From nobody Fri May 3 12:49:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77676+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77676+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1626052816; cv=none; d=zohomail.com; s=zohoarc; b=ONSRJGWnMCVq7+20hoJfsq/uud0jSGvkLSg/OMA93On1d38Yn/ycEpR6u6OA7dptnoOE7eH4mBEeUBPL8vzd1k5ArwgJ1s5emWp6CMhAR1dpBqGa9n3p5dCemg+uEtbjIZuBfqI+NcL2706mU/XXXGchxGp1ScPVlkoV3ESaDiU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1626052816; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=dxGuRpDELUK4hDmnfqlsHNdDRnyq4Hd7Ml0BrBtHhb0=; b=YNlmdkXlI9g15zfiIS/jwtTs+/FQ8BdlP+1oCQiy9EL50gdrwNbpm8QekqpkBJNoDIUJrDy3pSSCQcZkFaEiK8o0Zn1m3m9H8ujrZMd+R/jubvivb7Iinv9/9iBzJ/9T/OicGtdKblpKp4bz2Jk5+BzZn7+67/+bTovvrDOQ+m4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77676+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1626052816227126.36474941147765; Sun, 11 Jul 2021 18:20:16 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id RWc3YY1788612xn7MwjOYt5K; Sun, 11 Jul 2021 18:20:15 -0700 X-Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web12.5424.1626052808517988836 for ; Sun, 11 Jul 2021 18:20:10 -0700 X-IronPort-AV: E=McAfee;i="6200,9189,10042"; a="209726386" X-IronPort-AV: E=Sophos;i="5.84,232,1620716400"; d="scan'208";a="209726386" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Jul 2021 18:20:10 -0700 X-IronPort-AV: E=Sophos;i="5.84,232,1620716400"; d="scan'208";a="459018126" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.238.4.4]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Jul 2021 18:20:07 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Laszlo Ersek , Tom Lendacky Subject: [edk2-devel] [PATCH 1/6] OvmfPkg: Add Tdx BFV/CFV PCDs and PcdOvmfImageSizeInKb Date: Mon, 12 Jul 2021 09:19:37 +0800 Message-Id: <343d4ef0b1e4c8547ae8eb0ea511b0d623e11000.1626050798.git.min.m.xu@intel.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: D7gJ4EMqjhWQNuj9w3gCWSHax1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1626052815; bh=LijSvizl27XAPP6hr3EBTrpwPY/Jz03KEbrAl5w2rUU=; h=Cc:Date:From:Reply-To:Subject:To; b=Knhm2LYPriypSbouOcEuzQRZvSVop/8zxYOLJWdVnY51Nlk/oDvddjFUdYoXbE+yX0X RBt0WXWuZX9djiwoPdqyl9SZkbzcKVgk4Cngi08l3c6N1kGUd+Fx6IYhKw83PDiihkbVc cQp0mufCz4FphLawueA+7R9nC5/iqEC/yKI= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1626052818272100005 Content-Type: text/plain; charset="utf-8" RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 Tdx Virtual Firmware (TDVF) includes one Firmware Volume (FV) known as the Boot Firmware Volume (BFV). The FV format is defined in the UEFI Platform Initialization (PI) spec. BFV includes all TDVF components required during boot. TDVF also include a configuration firmware volume (CFV) that is separated from the BFV. The reason is because the CFV is measured in RTMR, while the BFV is measured in MRTD. In practice BFV is the code part of Ovmf image. CFV is the vars part of Ovmf image (exclude the SPARE part). PcdOvmfImageSizeInKb is added which is used to calculate the offset of TdxMetadata in ResetVectorVtf0.asm. Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Laszlo Ersek Cc: Tom Lendacky Signed-off-by: Min Xu --- OvmfPkg/OvmfPkg.dec | 13 +++++++++++++ OvmfPkg/OvmfPkgDefines.fdf.inc | 12 +++++++++++- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 6ae733f6e39f..6d9bb91e9274 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -321,6 +321,19 @@ gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|0x0|UINT32|0x42 gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize|0x0|UINT32|0x43 =20 + ## The base address and size of the TDX Cfv base and size. + gUefiOvmfPkgTokenSpaceGuid.PcdCfvBase|0|UINT32|0x47 + gUefiOvmfPkgTokenSpaceGuid.PcdCfvRawDataOffset|0|UINT32|0x48 + gUefiOvmfPkgTokenSpaceGuid.PcdCfvRawDataSize|0|UINT32|0x49 + + ## The base address and size of the TDX Bfv base and size. + gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase|0|UINT32|0x4a + gUefiOvmfPkgTokenSpaceGuid.PcdBfvRawDataOffset|0|UINT32|0x4b + gUefiOvmfPkgTokenSpaceGuid.PcdBfvRawDataSize|0|UINT32|0x4c + + ## Size of the Ovmf image in KB + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfImageSizeInKb|0|UINT32|0x4d + [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10 diff --git a/OvmfPkg/OvmfPkgDefines.fdf.inc b/OvmfPkg/OvmfPkgDefines.fdf.inc index 35fd454b97ab..401e491e4cbe 100644 --- a/OvmfPkg/OvmfPkgDefines.fdf.inc +++ b/OvmfPkg/OvmfPkgDefines.fdf.inc @@ -2,13 +2,14 @@ # FDF include file that defines the main macros and sets the dependent PC= Ds. # # Copyright (C) 2014, Red Hat, Inc. -# Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.
