From nobody Mon Feb  9 03:51:51 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+86792+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+86792+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1645271936; cv=none;
	d=zohomail.com; s=zohoarc;
	b=ZE8HE7dtgzqxQDZAEPhTOO3sfxbHJo+cBGIBWkDLOWrAMWdOO0ggTuU2MjhYrW2sVMqLp1KNJw6J9yuMM7mSqU2uOKaFfRYYszdAS/NdWmhpFiExd5Mko8mPyzBFl+zcPFr0pt4Vb2nbbVKrhf0Sqm8e2CWmcQcrMax8orYk8PQ=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1645271936;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=pUXPlCNIoCY7wve1pCODZ6MhZXvSukaam7ag+ej4M58=;
	b=lWn4yoBr/pGzfAO5dRyer4FCp/837Ph2CMADeT1ivqNkv+n0pLbU1p3lpwmtmkLl3RagfsxyEz6FTSF/mgJ/lQXTGNAz7TpiKCa8cD6SJaifCXkuo/F3SDi2OIHebDHoaIZO0z54Vw9h3+dqciOdV0GWDKIZmNuL0CiDd9ECc8g=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+86792+1787277+3901457@groups.io;
	dmarc=fail header.from=<min.m.xu@intel.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1645271936537542.280505865512;
 Sat, 19 Feb 2022 03:58:56 -0800 (PST)
Return-Path: <bounce+27952+86792+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id GSCiYY1788612xmD1u41l4PS;
 Sat, 19 Feb 2022 03:58:56 -0800
X-Received: from mga17.intel.com (mga17.intel.com [192.55.52.151])
 by mx.groups.io with SMTP id smtpd.web08.9101.1645271933665661448
 for <devel@edk2.groups.io>;
 Sat, 19 Feb 2022 03:58:54 -0800
X-IronPort-AV: E=McAfee;i="6200,9189,10262"; a="231915519"
X-IronPort-AV: E=Sophos;i="5.88,381,1635231600";
   d="scan'208";a="231915519"
X-Received: from orsmga008.jf.intel.com ([10.7.209.65])
  by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 19 Feb 2022 03:58:37 -0800
X-IronPort-AV: E=Sophos;i="5.88,381,1635231600";
   d="scan'208";a="546691363"
X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.175.253])
  by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 19 Feb 2022 03:58:34 -0800
From: "Min Xu" <min.m.xu@intel.com>
To: devel@edk2.groups.io
Cc: Min Xu <min.m.xu@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Hao A Wu <hao.a.wu@intel.com>,
	Brijesh Singh <brijesh.singh@amd.com>,
	Erdem Aktas <erdemaktas@google.com>,
	James Bottomley <jejb@linux.ibm.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Gerd Hoffmann <kraxel@redhat.com>
Subject: [edk2-devel] [PATCH V6 30/42] MdeModulePkg: EFER should not be
 changed in TDX
Date: Sat, 19 Feb 2022 19:56:43 +0800
Message-Id: 
 <5c6271685e10141a89272ff03a9406fa53365e90.1645261991.git.min.m.xu@intel.com>
In-Reply-To: <cover.1645261990.git.min.m.xu@intel.com>
References: <cover.1645261990.git.min.m.xu@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,min.m.xu@intel.com
X-Gm-Message-State: hERVZQghCS6hTkgM4g9vJJsUx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1645271936;
 bh=8FF6N7r1Y6ynqx5MXyy1LXhMLCZsLmbSG5cO1FtfezE=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=m6iVAcr4qTFwGKlNwJvZxSDW02hDt3LtDlIvGfHstzweru72nF9N/dBhUUah+8jwzfb
 wrhwo7DsGZJGLopK6y2T0iYWWxRBIZMFljipr8qrKY8nzZogwBiQOMXXBWaEFcz65TN6V
 BIPVnoNBSOcNTEx8pCb34iRLVKzRj3PzGmY=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1645271938317100013
Content-Type: text/plain; charset="utf-8"

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429

In TDX IA32_ERER is RO to host VMM. It could not be changed.
PcdIa32EferChangeAllowed is added in MdeModulePkg.dec and it is
to be set to FALSE in Tdx guest.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf          | 1 +
 MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 7 +++++++
 MdeModulePkg/MdeModulePkg.dec                    | 5 +++++
 3 files changed, 13 insertions(+)

diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core/Dx=
eIplPeim/DxeIpl.inf
index 19b8a4c8aefa..106b679b6bd0 100644
--- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
+++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
@@ -117,6 +117,7 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdUse5LevelPageTable                  ##=
 SOMETIMES_CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase                            ##=
 CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize                            ##=
 CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdIa32EferChangeAllowed               ##=
 CONSUMES
=20
 [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
   gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack               ## SOMETIM=
ES_CONSUMES
diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c b/MdeModulePk=
g/Core/DxeIplPeim/X64/VirtualMemory.c
index 0700f310b203..5c647c74e773 100644
--- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
+++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
@@ -159,6 +159,13 @@ IsEnableNonExecNeeded (
     return FALSE;
   }
=20
+  //
+  // Intel TDX sets this flag to FALSE.
+  //
+  if (!PcdGetBool (PcdIa32EferChangeAllowed)) {
+    return FALSE;
+  }
+
   //
   // XD flag (BIT63) in page table entry is only valid if IA32_EFER.NXE is=
 set.
   // Features controlled by Following PCDs need this feature to be enabled.
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 463e889e9a68..453f2a74b11d 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -2138,6 +2138,11 @@
   # @Prompt GHCB Pool Size
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0|UINT64|0x00030008
=20
+  ## This dynamic PCD indicates if IA32_EFER can be changed. The default v=
alue is TRUE but in
+  #  Intel TDX change of IA32_EFER is not allowed.
+  # @Prompt The flag which indicates if IA32_EFER is allowed to be changed.
+  gEfiMdeModulePkgTokenSpaceGuid.PcdIa32EferChangeAllowed|TRUE|BOOLEAN|0x0=
0030009
+
 [PcdsDynamicEx]
   ## This dynamic PCD enables the default variable setting.
   #  Its value is the default store ID value. The default value is zero as=
 Standard default.
--=20
2.29.2.windows.2



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#86792): https://edk2.groups.io/g/devel/message/86792
Mute This Topic: https://groups.io/mt/89252060/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-