From nobody Sat Feb 7 04:47:17 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+81479+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+81479+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1633405219; cv=none; d=zohomail.com; s=zohoarc; b=UjqNulQlkeBw1PMRMIZP23dGHsRclIfAL2dJFEXOTVIveWSGJiTZnXpYIwKNptObdMSkeDROeVYZ99O0p4m2CCyNb8a6v+WHN7+il4vh1doajEpzevFQpWFze1ZBOD0LxCA+L4gwG/O3dkcjDEjDPdlqM/V3FHRvm4vwWR06CEE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1633405219; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=iCWJKuVBblkWKUVEAqiOsvP2LG5+pkXM2rqB0rZtV0c=; b=DG2PyQZslpDZrC8FU4F69SF6pYPsXFlagOl4EOll7SKMvOkN+ESh3dnkPpTnV38LLm3t7qAx1fRlMPUjVgAQtHAM/3gjE1wbxV2AZ7zm0a1Obv8d5vhQpH8dZi4Uwu1X5P0mtMRjXdQk/KccExqjYVSU/yS6x4LFC/+qt3PC/Vg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+81479+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1633405219428734.6303101032056; Mon, 4 Oct 2021 20:40:19 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id m9jxYY1788612x6N05DMc2on; Mon, 04 Oct 2021 20:40:19 -0700 X-Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web11.20667.1633405209770974351 for ; Mon, 04 Oct 2021 20:40:18 -0700 X-IronPort-AV: E=McAfee;i="6200,9189,10127"; a="225958102" X-IronPort-AV: E=Sophos;i="5.85,347,1624345200"; d="scan'208";a="225958102" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Oct 2021 20:40:17 -0700 X-IronPort-AV: E=Sophos;i="5.85,347,1624345200"; d="scan'208";a="487828529" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.255.29.239]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Oct 2021 20:40:15 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Eric Dong , Ray Ni , Rahul Kumar , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky Subject: [edk2-devel] [PATCH V2 07/28] UefiCpuPkg: Support TDX in BaseXApicX2ApicLib Date: Tue, 5 Oct 2021 11:39:18 +0800 Message-Id: <0dcb1ac3ad788cc7a4fd293fcf183b6ea9bdffb9.1633401643.git.min.m.xu@intel.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: 4nLwD0TyTl6ckrrIcPwgVZwPx1787277AA= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1633405219; bh=nDNo4T9LaCaNQcOcOIE2Nuk6M/6qkyUPxyUKkTo327o=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=s7b8g6ANa7fOILJbNohzEPAaAmAPpOmw4U6OJnMzmuef8yM6fdYZSXRsqOccYfHzVUX Xk1/+4qJYkfAx1OU9dpwPVnmvI3yMH/2Z2PnUljHSuusULfifZHIqUcKe9bMRlGGpRQsV BzNzo55RGZ7fkBYG9VOzpXYfEA0EcnggPXY= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1633405221141100001 RFC=EF=BC=9A https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 MSR is accessed in BaseXApicX2ApicLib. In TDX some MSRs are accessed directly from/to CPU. Some should be accessed via explicit requests from the host VMM using TDCALL(TDG.VP.VMCALL). This is done by the help of TdxLib. Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Signed-off-by: Min Xu --- .../BaseXApicX2ApicLib/BaseXApicX2ApicLib.c | 233 +++++++++++++++++- .../BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf | 1 + UefiCpuPkg/UefiCpuPkg.dsc | 1 + 3 files changed, 227 insertions(+), 8 deletions(-) diff --git a/UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.c b/U= efiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.c index cdcbca046191..eaa132ea30f4 100644 --- a/UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.c +++ b/UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.c @@ -23,11 +23,227 @@ #include #include #include +#include +#include =20 // // Library internal functions // =20 +BOOLEAN mBaseXApicIsTdxEnabled =3D FALSE; +BOOLEAN mBaseXApicTdxProbed =3D FALSE; + +/** + Check if it is Tdx guest. + + @return TRUE It is Tdx guest + @return FALSE It is not Tdx guest + +**/ +BOOLEAN +EFIAPI +BaseXApicIsTdxGuest ( + VOID + ) +{ + UINT32 Eax; + UINT32 Ebx; + UINT32 Ecx; + UINT32 Edx; + UINT32 LargestEax; + + if (mBaseXApicTdxProbed) { + return mBaseXApicIsTdxEnabled; + } + + mBaseXApicIsTdxEnabled =3D FALSE; + + do { + AsmCpuid (0, &LargestEax, &Ebx, &Ecx, &Edx); + + if (Ebx !