   OvmfPkg/BaseMemEncryptTdxLib: Add TDX helper library
>   OvmfPkg: Add TdxDxe driver
>   OvmfPkg/QemuFwCfgLib: Support Tdx in QemuFwCfgDxe
>   OvmfPkg: Update IoMmuDxe to support TDX
>   OvmfPkg: Rename XenTimerDxe to LocalApicTimerDxe
>   UefiCpuPkg: Setting initial-count register as the last step
>   OvmfPkg: Switch timer in build time for OvmfPkg
> 
>  MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf       |   1 +
>  .../Core/DxeIplPeim/X64/VirtualMemory.c       |   7 +
>  MdeModulePkg/MdeModulePkg.dec                 |   9 +
>  .../Include/ConfidentialComputingGuestAttr.h  |   3 +
>  MdePkg/Include/IndustryStandard/Tdx.h         | 203 ++++
>  MdePkg/Include/Library/BaseLib.h              |  62 ++
>  MdePkg/Include/Library/TdxLib.h               |  97 ++
>  MdePkg/Include/Pi/PiHob.h                     |   8 +
>  .../BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf |   2 +
>  .../BaseIoLibIntrinsicSev.inf                 |   7 +
>  MdePkg/Library/BaseIoLibIntrinsic/IoLib.c     |  81 +-
>  MdePkg/Library/BaseIoLibIntrinsic/IoLibFifo.c | 216 ++++
>  MdePkg/Library/BaseIoLibIntrinsic/IoLibGcc.c  |  51 +-
>  .../BaseIoLibIntrinsic/IoLibInternalTdx.c     | 675 +++++++++++++
>  .../BaseIoLibIntrinsic/IoLibInternalTdxNull.c | 497 +++++++++
>  MdePkg/Library/BaseIoLibIntrinsic/IoLibMsc.c  |  73 +-
>  MdePkg/Library/BaseIoLibIntrinsic/IoLibSev.h  | 166 +++
>  MdePkg/Library/BaseIoLibIntrinsic/IoLibTdx.h  | 410 ++++++++
>  .../BaseIoLibIntrinsic/X64/IoFifoSev.nasm     |  34 +-
>  MdePkg/Library/BaseLib/BaseLib.inf            |  11 +
>  MdePkg/Library/BaseLib/IntelTdxNull.c         |  83 ++
>  MdePkg/Library/BaseLib/X64/TdCall.nasm        |  85 ++
>  MdePkg/Library/BaseLib/X64/TdProbe.c          |  62 ++
>  MdePkg/Library/BaseLib/X64/TdVmcall.nasm      | 145 +++
>  MdePkg/Library/TdxLib/AcceptPages.c           | 180 ++++
>  MdePkg/Library/TdxLib/Rtmr.c                  |  83 ++
>  MdePkg/Library/TdxLib/TdInfo.c                | 114 +++
>  MdePkg/Library/TdxLib/TdxLib.inf              |  37 +
>  MdePkg/Library/TdxLib/TdxLibNull.c            | 107 ++
>  MdePkg/MdePkg.dec                             |   3 +
>  MdePkg/MdePkg.dsc                             |   1 +
>  OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf   |   1 +
>  OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpi.c       |  14 +-
>  OvmfPkg/AmdSev/AmdSevX64.dsc                  |   8 +-
>  OvmfPkg/AmdSev/AmdSevX64.fdf                  |   3 +-
>  OvmfPkg/Bhyve/BhyveX64.dsc                    |   2 +
>  OvmfPkg/CloudHv/CloudHvX64.dsc                |   5 +-
>  OvmfPkg/CloudHv/CloudHvX64.fdf                |   2 +-
>  OvmfPkg/Include/IndustryStandard/IntelTdx.h   |  67 ++
>  OvmfPkg/Include/Library/MemEncryptTdxLib.h    |  81 ++
>  OvmfPkg/Include/Library/PlatformInitLib.h     | 286 ++++++
>  OvmfPkg/Include/Library/TdxMailboxLib.h       |  76 ++
>  .../Include/Protocol/QemuAcpiTableNotify.h    |  27 +
>  OvmfPkg/Include/TdxCommondefs.inc             |  51 +
>  OvmfPkg/IoMmuDxe/AmdSevIoMmu.c                | 103 +-
>  OvmfPkg/IoMmuDxe/AmdSevIoMmu.h                |   6 +-
>  OvmfPkg/IoMmuDxe/IoMmuDxe.c                   |   6 +-
>  OvmfPkg/IoMmuDxe/IoMmuDxe.inf                 |   5 +
>  .../BaseMemEncryptTdxLib.inf                  |  44 +
>  .../BaseMemEncryptTdxLibNull.inf              |  35 +
>  .../BaseMemoryEncryptionNull.c                |  90 ++
>  .../BaseMemEncryptTdxLib/MemoryEncryption.c   | 948
> ++++++++++++++++++
>  .../BaseMemEncryptTdxLib/VirtualMemory.h      | 181 ++++
>  .../PlatformInitLib}/Cmos.c                   |  32 +-
>  OvmfPkg/Library/PlatformInitLib/IntelTdx.c    | 553 ++++++++++
>  .../Library/PlatformInitLib/IntelTdxNull.c    |  46 +
>  OvmfPkg/Library/PlatformInitLib/MemDetect.c   | 707 +++++++++++++
>  OvmfPkg/Library/PlatformInitLib/Platform.c    | 597 +++++++++++
>  .../PlatformInitLib/PlatformInitLib.inf       |  94 ++
>  OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c   |   9 +-
>  .../Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf  |   1 +
>  .../QemuFwCfgLib/QemuFwCfgLibInternal.h       |  11 +
>  OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c   |  32 +
>  .../Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf  |   2 +
>  OvmfPkg/Library/TdxMailboxLib/TdxMailbox.c    | 140 +++
>  .../Library/TdxMailboxLib/TdxMailboxLib.inf   |  52 +
>  .../Library/TdxMailboxLib/TdxMailboxNull.c    |  85 ++
>  OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf  |   3 +-
>  OvmfPkg/Library/VmgExitLib/VmTdExitHandler.h  |  32 +
>  .../Library/VmgExitLib/VmTdExitVeHandler.c    | 559 +++++++++++
>  OvmfPkg/Library/VmgExitLib/VmgExitLib.inf     |   2 +
>  .../Library/VmgExitLib/X64/TdVmcallCpuid.nasm | 146 +++
>  .../LocalApicTimerDxe.c}                      |   4 +-
>  .../LocalApicTimerDxe.h}                      |   4 +-
>  .../LocalApicTimerDxe.inf}                    |   7 +-
>  OvmfPkg/Microvm/MicrovmX64.dsc                |   5 +-
>  OvmfPkg/Microvm/MicrovmX64.fdf                |   2 +-
>  OvmfPkg/OvmfPkg.dec                           |  17 +
>  OvmfPkg/OvmfPkgIa32.dsc                       |  12 +-
>  OvmfPkg/OvmfPkgIa32.fdf                       |   8 +-
>  OvmfPkg/OvmfPkgIa32X64.dsc                    |  14 +-
>  OvmfPkg/OvmfPkgIa32X64.fdf                    |   8 +-
>  OvmfPkg/OvmfPkgX64.dsc                        |  29 +-
>  OvmfPkg/OvmfPkgX64.fdf                        |  11 +-
>  OvmfPkg/OvmfXen.dsc                           |   4 +-
>  OvmfPkg/OvmfXen.fdf                           |   2 +-
>  OvmfPkg/PlatformPei/Cmos.h                    |  48 -
>  OvmfPkg/PlatformPei/FeatureControl.c          |   7 +-
>  OvmfPkg/PlatformPei/IntelTdx.c                |  54 +
>  OvmfPkg/PlatformPei/MemDetect.c               | 669 +-----------
>  OvmfPkg/PlatformPei/Platform.c                | 522 ++--------
>  OvmfPkg/PlatformPei/Platform.h                |  55 +-
>  OvmfPkg/PlatformPei/PlatformPei.inf           |   7 +-
>  OvmfPkg/Sec/SecMain.c                         |  44 +-
>  OvmfPkg/Sec/SecMain.inf                       |   3 +
>  OvmfPkg/Sec/X64/SecEntry.nasm                 |  82 ++
>  OvmfPkg/TdxDxe/TdxAcpiTable.c                 | 213 ++++
>  OvmfPkg/TdxDxe/TdxAcpiTable.h                 |  60 ++
>  OvmfPkg/TdxDxe/TdxDxe.c                       | 261 +++++
>  OvmfPkg/TdxDxe/TdxDxe.inf                     |  64 ++
>  OvmfPkg/TdxDxe/X64/ApRunLoop.nasm             |  90 ++
>  UefiCpuPkg/CpuDxe/CpuDxe.inf                  |   1 +
>  UefiCpuPkg/CpuDxe/CpuPageTable.c              |   4 +
>  UefiCpuPkg/Include/Library/VmgExitLib.h       |  28 +
>  .../BaseXApicX2ApicLib/BaseXApicX2ApicLib.c   | 170 +++-
>  .../PeiDxeSmmCpuException.c                   |  17 +
>  .../SecPeiCpuException.c                      |  18 +
>  UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf |   3 +
>  UefiCpuPkg/Library/MpInitLib/DxeMpLib.c       |  15 +-
>  UefiCpuPkg/Library/MpInitLib/MpIntelTdx.h     |  71 ++
>  UefiCpuPkg/Library/MpInitLib/MpLib.c          |  27 +
>  UefiCpuPkg/Library/MpInitLib/MpLibTdx.c       | 128 +++
>  UefiCpuPkg/Library/MpInitLib/MpLibTdxNull.c   |  73 ++
>  UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf |   3 +
>  .../Library/VmgExitLibNull/VmTdExitNull.c     |  38 +
>  .../Library/VmgExitLibNull/VmgExitLibNull.inf |   1 +
>  116 files changed, 10233 insertions(+), 1327 deletions(-)
>  create mode 100644 MdePkg/Include/IndustryStandard/Tdx.h
>  create mode 100644 MdePkg/Include/Library/TdxLib.h
>  create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibFifo.c
>  create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibInternalTdx.c
>  create mode 100644
> MdePkg/Library/BaseIoLibIntrinsic/IoLibInternalTdxNull.c
>  create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibSev.h
>  create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibTdx.h
>  create mode 100644 MdePkg/Library/BaseLib/IntelTdxNull.c
>  create mode 100644 MdePkg/Library/BaseLib/X64/TdCall.nasm
>  create mode 100644 MdePkg/Library/BaseLib/X64/TdProbe.c
>  create mode 100644 MdePkg/Library/BaseLib/X64/TdVmcall.nasm
>  create mode 100644 MdePkg/Library/TdxLib/AcceptPages.c
>  create mode 100644 MdePkg/Library/TdxLib/Rtmr.c
>  create mode 100644 MdePkg/Library/TdxLib/TdInfo.c
>  create mode 100644 MdePkg/Library/TdxLib/TdxLib.inf
>  create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.c
>  create mode 100644 OvmfPkg/Include/IndustryStandard/IntelTdx.h
>  create mode 100644 OvmfPkg/Include/Library/MemEncryptTdxLib.h
>  create mode 100644 OvmfPkg/Include/Library/PlatformInitLib.h
>  create mode 100644 OvmfPkg/Include/Library/TdxMailboxLib.h
>  create mode 100644 OvmfPkg/Include/Protocol/QemuAcpiTableNotify.h
>  create mode 100644 OvmfPkg/Include/TdxCommondefs.inc
>  create mode 100644
> OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLib.inf
>  create mode 100644
> OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLibNull.inf
>  create mode 100644
> OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemoryEncryptionNull.c
>  create mode 100644
> OvmfPkg/Library/BaseMemEncryptTdxLib/MemoryEncryption.c
>  create mode 100644
> OvmfPkg/Library/BaseMemEncryptTdxLib/VirtualMemory.h
>  rename OvmfPkg/{PlatformPei => Library/PlatformInitLib}/Cmos.c (61%)
>  create mode 100644 OvmfPkg/Library/PlatformInitLib/IntelTdx.c
>  create mode 100644 OvmfPkg/Library/PlatformInitLib/IntelTdxNull.c
>  create mode 100644 OvmfPkg/Library/PlatformInitLib/MemDetect.c
>  create mode 100644 OvmfPkg/Library/PlatformInitLib/Platform.c
>  create mode 100644 OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
>  create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailbox.c
>  create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf
>  create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailboxNull.c
>  create mode 100644 OvmfPkg/Library/VmgExitLib/VmTdExitHandler.h
>  create mode 100644 OvmfPkg/Library/VmgExitLib/VmTdExitVeHandler.c
>  create mode 100644 OvmfPkg/Library/VmgExitLib/X64/TdVmcallCpuid.nasm
>  rename OvmfPkg/{XenTimerDxe/XenTimerDxe.c =>
> LocalApicTimerDxe/LocalApicTimerDxe.c} (95%)
>  rename OvmfPkg/{XenTimerDxe/XenTimerDxe.h =>
> LocalApicTimerDxe/LocalApicTimerDxe.h} (96%)
>  rename OvmfPkg/{XenTimerDxe/XenTimerDxe.inf =>
> LocalApicTimerDxe/LocalApicTimerDxe.inf} (80%)
>  delete mode 100644 OvmfPkg/PlatformPei/Cmos.h
>  create mode 100644 OvmfPkg/PlatformPei/IntelTdx.c
>  create mode 100644 OvmfPkg/TdxDxe/TdxAcpiTable.c
>  create mode 100644 OvmfPkg/TdxDxe/TdxAcpiTable.h
>  create mode 100644 OvmfPkg/TdxDxe/TdxDxe.c
>  create mode 100644 OvmfPkg/TdxDxe/TdxDxe.inf
>  create mode 100644 OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
>  create mode 100644 UefiCpuPkg/Library/MpInitLib/MpIntelTdx.h
>  create mode 100644 UefiCpuPkg/Library/MpInitLib/MpLibTdx.c
>  create mode 100644 UefiCpuPkg/Library/MpInitLib/MpLibTdxNull.c
>  create mode 100644 UefiCpuPkg/Library/VmgExitLibNull/VmTdExitNull.c
> 
> --
> 2.29.2.windows.2
> 
> 
> 
> 
> 