+# Copyright (c) 2006 - 2021, Intel Corporation. All rights reserved.
# # SPDX-License-Identifier: BSD-2-Clause-Patent # ## =20 DEFINE BLOCK_SIZE =3D 0x1000 +DEFINE VARS_OFFSET =3D 0 =20 # # A firmware binary built with FD_SIZE_IN_KB=3D1024, and a firmware binary= built @@ -66,6 +67,7 @@ DEFINE SECFV_OFFSET =3D 0x003CC000 DEFINE SECFV_SIZE =3D 0x34000 !endif =20 +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfImageSizeInKb =3D $(FD_SIZE_IN_K= B) SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFdBaseAddress =3D $(FW_BASE_ADDR= ESS) SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFirmwareFdSize =3D $(FW_SIZE) SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFirmwareBlockSize =3D $(BLOCK_SIZE) @@ -82,6 +84,14 @@ SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwW= orkingSize =3D $(BLOCK_SIZ SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwSpareBase =3D gUefi= OvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwWorkingBase + gEfiMdeModulePk= gTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize =3D $(VAR= S_SPARE_SIZE) =20 +SET gUefiOvmfPkgTokenSpaceGuid.PcdCfvBase =3D $(FW_BASE_ADDRESS) +SET gUefiOvmfPkgTokenSpaceGuid.PcdCfvRawDataOffset =3D $(VARS_OFFSET) +SET gUefiOvmfPkgTokenSpaceGuid.PcdCfvRawDataSize =3D $(VARS_LIVE_SIZE) + +SET gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase =3D $(CODE_BASE_ADDRES= S) +SET gUefiOvmfPkgTokenSpaceGuid.PcdBfvRawDataOffset =3D $(VARS_SIZE) +SET gUefiOvmfPkgTokenSpaceGuid.PcdBfvRawDataSize =3D $(CODE_SIZE) + !if $(SMM_REQUIRE) =3D=3D TRUE SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64 =3D gUe= fiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase =3D gUe= fiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwWorkingBase --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77676): https://edk2.groups.io/g/devel/message/77676 Mute This Topic: https://groups.io/mt/84144137/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri May 3 12:49:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77677+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77677+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1626052818; cv=none; d=zohomail.com; s=zohoarc; b=h3135+vlCluVNTjs5T0cLYeE5pElUHygxCS/mtnh8mO4Mimm2Nrls9LCCkF5OjrcFlVX7sRSUOAuCy+F96H3iADivDFsUBNTxCqJfqOTYfq/ALu63+QyLOYkn/eOnxTgGscn9VJT6w6tbDjj662ZaILu/nK4sI3OkuTVHv+9XrE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1626052818; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=ar2zPcYnijxgZPk0nm2vnzO+z763ETx5reqMeAwds/0=; b=lFEZ5d6welGjrp2Y+zVJgLTtzD12eF2Qni+/Ijo+JCmE6HCHWn6R9O3OKmDXU8JzVSKLoJFMmmECzoN8LH5uczyw+RvEM6JIJ7hu5sphtAkxMOwwm/cZj5AeNiPYv3Z/SuSIkWsx/7jy6zYh959RgoJUzCuA/gWLxBcSkbZ12g8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77677+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1626052818555989.3878894396345; Sun, 11 Jul 2021 18:20:18 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id jGRoYY1788612xaiUhuGeesL; Sun, 11 Jul 2021 18:20:18 -0700 X-Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web12.5424.1626052808517988836 for ; Sun, 11 Jul 2021 18:20:12 -0700 X-IronPort-AV: E=McAfee;i="6200,9189,10042"; a="209726390" X-IronPort-AV: E=Sophos;i="5.84,232,1620716400"; d="scan'208";a="209726390" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Jul 2021 18:20:12 -0700 X-IronPort-AV: E=Sophos;i="5.84,232,1620716400"; d="scan'208";a="459018142" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.238.4.4]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Jul 2021 18:20:10 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Laszlo Ersek , Tom Lendacky Subject: [edk2-devel] [PATCH 2/6] OvmfPkg: Add