From nobody Mon Feb 9 01:07:07 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+86801+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+86801+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1645271942456878.2673040511429; Sat, 19 Feb 2022 03:59:02 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id GrZ6YY1788612xmeJlmTlywa; Sat, 19 Feb 2022 03:59:03 -0800 X-Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web08.9100.1645271933337984887 for ; Sat, 19 Feb 2022 03:59:02 -0800 X-IronPort-AV: E=McAfee;i="6200,9189,10262"; a="231915654" X-IronPort-AV: E=Sophos;i="5.88,381,1635231600"; d="scan'208";a="231915654" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Feb 2022 03:59:02 -0800 X-IronPort-AV: E=Sophos;i="5.88,381,1635231600"; d="scan'208";a="546691532" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.175.253]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Feb 2022 03:59:00 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Ard Biesheuvel , Jordan Justen , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky , Gerd Hoffmann Subject: [edk2-devel] [PATCH V6 39/42] OvmfPkg: Update IoMmuDxe to support TDX Date: Sat, 19 Feb 2022 19:56:52 +0800 Message-Id: <4c4e475ad6ddea701c87419de12782b97bd1f453.1645261991.git.min.m.xu@intel.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: dYwTlVXamDyjfng99miR3Zp2x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1645271943; bh=ES4wwAMXcl3Q8gCnixpdXzYW+DlUmXuSRPs9dkwAatM=; h=Cc:Date:From:Reply-To:Subject:To; b=sfPDlAt6nEllERswL6KEyhh80oLcyDgYHBM+V58AL8IZZwP9XTpi8z8fJSziBTqgE5U a5VxoPphfIl5Y85/JWODnAEtOHJTVy3TXCeqeeA7n/nExOG1l+QAuvledbWF50GpnLceG mfuqcEV5t1y+EKwfx/zTZNE36Ddsb+sZWy0= X-ZohoMail-DKIM: fail (Signature date is -1 seconds in the future.) X-ZM-MESSAGEID: 1645271944361100047 Content-Type: text/plain; charset="utf-8" RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 The IOMMU protocol driver provides capabilities to set a DMA access attribute and methods to allocate, free, map and unmap the DMA memory for the PCI Bus devices. The current IoMmuDxe driver supports DMA operations inside SEV guest. To support DMA operation in TDX guest, CC_GUEST_IS_XXX (PcdConfidentialComputingGuestAttr) is used to determine if it is SEV guest or TDX guest. Due to security reasons all DMA operations inside the SEV/TDX guest must be performed on shared pages. The IOMMU protocol driver for the SEV/TDX guest uses a bounce buffer to map guest DMA buffer to shared pages in order to provide the support for DMA operations inside SEV/TDX guest. The call of SEV or TDX specific function to set/clear EncMask/SharedBit is determined by CC_GUEST_IS_XXX (PcdConfidentialComputingGuestAttr). Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Gerd Hoffmann Acked-by: Gerd Hoffmann Signed-off-by: Min Xu --- OvmfPkg/AmdSev/AmdSevX64.dsc | 1 + OvmfPkg/Bhyve/BhyveX64.dsc | 1 + OvmfPkg/CloudHv/CloudHvX64.dsc | 1 + OvmfPkg/IoMmuDxe/AmdSevIoMmu.c | 103 +++++++++++++++++++++------------ OvmfPkg/IoMmuDxe/AmdSevIoMmu.h | 6 +- OvmfPkg/IoMmuDxe/IoMmuDxe.c | 6 +- OvmfPkg/IoMmuDxe/IoMmuDxe.inf | 5 ++ OvmfPkg/Microvm/MicrovmX64.dsc | 1 + OvmfPkg/OvmfPkgX64.dsc | 2 + OvmfPkg/OvmfXen.dsc | 1 + 10 files changed, 85 insertions(+), 42 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index a3776c1e6269..1136d6cfd7e6 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -174,6 +174,7 @@ CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/Customize= dDisplayLib.inf FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltL= ib.inf BlobVerifierLib|OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierLibS= evHashes.inf + MemEncryptTdxLib|OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxL= ib.inf =20 !if $(SOURCE_DEBUG_ENABLE) =3D=3D TRUE PeCoffExtraActionLib|SourceLevelDebugPkg/Library/PeCoffExtraActionLibDeb= ug/PeCoffExtraActionLibDebug.inf diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc index e565234fa116..bdac013b6eab 100644 --- a/OvmfPkg/Bhyve/BhyveX64.dsc +++ b/OvmfPkg/Bhyve/BhyveX64.dsc @@ -169,6 +169,7 @@ VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLi= b.inf LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf + MemEncryptTdxLib|OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxL= ib.inf =20 CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/Customize= dDisplayLib.inf FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltL= ib.inf diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc index f43f18b7087a..968c103ce830 100644 --- a/OvmfPkg/CloudHv/CloudHvX64.dsc +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc @@ -184,6 +184,7 @@ !endif CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/Customize= dDisplayLib.inf FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltL= ib.inf + MemEncryptTdxLib|OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxL= ib.inf =20 !if $(SOURCE_DEBUG_ENABLE) =3D=3D TRUE PeCoffExtraActionLib|SourceLevelDebugPkg/Library/PeCoffExtraActionLibDeb= ug/PeCoffExtraActionLibDebug.inf diff --git a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c index 16b5b4eac8bc..6b65897f032a 100644 --- a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c +++ b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c @@ -1,9 +1,9 @@ /** @file =20 The protocol provides support to allocate, free, map and umap a DMA buff= er - for bus master (e.g PciHostBridge). When SEV is enabled, the DMA operati= ons - must be performed on unencrypted buffer hence we use a bounce buffer to = map - the guest buffer into an unencrypted DMA buffer. + for bus master (e.g PciHostBridge). When SEV or TDX is enabled, the DMA + operations must be performed on unencrypted buffer hence we use a bounce + buffer to map the guest buffer into an unencrypted DMA buffer. =20 Copyright (c) 2017, AMD Inc. All rights reserved.
Copyright (c) 2017, Intel Corporation. All rights reserved.
@@ -12,6 +12,8 @@ =20 **/ =20 +#include +#include #include "AmdSevIoMmu.h" =20 #define MAP_INFO_SIG SIGNATURE_64 ('M', 'A', 'P', '_', 'I', 'N', 'F', 'O') @@ -74,7 +76,7 @@ typedef struct { =20 /** Provides the controller-specific addresses required to access system mem= ory - from a DMA bus master. On SEV guest, the DMA operations must be performe= d on + from a DMA bus master. On SEV/TDX guest, the DMA operations must be perf= ormed on shared buffer hence we allocate a bounce buffer to map the HostAddress t= o a DeviceAddress. The Encryption attribute is removed from the DeviceAddress buffer. @@ -250,14 +252,28 @@ IoMmuMap ( goto FreeMapInfo; } =20 - // - // Clear the memory encryption mask on the plaintext buffer. - // - Status =3D MemEncryptSevClearPageEncMask ( - 0, - MapInfo->PlainTextAddress, - MapInfo->NumberOfPages - ); + if (CC_GUEST_IS_SEV (PcdGet64 (PcdConfidentialComputingGuestAttr))) { + // + // Clear the memory encryption mask on the plaintext buffer. + // + Status =3D MemEncryptSevClearPageEncMask ( + 0, + MapInfo->PlainTextAddress, + MapInfo->NumberOfPages + ); + } else if (CC_GUEST_IS_TDX (PcdGet64 (PcdConfidentialComputingGuestAttr)= )) { + // + // Set the memory shared bit. + // + Status =3D MemEncryptTdxSetPageSharedBit ( + 0, + MapInfo->PlainTextAddress, + MapInfo->NumberOfPages + ); + } else { + ASSERT (FALSE); + } + ASSERT_EFI_ERROR (Status); if (EFI_ERROR (Status)) { CpuDeadLoop (); @@ -358,7 +374,7 @@ IoMmuUnmapWorker ( } =20 MapInfo =3D (MAP_INFO *)Mapping; - + Status =3D EFI_SUCCESS; // // set CommonBufferHeader to suppress incorrect compiler/analyzer warnin= gs // @@ -404,15 +420,30 @@ IoMmuUnmapWorker ( break; } =20 - // - // Restore the memory encryption mask on the area we used to hold the - // plaintext. - // - Status =3D MemEncryptSevSetPageEncMask ( - 0, - MapInfo->PlainTextAddress, - MapInfo->NumberOfPages - ); + if (CC_GUEST_IS_SEV (PcdGet64 (PcdConfidentialComputingGuestAttr))) { + // + // Restore the memory encryption mask on the area we used to hold the + // plaintext. + // + Status =3D MemEncryptSevSetPageEncMask ( + 0, + MapInfo->PlainTextAddress, + MapInfo->NumberOfPages + ); + } else if (CC_GUEST_IS_TDX (PcdGet64 (PcdConfidentialComputingGuestAttr)= )) { + // + // Restore the memory shared bit mask on the area we used to hold the + // plaintext. + // + Status =3D MemEncryptTdxClearPageSharedBit ( + 0, + MapInfo->PlainTextAddress, + MapInfo->NumberOfPages + ); + } else { + ASSERT (FALSE); + } + ASSERT_EFI_ERROR (Status); if (EFI_ERROR (Status)) { CpuDeadLoop (); @@ -739,7 +770,7 @@ IoMmuSetAttribute ( return EFI_UNSUPPORTED; } =20 -EDKII_IOMMU_PROTOCOL mAmdSev =3D { +EDKII_IOMMU_PROTOCOL mIoMmu =3D { EDKII_IOMMU_PROTOCOL_REVISION, IoMmuSetAttribute, IoMmuMap, @@ -771,7 +802,7 @@ EDKII_IOMMU_PROTOCOL mAmdSev =3D { STATIC VOID EFIAPI -AmdSevExitBoot ( +IoMmuExitBoot ( IN EFI_EVENT Event, IN VOID *EventToSignal ) @@ -779,11 +810,11 @@ AmdSevExitBoot ( // // (1) The NotifyFunctions of all the events in // EFI_EVENT_GROUP_EXIT_BOOT_SERVICES will have been queued before - // AmdSevExitBoot() is entered. + // IoMmuExitBoot() is entered. // - // (2) AmdSevExitBoot() is executing minimally at TPL_CALLBACK. + // (2) IoMmuExitBoot() is executing minimally at TPL_CALLBACK. // - // (3) AmdSevExitBoot() has been queued in unspecified order relative to= the + // (3) IoMmuExitBoot() has been queued in unspecified order relative to = the // NotifyFunctions of all the other events in // EFI_EVENT_GROUP_EXIT_BOOT_SERVICES whose NotifyTpl is the same as // Event's. @@ -791,13 +822,13 @@ AmdSevExitBoot ( // Consequences: // // - If Event's NotifyTpl is TPL_CALLBACK, then some other NotifyFunctio= ns - // queued at TPL_CALLBACK may be invoked after AmdSevExitBoot() return= s. + // queued at TPL_CALLBACK may be invoked after IoMmuExitBoot() returns. // // - If Event's NotifyTpl is TPL_NOTIFY, then some other NotifyFunctions - // queued at TPL_NOTIFY may be invoked after AmdSevExitBoot() returns;= plus + // queued at TPL_NOTIFY may be invoked after IoMmuExitBoot() returns; = plus // *all* NotifyFunctions queued at TPL_CALLBACK will be invoked strict= ly // after all NotifyFunctions queued at TPL_NOTIFY, including - // AmdSevExitBoot(), have been invoked. + // IoMmuExitBoot(), have been invoked. // // - By signaling EventToSignal here, whose NotifyTpl is TPL_CALLBACK, we // queue EventToSignal's NotifyFunction after the NotifyFunctions of *= all* @@ -823,7 +854,7 @@ AmdSevExitBoot ( STATIC VOID EFIAPI -AmdSevUnmapAllMappings ( +IoMmuUnmapAllMappings ( IN EFI_EVENT Event, IN VOID *Context ) @@ -842,7 +873,7 @@ AmdSevUnmapAllMappings ( NextNode =3D GetNextNode (&mMapInfos, Node); MapInfo =3D CR (Node, MAP_INFO, Link, MAP_INFO_SIG); IoMmuUnmapWorker ( - &mAmdSev, // This + &mIoMmu, // This MapInfo, // Mapping TRUE // MemoryMapLocked ); @@ -855,7 +886,7 @@ AmdSevUnmapAllMappings ( **/ EFI_STATUS EFIAPI -AmdSevInstallIoMmuProtocol ( +InstallIoMmuProtocol ( VOID ) { @@ -871,7 +902,7 @@ AmdSevInstallIoMmuProtocol ( Status =3D gBS->CreateEvent ( EVT_NOTIFY_SIGNAL, // Type TPL_CALLBACK, // NotifyTpl - AmdSevUnmapAllMappings, // NotifyFunction + IoMmuUnmapAllMappings, // NotifyFunction NULL, // NotifyContext &UnmapAllMappingsEvent // Event ); @@ -886,7 +917,7 @@ AmdSevInstallIoMmuProtocol ( Status =3D gBS->CreateEvent ( EVT_SIGNAL_EXIT_BOOT_SERVICES, // Type TPL_CALLBACK, // NotifyTpl - AmdSevExitBoot, // NotifyFunction + IoMmuExitBoot, // NotifyFunction UnmapAllMappingsEvent, // NotifyContext &ExitBootEvent // Event ); @@ -898,7 +929,7 @@ AmdSevInstallIoMmuProtocol ( Status =3D gBS->InstallMultipleProtocolInterfaces ( &Handle, &gEdkiiIoMmuProtocolGuid, - &mAmdSev, + &mIoMmu, NULL ); if (EFI_ERROR (Status)) { diff --git a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.h b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.h index 8244f28b57fd..8fdfa9968593 100644 --- a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.h +++ b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.h @@ -21,17 +21,17 @@ #include #include #include +#include #include #include =20 /** - Install IOMMU protocol to provide the DMA support for PciHostBridge and - MemEncryptSevLib. + Install IOMMU protocol to provide the DMA support for PciHostBridge. =20 **/ EFI_STATUS EFIAPI -AmdSevInstallIoMmuProtocol ( +InstallIoMmuProtocol ( VOID ); =20 diff --git a/OvmfPkg/IoMmuDxe/IoMmuDxe.c b/OvmfPkg/IoMmuDxe/IoMmuDxe.c index bca8c14c4076..86777dd05c26 100644 --- a/OvmfPkg/IoMmuDxe/IoMmuDxe.c +++ b/OvmfPkg/IoMmuDxe/IoMmuDxe.c @@ -22,11 +22,11 @@ IoMmuDxeEntryPoint ( EFI_HANDLE Handle; =20 // - // When SEV is enabled, install IoMmu protocol otherwise install the + // When SEV or TDX is enabled, install IoMmu protocol otherwise install = the // placeholder protocol so that other dependent module can run. // - if (MemEncryptSevIsEnabled ()) { - Status =3D AmdSevInstallIoMmuProtocol (); + if (MemEncryptSevIsEnabled () || MemEncryptTdxIsEnabled ()) { + Status =3D InstallIoMmuProtocol (); } else { Handle =3D NULL; =20 diff --git a/OvmfPkg/IoMmuDxe/IoMmuDxe.inf b/OvmfPkg/IoMmuDxe/IoMmuDxe.inf index 2ebd74e5558c..e10be1dcff49 100644 --- a/OvmfPkg/IoMmuDxe/IoMmuDxe.inf +++ b/OvmfPkg/IoMmuDxe/IoMmuDxe.inf @@ -26,16 +26,21 @@ MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec OvmfPkg/OvmfPkg.dec +# UefiCpuPkg/UefiCpuPkg.dec =20 [LibraryClasses] BaseLib BaseMemoryLib DebugLib MemEncryptSevLib + MemEncryptTdxLib MemoryAllocationLib UefiBootServicesTableLib UefiDriverEntryPoint =20 +[Pcd] + gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr + [Protocols] gEdkiiIoMmuProtocolGuid ## SOMETIME_PRODUCES gIoMmuAbsentProtocolGuid ## SOMETIME_PRODUCES diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc index ca6bd5f106e2..d406244fcfe1 100644 --- a/OvmfPkg/Microvm/MicrovmX64.dsc +++ b/OvmfPkg/Microvm/MicrovmX64.dsc @@ -181,6 +181,7 @@ LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/Customize= dDisplayLib.inf FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltL= ib.inf + MemEncryptTdxLib|OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxL= ib.inf =20 !if $(SOURCE_DEBUG_ENABLE) =3D=3D TRUE PeCoffExtraActionLib|SourceLevelDebugPkg/Library/PeCoffExtraActionLibDeb= ug/PeCoffExtraActionLibDebug.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 767c324e5eec..ff792c8abca8 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -180,6 +180,8 @@ VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLi= b.inf + MemEncryptTdxLib|OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxL= ib.inf + !if $(SMM_REQUIRE) =3D=3D FALSE LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf !endif diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc index e9aa27200606..20039aed2486 100644 --- a/OvmfPkg/OvmfXen.dsc +++ b/OvmfPkg/OvmfXen.dsc @@ -170,6 +170,7 @@ LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/Customize= dDisplayLib.inf FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltL= ib.inf + MemEncryptTdxLib|OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxL= ib.inf =20 !if $(SOURCE_DEBUG_ENABLE) =3D=3D TRUE PeCoffExtraActionLib|SourceLevelDebugPkg/Library/PeCoffExtraActionLibDeb= ug/PeCoffExtraActionLibDebug.inf --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#86801): https://edk2.groups.io/g/devel/message/86801 Mute This Topic: https://groups.io/mt/89252069/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-