-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#87118): https://edk2.groups.io/g/devel/message/87118
Mute This Topic: https://groups.io/mt/89467420/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

On March 1, 2022 10:20 AM, Gao Liming wrote:
> 
> Min:
>   I have two comments in MdePkg. The changes in MdeModulePkg are good
> to me.
> 1. Seemly, new APIs (TdCall, TdVmCall, TdIsEnabled) in BaseLib are X86
> specific. How about define them in #if defined (MDE_CPU_IA32) || defined
> (MDE_CPU_X64) in BaseLib.h?
Sure. It will be updated in the next version.

> 2. I don't find new resource attribute EFI_RESOURCE_ATTRIBUTE_ENCRYPTED
> in the latest PI PI_Spec_1_7_A_final_May1.pdf. Can you let me know which
> spec defines it?
EFI_RESOURCE_ATTRIBUTE_ENCRYPTED is deprecated. According to [TDVF] Table 7-1 private memory is distinguished with Unaccepted Memory by ResourceType (Private Mem is EFI_RESOURCE_SYSTEM_MEMORY, Unaccepted Mem is EFI_RESOURCE_MEMORY_UNACCEPTED).  There is a PR about EFI_RESOURCE_MEMORY_UNACCEPTED and the PR is approved. https://github.com/microsoft/mu_basecore/pull/66 
So in the next version EFI_RESOURCE_ATTRIBUTE_ENCRYPTED will be deleted.

Thanks
Min


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#87120): https://edk2.groups.io/g/devel/message/87120
Mute This Topic: https://groups.io/mt/89470838/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Just to clarify below:

#define EFI_RESOURCE_MEMORY_UNACCEPTED      0x00000007

This is proposed in https://github.com/microsoft/mu_basecore/pull/66/files#diff-b20a11152d1ce9249c691be5690b4baf52069efadf2e2546cdd2eb663d80c9e4R237, according to UEFI-Code-First.

The proposal was approved in 2021 in UEFI Mantis, and will be added to the new PI.next specification.

Thank you
Yao Jiewen


> -----Original Message-----
> From: Xu, Min M <min.m.xu@intel.com>
> Sent: Tuesday, March 1, 2022 2:40 PM
> To: devel@edk2.groups.io; Gao, Liming <gaoliming@byosoft.com.cn>
> Cc: 'Brijesh Singh' <brijesh.singh@amd.com>; Dong, Eric <eric.dong@intel.com>;
> Aktas, Erdem <erdemaktas@google.com>; Wu, Hao A <hao.a.wu@intel.com>;
> Wang, Jian J <jian.j.wang@intel.com>; 'James Bottomley' <jejb@linux.ibm.com>;
> Yao, Jiewen <jiewen.yao@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Ni, Ray <ray.ni@intel.com>; Kumar, Rahul1
> <rahul1.kumar@intel.com>; 'Tom Lendacky' <thomas.lendacky@amd.com>; Liu,
> Zhiguang <zhiguang.liu@intel.com>; 'Gerd Hoffmann' <kraxel@redhat.com>
> Subject: RE: [edk2-devel] [PATCH V7 00/37] Enable Intel TDX in OvmfPkg
> (Config-A)
> 
> On March 1, 2022 10:20 AM, Gao Liming wrote:
> >
> > Min:
> >   I have two comments in MdePkg. The changes in MdeModulePkg are good
> > to me.
> > 1. Seemly, new APIs (TdCall, TdVmCall, TdIsEnabled) in BaseLib are X86
> > specific. How about define them in #if defined (MDE_CPU_IA32) || defined
> > (MDE_CPU_X64) in BaseLib.h?
> Sure. It will be updated in the next version.
> 
> > 2. I don't find new resource attribute EFI_RESOURCE_ATTRIBUTE_ENCRYPTED
> > in the latest PI PI_Spec_1_7_A_final_May1.pdf. Can you let me know which
> > spec defines it?
> EFI_RESOURCE_ATTRIBUTE_ENCRYPTED is deprecated. According to [TDVF]
> Table 7-1 private memory is distinguished with Unaccepted Memory by
> ResourceType (Private Mem is EFI_RESOURCE_SYSTEM_MEMORY, Unaccepted
> Mem is EFI_RESOURCE_MEMORY_UNACCEPTED).  There is a PR about
> EFI_RESOURCE_MEMORY_UNACCEPTED and the PR is approved.
> https://github.com/microsoft/mu_basecore/pull/66
> So in the next version EFI_RESOURCE_ATTRIBUTE_ENCRYPTED will be deleted.
> 
> Thanks
> Min


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#87122): https://edk2.groups.io/g/devel/message/87122
Mute This Topic: https://groups.io/mt/89470838/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Hi, Lingming
Besides below 2 comments in MdePkg, what's your opinion about below patches in MdePkg?
Patch 01  includes the Intel Trust Domain Extension definitions.
Patch 07-10 is about the BaseIoLibIntrinsic
Patch 12 add macros CC_GUEST_IS_SEV / CC_GUEST_IS_TDX to check SEV / TDX guest.

I am looking forward your comments about Patch 07 - 10.

01-MdePkg-Add-Tdx.h.patch	
  - https://edk2.groups.io/g/devel/message/87049
03-MdePkg-Add-TdxLib-to-wrap-Tdx-operations.patch
  - https://edk2.groups.io/g/devel/message/87051

07-MdePkg-Add-helper-functions-for-Tdx-guest-in-BaseIoL.patch
  - https://edk2.groups.io/g/devel/message/87055
08-MdePkg-Support-mmio-for-Tdx-guest-in-BaseIoLibIntrin.patch
  - https://edk2.groups.io/g/devel/message/87056
09-MdePkg-Support-IoFifo-for-Tdx-guest-in-BaseIoLibIntr.patch
  - https://edk2.groups.io/g/devel/message/87057
10-MdePkg-Support-IoRead-IoWrite-for-Tdx-guest-in-BaseI.patch
  - https://edk2.groups.io/g/devel/message/87058

12-MdePkg-Add-macro-to-check-SEV-TDX-guest.patch
  - https://edk2.groups.io/g/devel/message/87060

Thanks much!