=3D SIGNATURE_32 ('G', 'e', 'n', 'u') + || Edx !=3D SIGNATURE_32 ('i', 'n', 'e', 'I') + || Ecx !=3D SIGNATURE_32 ('n', 't', 'e', 'l')) { + break; + } + + AsmCpuid (1, NULL, NULL, &Ecx, NULL); + if ((Ecx & BIT31) =3D=3D 0) { + break; + } + + if (LargestEax < 0x21) { + break; + } + + AsmCpuidEx (0x21, 0, &Eax, &Ebx, &Ecx, &Edx); + if (Ebx !=3D SIGNATURE_32 ('I', 'n', 't', 'e') + || Edx !=3D SIGNATURE_32 ('l', 'T', 'D', 'X') + || Ecx !=3D SIGNATURE_32 (' ', ' ', ' ', ' ')) { + break; + } + + mBaseXApicIsTdxEnabled =3D TRUE; + }while (FALSE); + + mBaseXApicTdxProbed =3D TRUE; + + return mBaseXApicIsTdxEnabled; +} + + +/** + Some MSRs in TDX are directly read/write from/to CPU. + + @param MsrIndex Index of the MSR + @retval TRUE MSR direct read/write from/to CPU. + @retval FALSE MSR not direct read/write from/to CPU. + +**/ +BOOLEAN +EFIAPI +AccessMsrNative ( + IN UINT32 MsrIndex + ) +{ + switch (MsrIndex) { + case MSR_IA32_X2APIC_TPR: + case MSR_IA32_X2APIC_PPR: + case MSR_IA32_X2APIC_EOI: + case MSR_IA32_X2APIC_ISR0: + case MSR_IA32_X2APIC_ISR1: + case MSR_IA32_X2APIC_ISR2: + case MSR_IA32_X2APIC_ISR3: + case MSR_IA32_X2APIC_ISR4: + case MSR_IA32_X2APIC_ISR5: + case MSR_IA32_X2APIC_ISR6: + case MSR_IA32_X2APIC_ISR7: + case MSR_IA32_X2APIC_TMR0: + case MSR_IA32_X2APIC_TMR1: + case MSR_IA32_X2APIC_TMR2: + case MSR_IA32_X2APIC_TMR3: + case MSR_IA32_X2APIC_TMR4: + case MSR_IA32_X2APIC_TMR5: + case MSR_IA32_X2APIC_TMR6: + case MSR_IA32_X2APIC_TMR7: + case MSR_IA32_X2APIC_IRR0: + case MSR_IA32_X2APIC_IRR1: + case MSR_IA32_X2APIC_IRR2: + case MSR_IA32_X2APIC_IRR3: + case MSR_IA32_X2APIC_IRR4: + case MSR_IA32_X2APIC_IRR5: + case MSR_IA32_X2APIC_IRR6: + case MSR_IA32_X2APIC_IRR7: + return TRUE; + default: + break; + } + return FALSE; +} + +/** + Read MSR value. + + @param MsrIndex Index of the MSR to read + @retval 64-bit Value of MSR. + +**/ +UINT64 +EFIAPI +ReadMsrReg64 ( + IN UINT32 MsrIndex + ) +{ + UINT64 Val; + UINT64 Status; + if (!AccessMsrNative (MsrIndex) && BaseXApicIsTdxGuest ()) { + Status =3D TdVmCall (TDVMCALL_RDMSR, (UINT64) MsrIndex, 0, 0, 0, &Val); + if (Status !=3D 0) { + TdVmCall (TDVMCALL_HALT, 0, 0, 0, 0, 0); + } + } else { + Val =3D AsmReadMsr64 (MsrIndex); + } + return Val; +} + +/** + Write to MSR. + + @param MsrIndex Index of the MSR to write to + @param Val Value to be written to the MSR + +**/ +VOID +EFIAPI +WriteMsrReg64 ( + IN UINT32 MsrIndex, + IN UINT64 Val + ) +{ + UINT64 Status; + if (!AccessMsrNative (MsrIndex) && BaseXApicIsTdxGuest ()) { + Status =3D TdVmCall (TDVMCALL_WRMSR, (UINT64) MsrIndex, Val, 0, 0, 0); + if (Status !=3D 0) { + TdVmCall (TDVMCALL_HALT, 0, 0, 0, 0, 0); + } + } else { + AsmWriteMsr64 (MsrIndex, Val); + } +} + +/** + Read MSR value. + + @param MsrIndex Index of the MSR to read + @retval 32-bit Value of MSR. + +**/ +UINT32 +EFIAPI +ReadMsrReg32 ( + IN UINT32 MsrIndex + ) +{ + UINT64 Val; + UINT64 Status; + if (!AccessMsrNative (MsrIndex) && BaseXApicIsTdxGuest ()) { + Status =3D TdVmCall (TDVMCALL_RDMSR, (UINT64) MsrIndex, 0, 0, 0, &Val); + if (Status !=3D 0) { + TdVmCall (TDVMCALL_HALT, 0, 0, 0, 0, 0); + } + } else { + Val =3D AsmReadMsr32 (MsrIndex); + } + return (UINT32)(UINTN) Val; +} + +/** + Write to MSR. + + @param MsrIndex Index of the MSR to write to + @param Val Value to be written to the MSR + +**/ +VOID +EFIAPI +WriteMsrReg32 ( + IN UINT32 MsrIndex, + IN UINT32 Val + ) +{ + UINT64 Status; + if (!AccessMsrNative (MsrIndex) && BaseXApicIsTdxGuest ()) { + Status =3D TdVmCall (TDVMCALL_WRMSR, (UINT64) MsrIndex, (UINT64) Val, = 0, 0, 0); + if (Status !