From nobody Mon Feb  9 23:16:14 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+86809+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+86809+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1645324432; cv=none;
	d=zohomail.com; s=zohoarc;
	b=XCP8CsuZ5+WomheUOfuOABsRBtBg1/tRRZuvYAw62OVgP+tbbSNCFxs5Lh5jv+DbNf4u+6POu6rMfMACf1D3rRlM/iSb82KGrrEHkH9TM3jYDm8WlFPWRnfoAvs5yps6KfitpUryAYMnEXdRMjbVYnHopWzfmhErK5CkEznzGhs=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1645324432;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=4XLY/A/chlQAAOnknXlSf+grnKecaL2GPsB8ysXKWhc=;
	b=fxJURToirM05Og0m40DGVqZLBmIPgC5y63icfzExnuU+wknIBV4y3j9LxnrquuysKlQT6PfMzqRzcFkIGkDJgBgRODHYupMM8ihKMoMsPTvkX9lqLvP6iQbod22p80pygmJERKajxgHu5BhXUuVGmAN/DAG0SilQlTFpa+BBLcY=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+86809+1787277+3901457@groups.io;
	dmarc=fail header.from=<min.m.xu@intel.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1645324432618405.3405037044922;
 Sat, 19 Feb 2022 18:33:52 -0800 (PST)
Return-Path: <bounce+27952+86809+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id xsfWYY1788612x5xDLNvuuFv;
 Sat, 19 Feb 2022 18:33:52 -0800
X-Received: from mga17.intel.com (mga17.intel.com [192.55.52.151])
 by mx.groups.io with SMTP id smtpd.web09.17717.1645324415382497262
 for <devel@edk2.groups.io>;
 Sat, 19 Feb 2022 18:33:51 -0800
X-IronPort-AV: E=McAfee;i="6200,9189,10263"; a="231961745"
X-IronPort-AV: E=Sophos;i="5.88,382,1635231600";
   d="scan'208";a="231961745"
X-Received: from orsmga005.jf.intel.com ([10.7.209.41])
  by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 19 Feb 2022 18:33:50 -0800
X-IronPort-AV: E=Sophos;i="5.88,382,1635231600";
   d="scan'208";a="705818751"
X-Received: from wangz1-mobl.ccr.corp.intel.com (HELO
 mxu9-mobl1.ccr.corp.intel.com) ([10.255.31.171])
  by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 19 Feb 2022 18:33:47 -0800
From: "Min Xu" <min.m.xu@intel.com>
To: devel@edk2.groups.io
Cc: Min Xu <min.m.xu@intel.com>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	Brijesh Singh <brijesh.singh@amd.com>,
	Erdem Aktas <erdemaktas@google.com>,
	James Bottomley <jejb@linux.ibm.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Gerd Hoffmann <kraxel@redhat.com>
Subject: [edk2-devel] [PATCH V3 6/8] OvmfPkg: Update TdxDxe to set TDX PCDs
Date: Sun, 20 Feb 2022 10:33:17 +0800
Message-Id: <20220220023319.1495-7-min.m.xu@intel.com>
In-Reply-To: <20220220023319.1495-1-min.m.xu@intel.com>
References: <20220220023319.1495-1-min.m.xu@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,min.m.xu@intel.com
X-Gm-Message-State: mhAytjBJg8QhHn6QYmJKamX9x1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1645324432;
 bh=eA+SIHD8EaCWslIdO9pEHDxrYQE1Nhwk+lM59+DBx3E=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=oJjQemQ3PokBqxj1z6njcmDxENq42o84g8HzJ30taVmccLepDl5nioxOJAmLxcD/mxZ
 pI/KLwWh8v+mivJBvbChGIjy1aqa1cfVKa+0zy+o+dM9ixDZHPt4F6Gd2WmQPDi1kifXa
 t/+uRBmsJeK9fEnhu6+5XTKj6oLCCJI41zY=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1645324434354100001
Content-Type: text/plain; charset="utf-8"

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429

TDX_PEI_LESS_BOOT indicates the boot without PEI phase. In this case
settings in EFI_HOB_PLATFORM_INFO should be set to its according PCDs.
TdxDxe driver is workable for both Legacy guest and Tdx guest. It is
because for Legacy guest (in PEI-less boot) there should be a place
to set the PCDs based on EFI_HOB_PLATFORM_INFO hob. TdxDxe driver is
the right place to do this work.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
---
 OvmfPkg/TdxDxe/TdxDxe.c   | 71 +++++++++++++++++++++++++++++++++++++--
 OvmfPkg/TdxDxe/TdxDxe.inf |  5 +++
 2 files changed, 74 insertions(+), 2 deletions(-)