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of gaoliming
> Sent: Tuesday, March 1, 2022 10:20 AM
> To: devel@edk2.groups.io; Xu, Min M <min.m.xu@intel.com>
> Cc: 'Brijesh Singh' <brijesh.singh@amd.com>; Dong, Eric
> <eric.dong@intel.com>; Aktas, Erdem <erdemaktas@google.com>; Wu, Hao A
> <hao.a.wu@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; 'James
> Bottomley' <jejb@linux.ibm.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Kinney, Michael D <michael.d.kinney@intel.com>; Ni, Ray <ray.ni@intel.com>;
> Kumar, Rahul1 <rahul1.kumar@intel.com>; 'Tom Lendacky'
> <thomas.lendacky@amd.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; 'Gerd
> Hoffmann' <kraxel@redhat.com>
> Subject: 回复: [edk2-devel] [PATCH V7 00/37] Enable Intel TDX in OvmfPkg
> (Config-A)
> 
> Min:
>   I have two comments in MdePkg. The changes in MdeModulePkg are good to
> me.
> 1. Seemly, new APIs (TdCall, TdVmCall, TdIsEnabled) in BaseLib are X86 specific.
> How about define them in #if defined (MDE_CPU_IA32) || defined
> (MDE_CPU_X64) in BaseLib.h?
> 2. I don't find new resource attribute EFI_RESOURCE_ATTRIBUTE_ENCRYPTED in
> the latest PI PI_Spec_1_7_A_final_May1.pdf. Can you let me know which spec
> defines it?
> 
> Thanks
> Liming
> > -----邮件原件-----
> > 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Min Xu
> > 发送时间: 2022年2月28日 15:21
> > 收件人: devel@edk2.groups.io
> > 抄送: Min Xu <min.m.xu@intel.com>; Brijesh Singh
> > <brijesh.singh@amd.com>; Eric Dong <eric.dong@intel.com>; Erdem Aktas
> > <erdemaktas@google.com>; Hao A Wu <hao.a.wu@intel.com>; Jian J Wang
> > <jian.j.wang@intel.com>; James Bottomley <jejb@linux.ibm.com>; Jiewen
> > Yao <jiewen.yao@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>;
> > Michael D Kinney <michael.d.kinney@intel.com>; Ray Ni
> > <ray.ni@intel.com>; Rahul Kumar <rahul1.kumar@intel.com>; Tom Lendacky
> > <thomas.lendacky@amd.com>; Zhiguang Liu <zhiguang.liu@intel.com>; Gerd
> > Hoffmann <kraxel@redhat.com>
> > 主题: [edk2-devel] [PATCH V7 00/37] Enable Intel TDX in OvmfPkg
> > (Config-A)
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3249
> >
> > Intel's Trust Domain Extensions (Intel TDX) refers to an Intel
> > technology that extends Virtual Machines Extensions (VMX) and
> > Multi-Key Total Memory Encryption (MKTME) with a new kind of virutal
> > machines guest called a Trust Domain (TD). A TD is desinged to run in
> > a CPU mode that protects the confidentiality of TD memory contents and
> > the TD's CPU state from other software, including the hosting
> > Virtual-Machine Monitor (VMM), unless explicitly shared by the TD itself.
> >
> > There are 2 configurations for TDVF to upstream. See below link for
> > the definitions of the 2 configurations.
> > https://edk2.groups.io/g/devel/message/76367
> >
> > This patch-set is to enable Config-A in OvmfPkg.
> >  - Merge the *basic* TDVF feature to existing OvmfX64Pkg.dsc. (Align
> >    with existing SEV)
> >  - Threat model: VMM is NOT out of TCB. (We don’t make things worse.)
> >  - The OvmfX64Pkg.dsc includes SEV/TDX/normal OVMF basic boot capability.
> >    The final binary can run on SEV/TDX/normal OVMF
> >  - No changes to existing OvmfPkgX64 image layout.
> >  - No need to add additional security features if they do not exist
> > today
> >  - No need to remove features if they exist today.
> >  - RTMR is not supported
> >  - PEI phase is NOT skipped in either Td or Non-Td
> >
> > Patch 01 - 23 are changes in SEC phase. Also some libraries in these
> > patches are workable in SEC/PEI/DXE.
> >
> > Patch 17 - 20 extract the common codes from OvmfPkg/PlatformPei to a
> > new PlatformInitLib. Then OvmfPkg/PlatformPei is refactored with this lib.
> > This is because there are 3 variants of PlatformPei in OvmfPkg and
> > hence many codes are duplicated.
> > Patch 21 then add Tdx specific codes in PlatformInitLib.
> >
> > Patch 24 - 29 are changes in PEI phase.
> >
> > Patch 30 - 34 are changes in DXE phase.
> >
> > Patch 35 - 37 are for local Apic timer DXE driver.
> >
> > [TDX]: https://software.intel.com/content/dam/develop/external/us/en/
> > documents/tdx-whitepaper-final9-17.pdf
> >
> > [TDX-Module]: https://software.intel.com/content/dam/develop/external/
> > us/en/documents/tdx-module-1.0-public-spec-v0.931.pdf
> >
> > [TDVF]: https://software.intel.com/content/dam/develop/external/us/en/
> > documents/tdx-virtual-firmware-design-guide-rev-1.pdf
> >
> > [GCHI]: https://software.intel.com/content/dam/develop/external/us/en/
> > documents/intel-tdx-guest-hypervisor-communication-interface-1.0-34442
> > 6-
> > 002.pdf
> >
> > Code is at https://github.com/mxu9/edk2/tree/tdvf_wave2.v7
> >
> > v7 changes:
> >  - Based on the comments from last review, 8 PlatformInitLib patches
> >    are squashed into 4 patches (#17-#20). These 4 patches are not
> >    related to Tdx guest. Tdx related codes of PlatformInitLib is
> >    in #21.
> >  - gUefiOvmfPkgTdxPlatformGuid is renamed as
> > gUefiOvmfPkgPlatformInfoGuid.
> >    Because this GUID is used not only by Tdx guest, but also by
> >    Legacy guest.
> >  - PlatformInitLibNull is deleted.
> >  - In PlatformPei Pml4Entries is cap at 512 entries when
> >    mPhysMemAddressWidth > 48.
> >
> > v7 not-addressed comments
> >  - Comments in MpInitLib have not been addressed yet. It will be
> >    addressed in the following version.
> >  - Thanks much for your understanding.
> >
> > v6 changes:
> >  - PlatformInitLib and OvmfPkg/PlatformPei refactoring are covered in
> >    patch from 17 - 24. These patches are not related to Tdx guest. Tdx
> >    related codes of PlatformInitLib is in patch 25.
> >  - In the previous patch-sets, TdHob is processed in
> >    OvmfPkg/Sec/IntelTdx.c. Per Gerd's suggestion they are now moved
> >    to PlatformInitLib/IntelTdx.c. So that they can be reused in Config-B.
> >  - The default Accept page size is changed from 4K to 2M.
> >  - The BspAcceptMemoryResourceRange is refactored according to Gerd's
> >    comment.
> >  - In ApRunLoop.nasm command field is set to zero as acknowledgement.
> >    This is a fix based on the ACPI Spec v6.4,Sec titled "Multiprocessor
> >    Wakeup Structure".
> >
> > v6 not-addressed comments
> >  - Comments in MpInitLib have not been addressed yet. It will be
> >    addressed in the following version.
> >  - Thanks much for your understanding.
> >
> > v5 changes:
> >  - PlatformInitLib is introduced which wraps the common functions in
> >    OvmfPkg/PlatformPei. It is because there are a lot of duplicated
> >    codes for Platform initialization in PEI phase and there are at least
> >    3 variants of PlatformPei. Another reason is that in TDVF Config-B
> >    PEI-less boot needs the similar initiliazation as PlatformPei. Based
> >    on the discussion with the community, PlatformInitLib is introduced.
> >    As the first stage OvmfPkg/PlatformPei is refactored with this lib.
> >    In the future the other 2 PlatformPei variants will be refactored
> >    as well.
> >  - PcdIgnoreVeHalt is deprecated.
> >  - Add spec link for Mailbox.
> >  - Other minor changes, such as comments, uncrustify formats, etc.
> >
> > v5 not-addressed comments
> >  - Comments in MpInitLib have not been addressed yet. It will be
> >    addressed in the following version.
> >  - Some comments may be missed. I will re-visit the review emails.
> >  - Thanks much for your understanding.
> >
> > v4 changes:
> >  - Split the TdxLib into 2 libraries. The TDX basic functions
> >    (TdCall / TdVmCall / TdIsEnabled) are moved to BaseLib (#2).
> >    The other functions are in TdxLib. (#3)
> >  - Based on above changes (TdCall/TdVmCall/TdIsEnabled in BaseLib)
> >    the TdxLib.inf is not necessary in some Pkgs, such as
> >    UefiPayloadPkg. The duplicated source code are deleted (BaseIoLib
> >    is the sample).
> >  - Drop the Accepting pages with TDX MP service. Instead only BSP
> >    accepts pages. There maybe boot performance issue. There are some
> >    mitigations to it, such as 2M accept page size, lazy accept, etc.
> >    We will re-visit this issue in a separate patch-set.
> >  - Relocate Mailbox in TdxDxe driver instead of in PlatformPei. This
> >    is to keep consistence with Config-B (PEI is skipped in Config-B).
> >  - SetMmioSharedBit in TdxDxe driver instead of in DxeIplPeim after
> >    CreateIdentityMappingPageTables. This is to keep consistence with
> >    Config-B (PEI is skipped in Config-B).
> >  - Some other minor changes, such as switch-case indention.
> >  - Rebase the code base (commit: 8c06c53b585a) and update the code with