Tdx metadata Date: Mon, 12 Jul 2021 09:19:38 +0800 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: RjFsAo604xt7Ixvx4NOEzWiLx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1626052818; bh=SUJL9HkID3BnpQhdiReTJX6zXhXjHfvERK42R2bqaGQ=; h=Cc:Date:From:Reply-To:Subject:To; b=ECO3OTst9aBOXXPDklSS8UpUhaPe75yrxNKFUep9UCev1/UT3uvQm1dV9NjoYgy+vRv i876AlkjTCLuYD0/3bJskZdpQcOUCw+80kIu66mu4SCM1OVN96bILwKzwajMjvOY9M3mc 6gzHVjeo4s/4az2KYD5hMrIasby0NbhA9og= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1626052820399100012 Content-Type: text/plain; charset="utf-8" RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 Tdx Metadata describes the information about the image for VMM use. For example, the base address and length of the TdHob, TdMailbox, etc. Its offset is put in a GUID-ed structure which is appended in the GUID-ed chain from a fixed GPA (0xffffffd0). Below are the items in TdxMetadata: _Bfv: Boot Firmware Volume _Cfv: Configuration Firmware Volume _Stack: Initial stack _Heap: Initial heap _MailBox: TDVF reserves the memory region so each AP can receive the message sent by the guest OS. _TdHob: VMM pass the resource information in TdHob to TDVF. _TdxPageTable: If 5-level page table is supported (GPAW is 52), a top level page directory pointers (1 * 256TB entry) is generated in this page. _OvmfPageTable: Initial page table for standard Ovmf. TDVF indicate above chunk of temporary initialized memory region (_Stack/ _Heap/_MailBox/_TdHob/_TdxPageTables/OvmfPageTable) to support TDVF code finishing the memory initialization. Because the other unaccepted memory cannot be accessed until they're accepted. Since AMD SEV has already defined some SEV specific memory region in MEMFD. SEV and TDX will not run at the same time. So TDX re-use the memory region defined by SEV. - MailBox : PcdOvmfSecGhcbBackupBase|PcdOvmfSecGhcbBackupSize - TdHob : PcdOvmfSecGhcbBase|PcdOvmfSecGhcbSize - TdxPageTable : PcdOvmfSecGhcbPageTableBase|PcdOvmfSecGhcbPageTableSize Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Laszlo Ersek Cc: Tom Lendacky Signed-off-by: Min Xu --- OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 17 ++++ OvmfPkg/ResetVector/ResetVector.inf | 11 ++- OvmfPkg/ResetVector/ResetVector.nasmb | 47 +++++++++- OvmfPkg/ResetVector/X64/TdxMetadata.asm | 97 ++++++++++++++++++++ 4 files changed, 169 insertions(+), 3 deletions(-) create mode 100644 OvmfPkg/ResetVector/X64/TdxMetadata.asm diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm b/OvmfPkg/ResetVe= ctor/Ia16/ResetVectorVtf0.asm index 9c0b5853a46f..ac86ce69ebe8 100644 --- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm +++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm @@ -47,6 +47,23 @@ TIMES (15 - ((guidedStructureEnd - guidedStructureStart = + 15) % 16)) DB 0 ; guidedStructureStart: =20 +%ifdef ARCH_X64 +; +; TDX Metadata offset block +; +; If TdxMetadata.asm is included then we need below block which describes +; the offset of TdxMetadata block in Ovmf image +; +; GUID : e47a6535-984a-4798-865e-4685a7bf8ec2 +; +tdxMetadataOffsetStart: + DD (OVMF_IMAGE_SIZE_IN_KB * 1024 - (fourGigabytes - TdxMetadataGu= id - 16)) + DD tdxMetadataOffsetEnd - tdxMetadataOffsetStart + DB 0x35, 0x65, 0x7a, 0xe4, 0x4a, 0x98, 0x98, 0x47 + DB 0x86, 0x5e, 0x46, 0x85, 0xa7, 0xbf, 0x8e, 0xc2 +tdxMetadataOffsetEnd: + +%endif ; ; SEV Secret block ; diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/Rese= tVector.inf index dc38f68919cd..fd65c0c9621d 100644 --- a/OvmfPkg/ResetVector/ResetVector.inf +++ b/OvmfPkg/ResetVector/ResetVector.inf @@ -1,7 +1,7 @@ ## @file # Reset Vector # -# Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.