diff --git a/OvmfPkg/TdxDxe/TdxDxe.c b/OvmfPkg/TdxDxe/TdxDxe.c
index 8f484a36fda9..a5f0c0c49d3e 100644
--- a/OvmfPkg/TdxDxe/TdxDxe.c
+++ b/OvmfPkg/TdxDxe/TdxDxe.c
@@ -24,12 +24,70 @@
 #include <Library/HobLib.h>
 #include <Protocol/Cpu.h>
 #include <Library/UefiBootServicesTableLib.h>
+#include <ConfidentialComputingGuestAttr.h>
 #include <IndustryStandard/Tdx.h>
 #include <Library/PlatformInitLib.h>
 #include <Library/TdxLib.h>
 #include <TdxAcpiTable.h>
 #include <Library/MemEncryptTdxLib.h>
=20
+VOID
+SetPcdSettings (
+  EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
+  )
+{
+  RETURN_STATUS  PcdStatus;
+
+  PcdStatus =3D PcdSet16S (PcdOvmfHostBridgePciDevId, PlatformInfoHob->Hos=
tBridgePciDevId);
+  ASSERT_RETURN_ERROR (PcdStatus);
+  PcdStatus =3D PcdSet64S (PcdConfidentialComputingGuestAttr, PlatformInfo=
Hob->PcdConfidentialComputingGuestAttr);
+  ASSERT_RETURN_ERROR (PcdStatus);
+  PcdStatus =3D PcdSetBoolS (PcdSetNxForStack, PlatformInfoHob->PcdSetNxFo=
rStack);
+  ASSERT_RETURN_ERROR (PcdStatus);
+  PcdStatus =3D PcdSetBoolS (PcdIa32EferChangeAllowed, PlatformInfoHob->Pc=
dIa32EferChangeAllowed);
+  ASSERT_RETURN_ERROR (PcdStatus);
+
+  DEBUG ((
+    DEBUG_INFO,
+    "HostBridgeDevId=3D0x%x, CCAttr=3D0x%x, SetNxForStack=3D%x, Ia32EferCh=
angeAllowed=3D%x\n",
+    PlatformInfoHob->HostBridgePciDevId,
+    PlatformInfoHob->PcdConfidentialComputingGuestAttr,
+    PlatformInfoHob->PcdSetNxForStack,
+    PlatformInfoHob->PcdIa32EferChangeAllowed
+    ));
+
+  PcdStatus =3D PcdSet32S (PcdCpuBootLogicalProcessorNumber, PlatformInfoH=
ob->PcdCpuBootLogicalProcessorNumber);
+  ASSERT_RETURN_ERROR (PcdStatus);
+  PcdStatus =3D PcdSet32S (PcdCpuMaxLogicalProcessorNumber, PlatformInfoHo=
b->PcdCpuMaxLogicalProcessorNumber);
+
+  ASSERT_RETURN_ERROR (PcdStatus);
+  DEBUG ((
+    DEBUG_INFO,
+    "MaxCpuCount=3D0x%x, BootCpuCount=3D0x%x\n",
+    PlatformInfoHob->PcdCpuMaxLogicalProcessorNumber,
+    PlatformInfoHob->PcdCpuBootLogicalProcessorNumber
+    ));
+
+  if (TdIsEnabled ()) {
+    PcdStatus =3D PcdSet64S (PcdTdxSharedBitMask, TdSharedPageMask ());
+    ASSERT_RETURN_ERROR (PcdStatus);
+    DEBUG ((DEBUG_INFO, "TdxSharedBitMask=3D0x%llx\n", PcdGet64 (PcdTdxSha=
redBitMask)));
+  } else {
+    PcdStatus =3D PcdSet64S (PcdPciMmio64Base, PlatformInfoHob->PcdPciMmio=
64Base);
+    ASSERT_RETURN_ERROR (PcdStatus);
+    PcdStatus =3D PcdSet64S (PcdPciMmio64Size, PlatformInfoHob->PcdPciMmio=
64Size);
+    ASSERT_RETURN_ERROR (PcdStatus);
+    PcdStatus =3D PcdSet64S (PcdPciMmio32Base, PlatformInfoHob->PcdPciMmio=
32Base);
+    ASSERT_RETURN_ERROR (PcdStatus);
+    PcdStatus =3D PcdSet64S (PcdPciMmio32Size, PlatformInfoHob->PcdPciMmio=
32Size);
+    ASSERT_RETURN_ERROR (PcdStatus);
+    PcdStatus =3D PcdSet64S (PcdPciIoBase, PlatformInfoHob->PcdPciIoBase);
+    ASSERT_RETURN_ERROR (PcdStatus);
+    PcdStatus =3D PcdSet64S (PcdPciIoSize, PlatformInfoHob->PcdPciIoSize);
+    ASSERT_RETURN_ERROR (PcdStatus);
+  }
+}
+
 /**
   Location of resource hob matching type and starting address
=20
@@ -179,10 +237,19 @@ TdxDxeEntryPoint (
     return EFI_UNSUPPORTED;
   }
=20
-  SetMmioSharedBit ();
-
   PlatformInfo =3D (EFI_HOB_PLATFORM_INFO *)GET_GUID_HOB_DATA (GuidHob);
=20
+ #ifdef TDX_PEI_LESS_BOOT
+  SetPcdSettings (PlatformInfo);
+
+  if (!TdIsEnabled ()) {
+    return EFI_SUCCESS;
+  }
+
+ #endif
+
+  SetMmioSharedBit ();
+
   //
   // Call TDINFO to get actual number of cpus in domain
   //
diff --git a/OvmfPkg/TdxDxe/TdxDxe.inf b/OvmfPkg/TdxDxe/TdxDxe.inf
index 077769bcf70c..ca51122664fa 100644
--- a/OvmfPkg/TdxDxe/TdxDxe.inf
+++ b/OvmfPkg/TdxDxe/TdxDxe.inf
@@ -60,5 +60,10 @@
   gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio64Size
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId
   gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber
+  gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber
   gUefiCpuPkgTokenSpaceGuid.PcdCpuLocalApicBaseAddress
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFdBaseAddress
+  gEfiMdeModulePkgTokenSpaceGuid.PcdIa32EferChangeAllowed
+  gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
+  gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask
+  gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack
--=20
2.29.2.windows.2



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#86809): https://edk2.groups.io/g/devel/message/86809
Mute This Topic: https://groups.io/mt/89266122/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-