> >    uncrustify.
> >
> > v4 not-addressed comments:
> >  - Comments in MpInitLib have not been addressed yet. It will be
> >    addressed in the next version.
> >  - BaseMemEncryptTdxLib is suggested to be merged with
> >    BaseMemEncryptSevLib. It will be addressed in the next version.
> >  - Gerd suggests a generic page table walker which is able to set
> >    and clear bits for a given memory range in both SEV and TDX guest.
> >    This suggestion will be addressed in the next version.
> >  - Some comments may be missed. I will re-visit the review emails.
> >  - Thanks much for your understanding.
> >
> > v3 changes:
> >  - LocalApicTimerDxe is split out to be a separate patch-series.
> >  - VmTdExitLibNull/VmgExitLib are removed. Instead the VmgExitLib
> >    is extended to handle #VE exception. (Patch 3-5)
> >  - Split the Tdx support of base IoLib into 4 commits. (Patch 6-9)
> >  - Alter of MADT table is updated. In previous version it was
> >    created from scratch. Now it gets the installed table, copy
> >    it to a larger buffer and append the ACPI_MADT_MPWK to it.
> >    (Patch 25)
> >  - Changes in BaseXApicX2ApicLib is refined based on the
> >    feedbacks. (Add spec link of MSR access definition, rename
> >    some funtion name, etc.) (Patch 11)
> >  - Use PcdConfidentialComputingGuestAttr to probe TDX guest instead
> >    of CPUID. But in some cases PcdConfidentialComputingGuestAttr
> >    cannot be used because it has not been set yet.
> >  - Some other minor changes.
> >
> > v3 not-addressed comments:
> >  - Some of the comments have not been addressed. This is because I
> >    need more time to consider how to address these comments.
> >    At the same time I want to submit a new version based on the above
> >    changes so that community can review in a more efficient way.
> >    (v2 is the version one month ago).
> >  - Comments in MpInitLib have not been addressed yet. It will be
> >    addressed in v4.
> >  - BaseMemEncryptTdxLib should be merged with BaseMemEncryptSevLib.
> >    It will be addressed in v4.
> >  - Some comments may be missed. I will re-visit the review emails.
> >  - Thanks much for your understanding.
> >
> > v2 changes:
> >  - Remove TdxProbeLib. It is to reduce the depencies of the lib.
> >  - In v1 a new function (AllocatePagesWithMemoryType) is added in
> >    PeiMemoryAllocationLib. This function is not necessary. It can
> >    be replaced by PeiServicesAllocatePages.
> >  - IoLibFifo.c is added in BaseIoLibIntrinsic. This file includes
> >    the functions of read/write of I/O  port fifo. These functions
> >    will call TdIoReadFifo or SevIoReadFifo by checking TDX or SEV
> >    in run-time.
> >  - DXE related patches are added. (Patch 22-28)
> >  - Fix typo in commit/comment message, or some minor changes.
> >  - Rebase the edk2 code base. (4cc1458dbe00)
> >
> > Cc: Brijesh Singh <brijesh.singh@amd.com>
> > Cc: Eric Dong <eric.dong@intel.com>
> > Cc: Erdem Aktas <erdemaktas@google.com>
> > Cc: Hao A Wu <hao.a.wu@intel.com>
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: James Bottomley <jejb@linux.ibm.com>
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Liming Gao <gaoliming@byosoft.com.cn>
> > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > Cc: Ray Ni <ray.ni@intel.com>
> > Cc: Rahul Kumar <rahul1.kumar@intel.com>
> > Cc: Tom Lendacky <thomas.lendacky@amd.com>
> > Cc: Zhiguang Liu <zhiguang.liu@intel.com>
> > Cc: Gerd Hoffmann <kraxel@redhat.com>
> > Signed-off-by: Min Xu <min.m.xu@intel.com>
> >
> > Min Xu (37):
> >   MdePkg: Add Tdx.h
> >   MdePkg: Introduce basic Tdx functions in BaseLib
> >   MdePkg: Add TdxLib to wrap Tdx operations
> >   UefiCpuPkg: Extend VmgExitLibNull to handle #VE exception
> >   OvmfPkg: Extend VmgExitLib to handle #VE exception
> >   UefiCpuPkg/CpuExceptionHandler: Add base support for the #VE exception
> >   MdePkg: Add helper functions for Tdx guest in BaseIoLibIntrinsic
> >   MdePkg: Support mmio for Tdx guest in BaseIoLibIntrinsic
> >   MdePkg: Support IoFifo for Tdx guest in BaseIoLibIntrinsic
> >   MdePkg: Support IoRead/IoWrite for Tdx guest in BaseIoLibIntrinsic
> >   UefiCpuPkg: Support TDX in BaseXApicX2ApicLib
> >   MdePkg: Add macro to check SEV / TDX guest
> >   UefiCpuPkg: Enable Tdx support in MpInitLib
> >   OvmfPkg: Add IntelTdx.h in OvmfPkg/Include/IndustryStandard
> >   OvmfPkg: Add TdxMailboxLib
> >   MdePkg: Add EFI_RESOURCE_ATTRIBUTE_ENCRYPTED in PiHob.h
> >   OvmfPkg: Create initial version of PlatformInitLib
> >   OvmfPkg/PlatformInitLib: Add hob functions
> >   OvmfPkg/PlatformInitLib: Add memory functions
> >   OvmfPkg/PlatformInitLib: Add platform functions
> >   OvmfPkg: Update PlatformInitLib to process Tdx hoblist
> >   OvmfPkg/Sec: Declare local variable as volatile in
> >     SecCoreStartupWithStack
> >   OvmfPkg: Update Sec to support Tdx
> >   OvmfPkg: Check Tdx in QemuFwCfgPei to avoid DMA operation
> >   MdeModulePkg: EFER should not be changed in TDX
> >   MdeModulePkg: Add PcdTdxSharedBitMask
> >   UefiCpuPkg: Update AddressEncMask in CpuPageTable
> >   OvmfPkg: Update PlatformInitLib for Tdx guest to publish ram regions
> >   OvmfPkg: Update PlatformPei to support Tdx guest
> >   OvmfPkg: Update AcpiPlatformDxe to alter MADT table
> >   OvmfPkg/BaseMemEncryptTdxLib: Add TDX helper library
> >   OvmfPkg: Add TdxDxe driver
> >   OvmfPkg/QemuFwCfgLib: Support Tdx in QemuFwCfgDxe
> >   OvmfPkg: Update IoMmuDxe to support TDX
> >   OvmfPkg: Rename XenTimerDxe to LocalApicTimerDxe
> >   UefiCpuPkg: Setting initial-count register as the last step
> >   OvmfPkg: Switch timer in build time for OvmfPkg
> >
> >  MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf       |   1 +
> >  .../Core/DxeIplPeim/X64/VirtualMemory.c       |   7 +
> >  MdeModulePkg/MdeModulePkg.dec                 |   9 +
> >  .../Include/ConfidentialComputingGuestAttr.h  |   3 +
> >  MdePkg/Include/IndustryStandard/Tdx.h         | 203 ++++
> >  MdePkg/Include/Library/BaseLib.h              |  62 ++
> >  MdePkg/Include/Library/TdxLib.h               |  97 ++
> >  MdePkg/Include/Pi/PiHob.h                     |   8 +
> >  .../BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf |   2 +
> >  .../BaseIoLibIntrinsicSev.inf                 |   7 +
> >  MdePkg/Library/BaseIoLibIntrinsic/IoLib.c     |  81 +-
> >  MdePkg/Library/BaseIoLibIntrinsic/IoLibFifo.c | 216 ++++
> > MdePkg/Library/BaseIoLibIntrinsic/IoLibGcc.c  |  51 +-
> >  .../BaseIoLibIntrinsic/IoLibInternalTdx.c     | 675 +++++++++++++
> >  .../BaseIoLibIntrinsic/IoLibInternalTdxNull.c | 497 +++++++++
> > MdePkg/Library/BaseIoLibIntrinsic/IoLibMsc.c  |  73 +-
> > MdePkg/Library/BaseIoLibIntrinsic/IoLibSev.h  | 166 +++
> > MdePkg/Library/BaseIoLibIntrinsic/IoLibTdx.h  | 410 ++++++++
> >  .../BaseIoLibIntrinsic/X64/IoFifoSev.nasm     |  34 +-
> >  MdePkg/Library/BaseLib/BaseLib.inf            |  11 +
> >  MdePkg/Library/BaseLib/IntelTdxNull.c         |  83 ++
> >  MdePkg/Library/BaseLib/X64/TdCall.nasm        |  85 ++
> >  MdePkg/Library/BaseLib/X64/TdProbe.c          |  62 ++
> >  MdePkg/Library/BaseLib/X64/TdVmcall.nasm      | 145 +++
> >  MdePkg/Library/TdxLib/AcceptPages.c           | 180 ++++
> >  MdePkg/Library/TdxLib/Rtmr.c                  |  83 ++
> >  MdePkg/Library/TdxLib/TdInfo.c                | 114 +++
> >  MdePkg/Library/TdxLib/TdxLib.inf              |  37 +
> >  MdePkg/Library/TdxLib/TdxLibNull.c            | 107 ++
> >  MdePkg/MdePkg.dec                             |   3 +
> >  MdePkg/MdePkg.dsc                             |   1 +
> >  OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf   |   1 +
> >  OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpi.c       |  14 +-
> >  OvmfPkg/AmdSev/AmdSevX64.dsc                  |   8 +-
> >  OvmfPkg/AmdSev/AmdSevX64.fdf                  |   3 +-
> >  OvmfPkg/Bhyve/BhyveX64.dsc                    |   2 +
> >  OvmfPkg/CloudHv/CloudHvX64.dsc                |   5 +-
> >  OvmfPkg/CloudHv/CloudHvX64.fdf                |   2 +-
> >  OvmfPkg/Include/IndustryStandard/IntelTdx.h   |  67 ++
> >  OvmfPkg/Include/Library/MemEncryptTdxLib.h    |  81 ++
> >  OvmfPkg/Include/Library/PlatformInitLib.h     | 286 ++++++
> >  OvmfPkg/Include/Library/TdxMailboxLib.h       |  76 ++
> >  .../Include/Protocol/QemuAcpiTableNotify.h    |  27 +
> >  OvmfPkg/Include/TdxCommondefs.inc             |  51 +
> >  OvmfPkg/IoMmuDxe/AmdSevIoMmu.c                | 103 +-
> >  OvmfPkg/IoMmuDxe/AmdSevIoMmu.h                |   6 +-
> >  OvmfPkg/IoMmuDxe/IoMmuDxe.c                   |   6 +-