=3D 0) { + DEBUG((DEBUG_ERROR, "WriteMsrReg32 returned failure. Status=3D0x%llx= \n", Status)); + TdVmCall (TDVMCALL_HALT, 0, 0, 0, 0, 0); + } + } else { + AsmWriteMsr32 (MsrIndex, Val); + } +} + /** Determine if the CPU supports the Local APIC Base Address MSR. =20 @@ -77,7 +293,7 @@ GetLocalApicBaseAddress ( return PcdGet32 (PcdCpuLocalApicBaseAddress); } =20 - ApicBaseMsr.Uint64 =3D AsmReadMsr64 (MSR_IA32_APIC_BASE); + ApicBaseMsr.Uint64 =3D ReadMsrReg64 (MSR_IA32_APIC_BASE); =20 return (UINTN)(LShiftU64 ((UINT64) ApicBaseMsr.Bits.ApicBaseHi, 32)) + (((UINTN)ApicBaseMsr.Bits.ApicBase) << 12); @@ -108,12 +324,12 @@ SetLocalApicBaseAddress ( return; } =20 - ApicBaseMsr.Uint64 =3D AsmReadMsr64 (MSR_IA32_APIC_BASE); + ApicBaseMsr.Uint64 =3D ReadMsrReg64 (MSR_IA32_APIC_BASE); =20 ApicBaseMsr.Bits.ApicBase =3D (UINT32) (BaseAddress >> 12); ApicBaseMsr.Bits.ApicBaseHi =3D (UINT32) (RShiftU64((UINT64) BaseAddress= , 32)); =20 - AsmWriteMsr64 (MSR_IA32_APIC_BASE, ApicBaseMsr.Uint64); + WriteMsrReg64 (MSR_IA32_APIC_BASE, ApicBaseMsr.Uint64); } =20 /** @@ -153,7 +369,7 @@ ReadLocalApicReg ( ASSERT (MmioOffset !=3D XAPIC_ICR_HIGH_OFFSET); =20 MsrIndex =3D (UINT32)(MmioOffset >> 4) + X2APIC_MSR_BASE_ADDRESS; - return AsmReadMsr32 (MsrIndex); + return ReadMsrReg32 (MsrIndex); } } =20 @@ -202,7 +418,7 @@ WriteLocalApicReg ( // Use memory fence here to force the serializing semantics to be cons= isent with xAPIC mode. // MemoryFence (); - AsmWriteMsr32 (MsrIndex, Value); + WriteMsrReg32 (MsrIndex, Value); } } =20 @@ -309,7 +525,7 @@ GetApicMode ( return LOCAL_APIC_MODE_XAPIC; } =20 - ApicBaseMsr.Uint64 =3D AsmReadMsr64 (MSR_IA32_APIC_BASE); + ApicBaseMsr.Uint64 =3D ReadMsrReg64 (MSR_IA32_APIC_BASE); // // Local APIC should have been enabled // @@ -350,13 +566,14 @@ SetApicMode ( =20 CurrentMode =3D GetApicMode (); if (CurrentMode =3D=3D LOCAL_APIC_MODE_XAPIC) { + switch (ApicMode) { case LOCAL_APIC_MODE_XAPIC: break; case LOCAL_APIC_MODE_X2APIC: - ApicBaseMsr.Uint64 =3D AsmReadMsr64 (MSR_IA32_APIC_BASE); + ApicBaseMsr.Uint64 =3D ReadMsrReg64 (MSR_IA32_APIC_BASE); ApicBaseMsr.Bits.EXTD =3D 1; - AsmWriteMsr64 (MSR_IA32_APIC_BASE, ApicBaseMsr.Uint64); + WriteMsrReg64 (MSR_IA32_APIC_BASE, ApicBaseMsr.Uint64); break; default: ASSERT (FALSE); diff --git a/UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf b= /UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf index 1e2a4f8b790f..1276f6ec06d6 100644 --- a/UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf +++ b/UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf @@ -39,6 +39,7 @@ IoLib PcdLib UefiCpuLib + TdxLib =20 [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdCpuInitIpiDelayInMicroSeconds ## SOMETIMES= _CONSUMES diff --git a/UefiCpuPkg/UefiCpuPkg.dsc b/UefiCpuPkg/UefiCpuPkg.dsc index 870b45284087..e5e6bf77c8e2 100644 --- a/UefiCpuPkg/UefiCpuPkg.dsc +++ b/UefiCpuPkg/UefiCpuPkg.dsc @@ -61,6 +61,7 @@ TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf MicrocodeLib|UefiCpuPkg/Library/MicrocodeLib/MicrocodeLib.inf + TdxLib|MdePkg/Library/TdxLib/TdxLib.inf =20 [LibraryClasses.common.SEC] PlatformSecLib|UefiCpuPkg/Library/PlatformSecLibNull/PlatformSecLibNull.= inf --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#81479): https://edk2.groups.io/g/devel/message/81479 Mute This Topic: https://groups.io/mt/86085736/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-