> >  OvmfPkg/IoMmuDxe/IoMmuDxe.inf                 |   5 +
> >  .../BaseMemEncryptTdxLib.inf                  |  44 +
> >  .../BaseMemEncryptTdxLibNull.inf              |  35 +
> >  .../BaseMemoryEncryptionNull.c                |  90 ++
> >  .../BaseMemEncryptTdxLib/MemoryEncryption.c   | 948
> > ++++++++++++++++++
> >  .../BaseMemEncryptTdxLib/VirtualMemory.h      | 181 ++++
> >  .../PlatformInitLib}/Cmos.c                   |  32 +-
> >  OvmfPkg/Library/PlatformInitLib/IntelTdx.c    | 553 ++++++++++
> >  .../Library/PlatformInitLib/IntelTdxNull.c    |  46 +
> >  OvmfPkg/Library/PlatformInitLib/MemDetect.c   | 707 +++++++++++++
> >  OvmfPkg/Library/PlatformInitLib/Platform.c    | 597 +++++++++++
> >  .../PlatformInitLib/PlatformInitLib.inf       |  94 ++
> >  OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c   |   9 +-
> >  .../Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf  |   1 +
> >  .../QemuFwCfgLib/QemuFwCfgLibInternal.h       |  11 +
> >  OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c   |  32 +
> >  .../Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf  |   2 +
> >  OvmfPkg/Library/TdxMailboxLib/TdxMailbox.c    | 140 +++
> >  .../Library/TdxMailboxLib/TdxMailboxLib.inf   |  52 +
> >  .../Library/TdxMailboxLib/TdxMailboxNull.c    |  85 ++
> >  OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf  |   3 +-
> >  OvmfPkg/Library/VmgExitLib/VmTdExitHandler.h  |  32 +
> >  .../Library/VmgExitLib/VmTdExitVeHandler.c    | 559 +++++++++++
> >  OvmfPkg/Library/VmgExitLib/VmgExitLib.inf     |   2 +
> >  .../Library/VmgExitLib/X64/TdVmcallCpuid.nasm | 146 +++
> >  .../LocalApicTimerDxe.c}                      |   4 +-
> >  .../LocalApicTimerDxe.h}                      |   4 +-
> >  .../LocalApicTimerDxe.inf}                    |   7 +-
> >  OvmfPkg/Microvm/MicrovmX64.dsc                |   5 +-
> >  OvmfPkg/Microvm/MicrovmX64.fdf                |   2 +-
> >  OvmfPkg/OvmfPkg.dec                           |  17 +
> >  OvmfPkg/OvmfPkgIa32.dsc                       |  12 +-
> >  OvmfPkg/OvmfPkgIa32.fdf                       |   8 +-
> >  OvmfPkg/OvmfPkgIa32X64.dsc                    |  14 +-
> >  OvmfPkg/OvmfPkgIa32X64.fdf                    |   8 +-
> >  OvmfPkg/OvmfPkgX64.dsc                        |  29 +-
> >  OvmfPkg/OvmfPkgX64.fdf                        |  11 +-
> >  OvmfPkg/OvmfXen.dsc                           |   4 +-
> >  OvmfPkg/OvmfXen.fdf                           |   2 +-
> >  OvmfPkg/PlatformPei/Cmos.h                    |  48 -
> >  OvmfPkg/PlatformPei/FeatureControl.c          |   7 +-
> >  OvmfPkg/PlatformPei/IntelTdx.c                |  54 +
> >  OvmfPkg/PlatformPei/MemDetect.c               | 669 +-----------
> >  OvmfPkg/PlatformPei/Platform.c                | 522 ++--------
> >  OvmfPkg/PlatformPei/Platform.h                |  55 +-
> >  OvmfPkg/PlatformPei/PlatformPei.inf           |   7 +-
> >  OvmfPkg/Sec/SecMain.c                         |  44 +-
> >  OvmfPkg/Sec/SecMain.inf                       |   3 +
> >  OvmfPkg/Sec/X64/SecEntry.nasm                 |  82 ++
> >  OvmfPkg/TdxDxe/TdxAcpiTable.c                 | 213 ++++
> >  OvmfPkg/TdxDxe/TdxAcpiTable.h                 |  60 ++
> >  OvmfPkg/TdxDxe/TdxDxe.c                       | 261 +++++
> >  OvmfPkg/TdxDxe/TdxDxe.inf                     |  64 ++
> >  OvmfPkg/TdxDxe/X64/ApRunLoop.nasm             |  90 ++
> >  UefiCpuPkg/CpuDxe/CpuDxe.inf                  |   1 +
> >  UefiCpuPkg/CpuDxe/CpuPageTable.c              |   4 +
> >  UefiCpuPkg/Include/Library/VmgExitLib.h       |  28 +
> >  .../BaseXApicX2ApicLib/BaseXApicX2ApicLib.c   | 170 +++-
> >  .../PeiDxeSmmCpuException.c                   |  17 +
> >  .../SecPeiCpuException.c                      |  18 +
> >  UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf |   3 +
> >  UefiCpuPkg/Library/MpInitLib/DxeMpLib.c       |  15 +-
> >  UefiCpuPkg/Library/MpInitLib/MpIntelTdx.h     |  71 ++
> >  UefiCpuPkg/Library/MpInitLib/MpLib.c          |  27 +
> >  UefiCpuPkg/Library/MpInitLib/MpLibTdx.c       | 128 +++
> >  UefiCpuPkg/Library/MpInitLib/MpLibTdxNull.c   |  73 ++
> >  UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf |   3 +
> >  .../Library/VmgExitLibNull/VmTdExitNull.c     |  38 +
> >  .../Library/VmgExitLibNull/VmgExitLibNull.inf |   1 +
> >  116 files changed, 10233 insertions(+), 1327 deletions(-)  create
> > mode 100644 MdePkg/Include/IndustryStandard/Tdx.h
> >  create mode 100644 MdePkg/Include/Library/TdxLib.h  create mode
> > 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibFifo.c
> >  create mode 100644
> > MdePkg/Library/BaseIoLibIntrinsic/IoLibInternalTdx.c
> >  create mode 100644
> > MdePkg/Library/BaseIoLibIntrinsic/IoLibInternalTdxNull.c
> >  create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibSev.h
> >  create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibTdx.h
> >  create mode 100644 MdePkg/Library/BaseLib/IntelTdxNull.c
> >  create mode 100644 MdePkg/Library/BaseLib/X64/TdCall.nasm
> >  create mode 100644 MdePkg/Library/BaseLib/X64/TdProbe.c
> >  create mode 100644 MdePkg/Library/BaseLib/X64/TdVmcall.nasm
> >  create mode 100644 MdePkg/Library/TdxLib/AcceptPages.c
> >  create mode 100644 MdePkg/Library/TdxLib/Rtmr.c  create mode 100644
> > MdePkg/Library/TdxLib/TdInfo.c  create mode 100644
> > MdePkg/Library/TdxLib/TdxLib.inf  create mode 100644
> > MdePkg/Library/TdxLib/TdxLibNull.c
> >  create mode 100644 OvmfPkg/Include/IndustryStandard/IntelTdx.h
> >  create mode 100644 OvmfPkg/Include/Library/MemEncryptTdxLib.h
> >  create mode 100644 OvmfPkg/Include/Library/PlatformInitLib.h
> >  create mode 100644 OvmfPkg/Include/Library/TdxMailboxLib.h
> >  create mode 100644 OvmfPkg/Include/Protocol/QemuAcpiTableNotify.h
> >  create mode 100644 OvmfPkg/Include/TdxCommondefs.inc  create mode
> > 100644
> OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLib.inf
> >  create mode 100644
> > OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLibNull.inf
> >  create mode 100644
> > OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemoryEncryptionNull.c
> >  create mode 100644
> > OvmfPkg/Library/BaseMemEncryptTdxLib/MemoryEncryption.c
> >  create mode 100644
> > OvmfPkg/Library/BaseMemEncryptTdxLib/VirtualMemory.h
> >  rename OvmfPkg/{PlatformPei => Library/PlatformInitLib}/Cmos.c (61%)
> > create mode 100644 OvmfPkg/Library/PlatformInitLib/IntelTdx.c
> >  create mode 100644 OvmfPkg/Library/PlatformInitLib/IntelTdxNull.c
> >  create mode 100644 OvmfPkg/Library/PlatformInitLib/MemDetect.c
> >  create mode 100644 OvmfPkg/Library/PlatformInitLib/Platform.c
> >  create mode 100644
> > OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
> >  create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailbox.c
> >  create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf
> >  create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailboxNull.c
> >  create mode 100644 OvmfPkg/Library/VmgExitLib/VmTdExitHandler.h
> >  create mode 100644 OvmfPkg/Library/VmgExitLib/VmTdExitVeHandler.c
> >  create mode 100644 OvmfPkg/Library/VmgExitLib/X64/TdVmcallCpuid.nasm
> >  rename OvmfPkg/{XenTimerDxe/XenTimerDxe.c =>
> > LocalApicTimerDxe/LocalApicTimerDxe.c} (95%)  rename
> > OvmfPkg/{XenTimerDxe/XenTimerDxe.h =>
> > LocalApicTimerDxe/LocalApicTimerDxe.h} (96%)  rename
> > OvmfPkg/{XenTimerDxe/XenTimerDxe.inf =>
> > LocalApicTimerDxe/LocalApicTimerDxe.inf} (80%)  delete mode 100644
> > OvmfPkg/PlatformPei/Cmos.h  create mode 100644
> > OvmfPkg/PlatformPei/IntelTdx.c  create mode 100644
> > OvmfPkg/TdxDxe/TdxAcpiTable.c  create mode 100644
> > OvmfPkg/TdxDxe/TdxAcpiTable.h  create mode 100644
> > OvmfPkg/TdxDxe/TdxDxe.c  create mode 100644
> OvmfPkg/TdxDxe/TdxDxe.inf
> > create mode 100644 OvmfPkg/TdxDxe/X64/ApRunLoop.nasm  create mode
> > 100644 UefiCpuPkg/Library/MpInitLib/MpIntelTdx.h
> >  create mode 100644 UefiCpuPkg/Library/MpInitLib/MpLibTdx.c
> >  create mode 100644 UefiCpuPkg/Library/MpInitLib/MpLibTdxNull.c
> >  create mode 100644 UefiCpuPkg/Library/VmgExitLibNull/VmTdExitNull.c
> >
> > --
> > 2.29.2.windows.2
> >
> >
> >
> >
> >
> 
> 
> 
> 
> 
> 
> 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#87398): https://edk2.groups.io/g/devel/message/87398
Mute This Topic: https://groups.io/mt/89681325/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Min:
 I have one minor comment for TdxLib.h. This header file doesn't need to include below header files. Other patches in MdePkg are good to me. Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>

#include <Library/BaseLib.h>
#include <Library/DebugLib.h>
#include <Uefi/UefiBaseType.h>
#include <Protocol/DebugSupport.h>

Thanks
Liming
> -----邮件原件-----
> 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Min Xu
> 发送时间: 2022年3月10日 14:21
> 收件人: devel@edk2.groups.io; Gao, Liming <gaoliming@byosoft.com.cn>
> 抄送: 'Brijesh Singh' <brijesh.singh@amd.com>; Dong, Eric
> <eric.dong@intel.com>; Aktas, Erdem <erdemaktas@google.com>; Wu, Hao
> A <hao.a.wu@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; 'James
> Bottomley' <jejb@linux.ibm.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Kinney, Michael D <michael.d.kinney@intel.com>; Ni, Ray <ray.ni@intel.com>;
> Kumar, Rahul1 <rahul1.kumar@intel.com>; 'Tom Lendacky'
> <thomas.lendacky@amd.com>; Liu, Zhiguang <zhiguang.liu@intel.com>;
> 'Gerd Hoffmann' <kraxel@redhat.com>
> 主题: Re: [edk2-devel] [PATCH V7 00/37] Enable Intel TDX in OvmfPkg
> (Config-A)
> 
> Hi, Lingming
> Besides below 2 comments in MdePkg, what's your opinion about below
> patches in MdePkg?
> Patch 01  includes the Intel Trust Domain Extension definitions.
> Patch 07-10 is about the BaseIoLibIntrinsic
> Patch 12 add macros CC_GUEST_IS_SEV / CC_GUEST_IS_TDX to check SEV /
> TDX guest.
> 
> I am looking forward your comments about Patch 07 - 10.
> 
> 01-MdePkg-Add-Tdx.h.patch
>   - https://edk2.groups.io/g/devel/message/87049
> 03-MdePkg-Add-TdxLib-to-wrap-Tdx-operations.patch
>   - https://edk2.groups.io/g/devel/message/87051
> 
> 07-MdePkg-Add-helper-functions-for-Tdx-guest-in-BaseIoL.patch
>   - https://edk2.groups.io/g/devel/message/87055
> 08-MdePkg-Support-mmio-for-Tdx-guest-in-BaseIoLibIntrin.patch
>   - https://edk2.groups.io/g/devel/message/87056
> 09-MdePkg-Support-IoFifo-for-Tdx-guest-in-BaseIoLibIntr.patch
>   - https://edk2.groups.io/g/devel/message/87057
> 10-MdePkg-Support-IoRead-IoWrite-for-Tdx-guest-in-BaseI.patch
>   - https://edk2.groups.io/g/devel/message/87058
> 
> 12-MdePkg-Add-macro-to-check-SEV-TDX-guest.patch
>   - https://edk2.groups.io/g/devel/message/87060
> 
> Thanks much!
> 
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> gaoliming
> > Sent: Tuesday, March 1, 2022 10:20 AM
> > To: devel@edk2.groups.io; Xu, Min M <min.m.xu@intel.com>
> > Cc: 'Brijesh Singh' <brijesh.singh@amd.com>; Dong, Eric
> > <eric.dong@intel.com>; Aktas, Erdem <erdemaktas@google.com>; Wu, Hao
> A
> > <hao.a.wu@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; 'James
> > Bottomley' <jejb@linux.ibm.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> > Kinney, Michael D <michael.d.kinney@intel.com>; Ni, Ray
> <ray.ni@intel.com>;
> > Kumar, Rahul1 <rahul1.kumar@intel.com>; 'Tom Lendacky'
> > <thomas.lendacky@amd.com>; Liu, Zhiguang <zhiguang.liu@intel.com>;
> 'Gerd
> > Hoffmann' <kraxel@redhat.com>
> > Subject: 回复: [edk2-devel] [PATCH V7 00/37] Enable Intel TDX in OvmfPkg
> > (Config-A)
> >
> > Min:
> >   I have two comments in MdePkg. The changes in MdeModulePkg are
> good to
> > me.
> > 1. Seemly, new APIs (TdCall, TdVmCall, TdIsEnabled) in BaseLib are X86
> specific.
> > How about define them in #if defined (MDE_CPU_IA32) || defined
> > (MDE_CPU_X64) in BaseLib.h?
> > 2. I don't find new resource attribute
> EFI_RESOURCE_ATTRIBUTE_ENCRYPTED in
> > the latest PI PI_Spec_1_7_A_final_May1.pdf. Can you let me know which
> spec
> > defines it?
> >
> > Thanks
> > Liming
> > > -----邮件原件-----
> > > 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Min Xu
> > > 发送时间: 2022年2月28日 15:21
> > > 收件人: devel@edk2.groups.io
> > > 抄送: Min Xu <min.m.xu@intel.com>; Brijesh Singh
> > > <brijesh.singh@amd.com>; Eric Dong <eric.dong@intel.com>; Erdem
> Aktas
> > > <erdemaktas@google.com>; Hao A Wu <hao.a.wu@intel.com>; Jian J
> Wang
> > > <jian.j.wang@intel.com>; James Bottomley <jejb@linux.ibm.com>;
> Jiewen
> > > Yao <jiewen.yao@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>;
> > > Michael D Kinney <michael.d.kinney@intel.com>; Ray Ni
> > > <ray.ni@intel.com>; Rahul Kumar <rahul1.kumar@intel.com>; Tom
> Lendacky
> > > <thomas.lendacky@amd.com>; Zhiguang Liu <zhiguang.liu@intel.com>;
> Gerd
> > > Hoffmann <kraxel@redhat.com>
> > > 主题: [edk2-devel] [PATCH V7 00/37] Enable Intel TDX in OvmfPkg
> > > (Config-A)
> > >
> > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3249
> > >
> > > Intel's Trust Domain Extensions (Intel TDX) refers to an Intel
> > > technology that extends Virtual Machines Extensions (VMX) and
> > > Multi-Key Total Memory Encryption (MKTME) with a new kind of virutal
> > > machines guest called a Trust Domain (TD). A TD is desinged to run in
> > > a CPU mode that protects the confidentiality of TD memory contents and
> > > the TD's CPU state from other software, including the hosting
> > > Virtual-Machine Monitor (VMM), unless explicitly shared by the TD itself.
> > >
> > > There are 2 configurations for TDVF to upstream. See below link for
> > > the definitions of the 2 configurations.
> > > https://edk2.groups.io/g/devel/message/76367
> > >
> > > This patch-set is to enable Config-A in OvmfPkg.
> > >  - Merge the *basic* TDVF feature to existing OvmfX64Pkg.dsc. (Align
> > >    with existing SEV)
> > >  - Threat model: VMM is NOT out of TCB. (We don’t make things worse.)
> > >  - The OvmfX64Pkg.dsc includes SEV/TDX/normal OVMF basic boot
> capability.
> > >    The final binary can run on SEV/TDX/normal OVMF
> > >  - No changes to existing OvmfPkgX64 image layout.
> > >  - No need to add additional security features if they do not exist
> > > today
> > >  - No need to remove features if they exist today.
> > >  - RTMR is not supported
> > >  - PEI phase is NOT skipped in either Td or Non-Td
> > >
> > > Patch 01 - 23 are changes in SEC phase. Also some libraries in these
> > > patches are workable in SEC/PEI/DXE.
> > >
> > > Patch 17 - 20 extract the common codes from OvmfPkg/PlatformPei to a
> > > new PlatformInitLib. Then OvmfPkg/PlatformPei is refactored with this lib.
> > > This is because there are 3 variants of PlatformPei in OvmfPkg and
> > > hence many codes are duplicated.
> > > Patch 21 then add Tdx specific codes in PlatformInitLib.
> > >
> > > Patch 24 - 29 are changes in PEI phase.
> > >
> > > Patch 30 - 34 are changes in DXE phase.
> > >
> > > Patch 35 - 37 are for local Apic timer DXE driver.
> > >
> > > [TDX]: https://software.intel.com/content/dam/develop/external/us/en/
> > > documents/tdx-whitepaper-final9-17.pdf
> > >
> > > [TDX-Module]:
> https://software.intel.com/content/dam/develop/external/
> > > us/en/documents/tdx-module-1.0-public-spec-v0.931.pdf
> > >
> > > [TDVF]:
> https://software.intel.com/content/dam/develop/external/us/en/
> > > documents/tdx-virtual-firmware-design-guide-rev-1.pdf
> > >
> > > [GCHI]:
> https://software.intel.com/content/dam/develop/external/us/en/
> > >
> documents/intel-tdx-guest-hypervisor-communication-interface-1.0-34442
> > > 6-
> > > 002.pdf
> > >
> > > Code is at https://github.com/mxu9/edk2/tree/tdvf_wave2.v7
> > >
> > > v7 changes:
> > >  - Based on the comments from last review, 8 PlatformInitLib patches
> > >    are squashed into 4 patches (#17-#20). These 4 patches are not
> > >    related to Tdx guest. Tdx related codes of PlatformInitLib is
> > >    in #21.
> > >  - gUefiOvmfPkgTdxPlatformGuid is renamed as
> > > gUefiOvmfPkgPlatformInfoGuid.
> > >    Because this GUID is used not only by Tdx guest, but also by
> > >    Legacy guest.
> > >  - PlatformInitLibNull is deleted.
> > >  - In PlatformPei Pml4Entries is cap at 512 entries when
> > >    mPhysMemAddressWidth > 48.
> > >
> > > v7 not-addressed comments
> > >  - Comments in MpInitLib have not been addressed yet. It will be
> > >    addressed in the following version.
> > >  - Thanks much for your understanding.
> > >
> > > v6 changes:
> > >  - PlatformInitLib and OvmfPkg/PlatformPei refactoring are covered in
> > >    patch from 17 - 24. These patches are not related to Tdx guest. Tdx
> > >    related codes of PlatformInitLib is in patch 25.
> > >  - In the previous patch-sets, TdHob is processed in
> > >    OvmfPkg/Sec/IntelTdx.c. Per Gerd's suggestion they are now moved
> > >    to PlatformInitLib/IntelTdx.c. So that they can be reused in Config-B.
> > >  - The default Accept page size is changed from 4K to 2M.
> > >  - The BspAcceptMemoryResourceRange is refactored according to
> Gerd's
> > >    comment.
> > >  - In ApRunLoop.nasm command field is set to zero as acknowledgement.
> > >    This is a fix based on the ACPI Spec v6.4,Sec titled "Multiprocessor
> > >    Wakeup Structure".
> > >
> > > v6 not-addressed comments
> > >  - Comments in MpInitLib have not been addressed yet. It will be
> > >    addressed in the following version.
> > >  - Thanks much for your understanding.
> > >
> > > v5 changes:
> > >  - PlatformInitLib is introduced which wraps the common functions in
> > >    OvmfPkg/PlatformPei. It is because there are a lot of duplicated
> > >    codes for Platform initialization in PEI phase and there are at least
> > >    3 variants of PlatformPei. Another reason is that in TDVF Config-B
> > >    PEI-less boot needs the similar initiliazation as PlatformPei. Based
> > >    on the discussion with the community, PlatformInitLib is introduced.
> > >    As the first stage OvmfPkg/PlatformPei is refactored with this lib.
> > >    In the future the other 2 PlatformPei variants will be refactored
> > >    as well.
> > >  - PcdIgnoreVeHalt is deprecated.
> > >  - Add spec link for Mailbox.
> > >  - Other minor changes, such as comments, uncrustify formats, etc.
> > >
> > > v5 not-addressed comments
> > >  - Comments in MpInitLib have not been addressed yet. It will be
> > >    addressed in the following version.
> > >  - Some comments may be missed. I will re-visit the review emails.
> > >  - Thanks much for your understanding.
> > >
> > > v4 changes:
> > >  - Split the TdxLib into 2 libraries. The TDX basic functions
> > >    (TdCall / TdVmCall / TdIsEnabled) are moved to BaseLib (#2).
> > >    The other functions are in TdxLib. (#3)
> > >  - Based on above changes (TdCall/TdVmCall/TdIsEnabled in BaseLib)
> > >    the TdxLib.inf is not necessary in some Pkgs, such as
> > >    UefiPayloadPkg. The duplicated source code are deleted (BaseIoLib
> > >    is the sample).
> > >  - Drop the Accepting pages with TDX MP service. Instead only BSP
> > >    accepts pages. There maybe boot performance issue. There are some
> > >    mitigations to it, such as 2M accept page size, lazy accept, etc.
> > >    We will re-visit this issue in a separate patch-set.
> > >  - Relocate Mailbox in TdxDxe driver instead of in PlatformPei. This
> > >    is to keep consistence with Config-B (PEI is skipped in Config-B).
> > >  - SetMmioSharedBit in TdxDxe driver instead of in DxeIplPeim after
> > >    CreateIdentityMappingPageTables. This is to keep consistence with
> > >    Config-B (PEI is skipped in Config-B).
> > >  - Some other minor changes, such as switch-case indention.
> > >  - Rebase the code base (commit: 8c06c53b585a) and update the code
> with
> > >    uncrustify.
> > >
> > > v4 not-addressed comments:
> > >  - Comments in MpInitLib have not been addressed yet. It will be
> > >    addressed in the next version.
> > >  - BaseMemEncryptTdxLib is suggested to be merged with
> > >    BaseMemEncryptSevLib. It will be addressed in the next version.
> > >  - Gerd suggests a generic page table walker which is able to set
> > >    and clear bits for a given memory range in both SEV and TDX guest.
> > >    This suggestion will be addressed in the next version.
> > >  - Some comments may be missed. I will re-visit the review emails.
> > >  - Thanks much for your understanding.
> > >
> > > v3 changes:
> > >  - LocalApicTimerDxe is split out to be a separate patch-series.
> > >  - VmTdExitLibNull/VmgExitLib are removed. Instead the VmgExitLib
> > >    is extended to handle #VE exception. (Patch 3-5)
> > >  - Split the Tdx support of base IoLib into 4 commits. (Patch 6-9)
> > >  - Alter of MADT table is updated. In previous version it was
> > >    created from scratch. Now it gets the installed table, copy
> > >    it to a larger buffer and append the ACPI_MADT_MPWK to it.
> > >    (Patch 25)
> > >  - Changes in BaseXApicX2ApicLib is refined based on the
> > >    feedbacks. (Add spec link of MSR access definition, rename
> > >    some funtion name, etc.) (Patch 11)
> > >  - Use PcdConfidentialComputingGuestAttr to probe TDX guest instead
> > >    of CPUID. But in some cases PcdConfidentialComputingGuestAttr
> > >    cannot be used because it has not been set yet.
> > >  - Some other minor changes.
> > >
> > > v3 not-addressed comments:
> > >  - Some of the comments have not been addressed. This is because I
> > >    need more time to consider how to address these comments.
> > >    At the same time I want to submit a new version based on the above
> > >    changes so that community can review in a more efficient way.
> > >    (v2 is the version one month ago).
> > >  - Comments in MpInitLib have not been addressed yet. It will be
> > >    addressed in v4.
> > >  - BaseMemEncryptTdxLib should be merged with
> BaseMemEncryptSevLib.
> > >    It will be addressed in v4.
> > >  - Some comments may be missed. I will re-visit the review emails.
> > >  - Thanks much for your understanding.
> > >
> > > v2 changes:
> > >  - Remove TdxProbeLib. It is to reduce the depencies of the lib.
> > >  - In v1 a new function (AllocatePagesWithMemoryType) is added in
> > >    PeiMemoryAllocationLib. This function is not necessary. It can
> > >    be replaced by PeiServicesAllocatePages.
> > >  - IoLibFifo.c is added in BaseIoLibIntrinsic. This file includes
> > >    the functions of read/write of I/O  port fifo. These functions
> > >    will call TdIoReadFifo or SevIoReadFifo by checking TDX or SEV
> > >    in run-time.
> > >  - DXE related patches are added. (Patch 22-28)
> > >  - Fix typo in commit/comment message, or some minor changes.
> > >  - Rebase the edk2 code base. (4cc1458dbe00)
> > >
> > > Cc: Brijesh Singh <brijesh.singh@amd.com>
> > > Cc: Eric Dong <eric.dong@intel.com>
> > > Cc: Erdem Aktas <erdemaktas@google.com>
> > > Cc: Hao A Wu <hao.a.wu@intel.com>
> > > Cc: Jian J Wang <jian.j.wang@intel.com>
> > > Cc: James Bottomley <jejb@linux.ibm.com>
> > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > Cc: Liming Gao <gaoliming@byosoft.com.cn>
> > > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > > Cc: Ray Ni <ray.ni@intel.com>
> > > Cc: Rahul Kumar <rahul1.kumar@intel.com>
> > > Cc: Tom Lendacky <thomas.lendacky@amd.com>
> > > Cc: Zhiguang Liu <zhiguang.liu@intel.com>
> > > Cc: Gerd Hoffmann <kraxel@redhat.com>
> > > Signed-off-by: Min Xu <min.m.xu@intel.com>
> > >
> > > Min Xu (37):
> > >   MdePkg: Add Tdx.h
> > >   MdePkg: Introduce basic Tdx functions in BaseLib
> > >   MdePkg: Add TdxLib to wrap Tdx operations
> > >   UefiCpuPkg: Extend VmgExitLibNull to handle #VE exception
> > >   OvmfPkg: Extend VmgExitLib to handle #VE exception
> > >   UefiCpuPkg/CpuExceptionHandler: Add base support for the #VE
> exception
> > >   MdePkg: Add helper functions for Tdx guest in BaseIoLibIntrinsic
> > >   MdePkg: Support mmio for Tdx guest in BaseIoLibIntrinsic
> > >   MdePkg: Support IoFifo for Tdx guest in BaseIoLibIntrinsic
> > >   MdePkg: Support IoRead/IoWrite for Tdx guest in BaseIoLibIntrinsic
> > >   UefiCpuPkg: Support TDX in BaseXApicX2ApicLib
> > >   MdePkg: Add macro to check SEV / TDX guest
> > >   UefiCpuPkg: Enable Tdx support in MpInitLib
> > >   OvmfPkg: Add IntelTdx.h in OvmfPkg/Include/IndustryStandard
> > >   OvmfPkg: Add TdxMailboxLib
> > >   MdePkg: Add EFI_RESOURCE_ATTRIBUTE_ENCRYPTED in PiHob.h
> > >   OvmfPkg: Create initial version of PlatformInitLib
> > >   OvmfPkg/PlatformInitLib: Add hob functions
> > >   OvmfPkg/PlatformInitLib: Add memory functions
> > >   OvmfPkg/PlatformInitLib: Add platform functions
> > >   OvmfPkg: Update PlatformInitLib to process Tdx hoblist
> > >   OvmfPkg/Sec: Declare local variable as volatile in
> > >     SecCoreStartupWithStack
> > >   OvmfPkg: Update Sec to support Tdx
> > >   OvmfPkg: Check Tdx in QemuFwCfgPei to avoid DMA operation
> > >   MdeModulePkg: EFER should not be changed in TDX
> > >   MdeModulePkg: Add PcdTdxSharedBitMask
> > >   UefiCpuPkg: Update AddressEncMask in CpuPageTable
> > >   OvmfPkg: Update PlatformInitLib for Tdx guest to publish ram regions
> > >   OvmfPkg: Update PlatformPei to support Tdx guest
> > >   OvmfPkg: Update AcpiPlatformDxe to alter MADT table
> > >   OvmfPkg/BaseMemEncryptTdxLib: Add TDX helper library
> > >   OvmfPkg: Add TdxDxe driver
> > >   OvmfPkg/QemuFwCfgLib: Support Tdx in QemuFwCfgDxe
> > >   OvmfPkg: Update IoMmuDxe to support TDX
> > >   OvmfPkg: Rename XenTimerDxe to LocalApicTimerDxe
> > >   UefiCpuPkg: Setting initial-count register as the last step
> > >   OvmfPkg: Switch timer in build time for OvmfPkg
> > >
> > >  MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf       |   1 +
> > >  .../Core/DxeIplPeim/X64/VirtualMemory.c       |   7 +
> > >  MdeModulePkg/MdeModulePkg.dec                 |   9 +
> > >  .../Include/ConfidentialComputingGuestAttr.h  |   3 +
> > >  MdePkg/Include/IndustryStandard/Tdx.h         | 203 ++++
> > >  MdePkg/Include/Library/BaseLib.h              |  62 ++
> > >  MdePkg/Include/Library/TdxLib.h               |  97 ++
> > >  MdePkg/Include/Pi/PiHob.h                     |   8 +
> > >  .../BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf |   2 +
> > >  .../BaseIoLibIntrinsicSev.inf                 |   7 +
> > >  MdePkg/Library/BaseIoLibIntrinsic/IoLib.c     |  81 +-
> > >  MdePkg/Library/BaseIoLibIntrinsic/IoLibFifo.c | 216 ++++
> > > MdePkg/Library/BaseIoLibIntrinsic/IoLibGcc.c  |  51 +-
> > >  .../BaseIoLibIntrinsic/IoLibInternalTdx.c     | 675 +++++++++++++
> > >  .../BaseIoLibIntrinsic/IoLibInternalTdxNull.c | 497 +++++++++
> > > MdePkg/Library/BaseIoLibIntrinsic/IoLibMsc.c  |  73 +-
> > > MdePkg/Library/BaseIoLibIntrinsic/IoLibSev.h  | 166 +++
> > > MdePkg/Library/BaseIoLibIntrinsic/IoLibTdx.h  | 410 ++++++++
> > >  .../BaseIoLibIntrinsic/X64/IoFifoSev.nasm     |  34 +-
> > >  MdePkg/Library/BaseLib/BaseLib.inf            |  11 +
> > >  MdePkg/Library/BaseLib/IntelTdxNull.c         |  83 ++
> > >  MdePkg/Library/BaseLib/X64/TdCall.nasm        |  85 ++
> > >  MdePkg/Library/BaseLib/X64/TdProbe.c          |  62 ++
> > >  MdePkg/Library/BaseLib/X64/TdVmcall.nasm      | 145 +++
> > >  MdePkg/Library/TdxLib/AcceptPages.c           | 180 ++++
> > >  MdePkg/Library/TdxLib/Rtmr.c                  |  83 ++
> > >  MdePkg/Library/TdxLib/TdInfo.c                | 114 +++
> > >  MdePkg/Library/TdxLib/TdxLib.inf              |  37 +
> > >  MdePkg/Library/TdxLib/TdxLibNull.c            | 107 ++
> > >  MdePkg/MdePkg.dec                             |   3 +
> > >  MdePkg/MdePkg.dsc                             |   1 +
> > >  OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf   |   1 +
> > >  OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpi.c       |  14 +-
> > >  OvmfPkg/AmdSev/AmdSevX64.dsc                  |   8 +-
> > >  OvmfPkg/AmdSev/AmdSevX64.fdf                  |   3 +-
> > >  OvmfPkg/Bhyve/BhyveX64.dsc                    |   2 +
> > >  OvmfPkg/CloudHv/CloudHvX64.dsc                |   5 +-
> > >  OvmfPkg/CloudHv/CloudHvX64.fdf                |   2 +-
> > >  OvmfPkg/Include/IndustryStandard/IntelTdx.h   |  67 ++
> > >  OvmfPkg/Include/Library/MemEncryptTdxLib.h    |  81 ++
> > >  OvmfPkg/Include/Library/PlatformInitLib.h     | 286 ++++++
> > >  OvmfPkg/Include/Library/TdxMailboxLib.h       |  76 ++
> > >  .../Include/Protocol/QemuAcpiTableNotify.h    |  27 +
> > >  OvmfPkg/Include/TdxCommondefs.inc             |  51 +
> > >  OvmfPkg/IoMmuDxe/AmdSevIoMmu.c                | 103 +-
> > >  OvmfPkg/IoMmuDxe/AmdSevIoMmu.h                |   6 +-
> > >  OvmfPkg/IoMmuDxe/IoMmuDxe.c                   |   6 +-
> > >  OvmfPkg/IoMmuDxe/IoMmuDxe.inf                 |   5 +
> > >  .../BaseMemEncryptTdxLib.inf                  |  44 +
> > >  .../BaseMemEncryptTdxLibNull.inf              |  35 +
> > >  .../BaseMemoryEncryptionNull.c                |  90 ++
> > >  .../BaseMemEncryptTdxLib/MemoryEncryption.c   | 948
> > > ++++++++++++++++++
> > >  .../BaseMemEncryptTdxLib/VirtualMemory.h      | 181 ++++
> > >  .../PlatformInitLib}/Cmos.c                   |  32 +-
> > >  OvmfPkg/Library/PlatformInitLib/IntelTdx.c    | 553 ++++++++++
> > >  .../Library/PlatformInitLib/IntelTdxNull.c    |  46 +
> > >  OvmfPkg/Library/PlatformInitLib/MemDetect.c   | 707
> +++++++++++++
> > >  OvmfPkg/Library/PlatformInitLib/Platform.c    | 597 +++++++++++
> > >  .../PlatformInitLib/PlatformInitLib.inf       |  94 ++
> > >  OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c   |   9 +-
> > >  .../Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf  |   1 +
> > >  .../QemuFwCfgLib/QemuFwCfgLibInternal.h       |  11 +
> > >  OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c   |  32 +
> > >  .../Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf  |   2 +
> > >  OvmfPkg/Library/TdxMailboxLib/TdxMailbox.c    | 140 +++
> > >  .../Library/TdxMailboxLib/TdxMailboxLib.inf   |  52 +
> > >  .../Library/TdxMailboxLib/TdxMailboxNull.c    |  85 ++
> > >  OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf  |   3 +-
> > >  OvmfPkg/Library/VmgExitLib/VmTdExitHandler.h  |  32 +
> > >  .../Library/VmgExitLib/VmTdExitVeHandler.c    | 559 +++++++++++
> > >  OvmfPkg/Library/VmgExitLib/VmgExitLib.inf     |   2 +
> > >  .../Library/VmgExitLib/X64/TdVmcallCpuid.nasm | 146 +++
> > >  .../LocalApicTimerDxe.c}                      |   4 +-
> > >  .../LocalApicTimerDxe.h}                      |   4 +-
> > >  .../LocalApicTimerDxe.inf}                    |   7 +-
> > >  OvmfPkg/Microvm/MicrovmX64.dsc                |   5 +-
> > >  OvmfPkg/Microvm/MicrovmX64.fdf                |   2 +-
> > >  OvmfPkg/OvmfPkg.dec                           |  17 +
> > >  OvmfPkg/OvmfPkgIa32.dsc                       |  12 +-
> > >  OvmfPkg/OvmfPkgIa32.fdf                       |   8 +-
> > >  OvmfPkg/OvmfPkgIa32X64.dsc                    |  14 +-
> > >  OvmfPkg/OvmfPkgIa32X64.fdf                    |   8 +-
> > >  OvmfPkg/OvmfPkgX64.dsc                        |  29 +-
> > >  OvmfPkg/OvmfPkgX64.fdf                        |  11 +-
> > >  OvmfPkg/OvmfXen.dsc                           |   4 +-
> > >  OvmfPkg/OvmfXen.fdf                           |   2 +-
> > >  OvmfPkg/PlatformPei/Cmos.h                    |  48 -
> > >  OvmfPkg/PlatformPei/FeatureControl.c          |   7 +-
> > >  OvmfPkg/PlatformPei/IntelTdx.c                |  54 +
> > >  OvmfPkg/PlatformPei/MemDetect.c               | 669 +-----------
> > >  OvmfPkg/PlatformPei/Platform.c                | 522 ++--------
> > >  OvmfPkg/PlatformPei/Platform.h                |  55 +-
> > >  OvmfPkg/PlatformPei/PlatformPei.inf           |   7 +-
> > >  OvmfPkg/Sec/SecMain.c                         |  44 +-
> > >  OvmfPkg/Sec/SecMain.inf                       |   3 +
> > >  OvmfPkg/Sec/X64/SecEntry.nasm                 |  82 ++
> > >  OvmfPkg/TdxDxe/TdxAcpiTable.c                 | 213 ++++
> > >  OvmfPkg/TdxDxe/TdxAcpiTable.h                 |  60 ++
> > >  OvmfPkg/TdxDxe/TdxDxe.c                       | 261 +++++
> > >  OvmfPkg/TdxDxe/TdxDxe.inf                     |  64 ++
> > >  OvmfPkg/TdxDxe/X64/ApRunLoop.nasm             |  90 ++
> > >  UefiCpuPkg/CpuDxe/CpuDxe.inf                  |   1 +
> > >  UefiCpuPkg/CpuDxe/CpuPageTable.c              |   4 +
> > >  UefiCpuPkg/Include/Library/VmgExitLib.h       |  28 +
> > >  .../BaseXApicX2ApicLib/BaseXApicX2ApicLib.c   | 170 +++-
> > >  .../PeiDxeSmmCpuException.c                   |  17 +
> > >  .../SecPeiCpuException.c                      |  18 +
> > >  UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf |   3 +
> > >  UefiCpuPkg/Library/MpInitLib/DxeMpLib.c       |  15 +-
> > >  UefiCpuPkg/Library/MpInitLib/MpIntelTdx.h     |  71 ++
> > >  UefiCpuPkg/Library/MpInitLib/MpLib.c          |  27 +
> > >  UefiCpuPkg/Library/MpInitLib/MpLibTdx.c       | 128 +++
> > >  UefiCpuPkg/Library/MpInitLib/MpLibTdxNull.c   |  73 ++
> > >  UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf |   3 +
> > >  .../Library/VmgExitLibNull/VmTdExitNull.c     |  38 +
> > >  .../Library/VmgExitLibNull/VmgExitLibNull.inf |   1 +
> > >  116 files changed, 10233 insertions(+), 1327 deletions(-)  create
> > > mode 100644 MdePkg/Include/IndustryStandard/Tdx.h
> > >  create mode 100644 MdePkg/Include/Library/TdxLib.h  create mode
> > > 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibFifo.c
> > >  create mode 100644
> > > MdePkg/Library/BaseIoLibIntrinsic/IoLibInternalTdx.c
> > >  create mode 100644
> > > MdePkg/Library/BaseIoLibIntrinsic/IoLibInternalTdxNull.c
> > >  create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibSev.h
> > >  create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibTdx.h
> > >  create mode 100644 MdePkg/Library/BaseLib/IntelTdxNull.c
> > >  create mode 100644 MdePkg/Library/BaseLib/X64/TdCall.nasm
> > >  create mode 100644 MdePkg/Library/BaseLib/X64/TdProbe.c
> > >  create mode 100644 MdePkg/Library/BaseLib/X64/TdVmcall.nasm
> > >  create mode 100644 MdePkg/Library/TdxLib/AcceptPages.c
> > >  create mode 100644 MdePkg/Library/TdxLib/Rtmr.c  create mode
> 100644
> > > MdePkg/Library/TdxLib/TdInfo.c  create mode 100644
> > > MdePkg/Library/TdxLib/TdxLib.inf  create mode 100644
> > > MdePkg/Library/TdxLib/TdxLibNull.c
> > >  create mode 100644 OvmfPkg/Include/IndustryStandard/IntelTdx.h
> > >  create mode 100644 OvmfPkg/Include/Library/MemEncryptTdxLib.h
> > >  create mode 100644 OvmfPkg/Include/Library/PlatformInitLib.h
> > >  create mode 100644 OvmfPkg/Include/Library/TdxMailboxLib.h
> > >  create mode 100644
> OvmfPkg/Include/Protocol/QemuAcpiTableNotify.h
> > >  create mode 100644 OvmfPkg/Include/TdxCommondefs.inc  create
> mode
> > > 100644
> > OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLib.inf
> > >  create mode 100644
> > > OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLibNull.inf
> > >  create mode 100644
> > > OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemoryEncryptionNull.c
> > >  create mode 100644
> > > OvmfPkg/Library/BaseMemEncryptTdxLib/MemoryEncryption.c
> > >  create mode 100644
> > > OvmfPkg/Library/BaseMemEncryptTdxLib/VirtualMemory.h
> > >  rename OvmfPkg/{PlatformPei => Library/PlatformInitLib}/Cmos.c (61%)
> > > create mode 100644 OvmfPkg/Library/PlatformInitLib/IntelTdx.c
> > >  create mode 100644 OvmfPkg/Library/PlatformInitLib/IntelTdxNull.c
> > >  create mode 100644 OvmfPkg/Library/PlatformInitLib/MemDetect.c
> > >  create mode 100644 OvmfPkg/Library/PlatformInitLib/Platform.c
> > >  create mode 100644
> > > OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
> > >  create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailbox.c
> > >  create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf
> > >  create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailboxNull.c
> > >  create mode 100644 OvmfPkg/Library/VmgExitLib/VmTdExitHandler.h
> > >  create mode 100644
> OvmfPkg/Library/VmgExitLib/VmTdExitVeHandler.c
> > >  create mode 100644
> OvmfPkg/Library/VmgExitLib/X64/TdVmcallCpuid.nasm
> > >  rename OvmfPkg/{XenTimerDxe/XenTimerDxe.c =>
> > > LocalApicTimerDxe/LocalApicTimerDxe.c} (95%)  rename
> > > OvmfPkg/{XenTimerDxe/XenTimerDxe.h =>
> > > LocalApicTimerDxe/LocalApicTimerDxe.h} (96%)  rename
> > > OvmfPkg/{XenTimerDxe/XenTimerDxe.inf =>
> > > LocalApicTimerDxe/LocalApicTimerDxe.inf} (80%)  delete mode 100644
> > > OvmfPkg/PlatformPei/Cmos.h  create mode 100644
> > > OvmfPkg/PlatformPei/IntelTdx.c  create mode 100644
> > > OvmfPkg/TdxDxe/TdxAcpiTable.c  create mode 100644
> > > OvmfPkg/TdxDxe/TdxAcpiTable.h  create mode 100644
> > > OvmfPkg/TdxDxe/TdxDxe.c  create mode 100644
> > OvmfPkg/TdxDxe/TdxDxe.inf
> > > create mode 100644 OvmfPkg/TdxDxe/X64/ApRunLoop.nasm  create
> mode
> > > 100644 UefiCpuPkg/Library/MpInitLib/MpIntelTdx.h
> > >  create mode 100644 UefiCpuPkg/Library/MpInitLib/MpLibTdx.c
> > >  create mode 100644 UefiCpuPkg/Library/MpInitLib/MpLibTdxNull.c
> > >  create mode 100644
> UefiCpuPkg/Library/VmgExitLibNull/VmTdExitNull.c
> > >
> > > --
> > > 2.29.2.windows.2
> > >
> > >
> > >
> > >
> > >
> >
> >
> >
> >
> >
> >
> >
> 
> 
> 
> 
> 





-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#87443): https://edk2.groups.io/g/devel/message/87443
Mute This Topic: https://groups.io/mt/89703522/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

On March 11, 2022 11:20 AM, Gao Liming wrote:
> Min:
>  I have one minor comment for TdxLib.h. This header file doesn't need to include
> below header files. Other patches in MdePkg are good to me. Reviewed-by:
> Liming Gao <gaoliming@byosoft.com.cn>
> 
> #include <Library/BaseLib.h>
> #include <Library/DebugLib.h>
> #include <Uefi/UefiBaseType.h>
> #include <Protocol/DebugSupport.h>
> 
Thanks for the reminder. They will be deleted in the next version.

Thanks
Min


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#87456): https://edk2.groups.io/g/devel/message/87456
Mute This Topic: https://groups.io/mt/89706046/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-