+# Copyright (c) 2006 - 2021, Intel Corporation. All rights reserved.
# # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -43,6 +43,15 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfImageSizeInKb + gUefiOvmfPkgTokenSpaceGuid.PcdCfvBase + gUefiOvmfPkgTokenSpaceGuid.PcdCfvRawDataOffset + gUefiOvmfPkgTokenSpaceGuid.PcdCfvRawDataSize + gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase + gUefiOvmfPkgTokenSpaceGuid.PcdBfvRawDataOffset + gUefiOvmfPkgTokenSpaceGuid.PcdBfvRawDataSize =20 [FixedPcd] gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re= setVector.nasmb index 5fbacaed5f9d..b653fe87abd6 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -4,6 +4,7 @@ ; ; Copyright (c) 2008 - 2013, Intel Corporation. All rights reserved.
; Copyright (c) 2020, Advanced Micro Devices, Inc. All rights reserved.
+; Copyright (c) 2021, Intel Corporation. All rights reserved.
; SPDX-License-Identifier: BSD-2-Clause-Patent ; ;-------------------------------------------------------------------------= ----- @@ -67,6 +68,44 @@ %error "This implementation inherently depends on PcdOvmfSecGhcbBase n= ot straddling a 2MB boundary" %endif =20 + ; + ; TDX meta data + ; + %define TDX_METADATA_SECTION_TYPE_BFV 0 + %define TDX_METADATA_SECTION_TYPE_CFV 1 + %define TDX_METADATA_SECTION_TYPE_TD_HOB 2 + %define TDX_METADATA_SECTION_TYPE_TEMP_MEM 3 + %define TDX_METADATA_VERSION 1 + %define TDX_METADATA_ATTRIBUTES_EXTENDMR 0x00000001 + + %define TDX_BFV_RAW_DATA_OFFSET FixedPcdGet32 (PcdBfvRawDataOffset) + %define TDX_BFV_RAW_DATA_SIZE FixedPcdGet32 (PcdBfvRawDataSize) + %define TDX_BFV_MEMORY_BASE FixedPcdGet32 (PcdBfvBase) + %define TDX_BFV_MEMORY_SIZE FixedPcdGet32 (PcdBfvRawDataSize) + + %define TDX_CFV_RAW_DATA_OFFSET FixedPcdGet32 (PcdCfvRawDataOffset) + %define TDX_CFV_RAW_DATA_SIZE FixedPcdGet32 (PcdCfvRawDataSize) + %define TDX_CFV_MEMORY_BASE FixedPcdGet32 (PcdCfvBase), + %define TDX_CFV_MEMORY_SIZE FixedPcdGet32 (PcdCfvRawDataSize), + + %define TDX_HEAP_MEMORY_BASE FixedPcdGet32 (PcdOvmfSecPeiTempRamBas= e) + %define TDX_HEAP_MEMORY_SIZE FixedPcdGet32 (PcdOvmfSecPeiTempRamSiz= e) / 2 + + %define TDX_STACK_MEMORY_BASE (TDX_HEAP_MEMORY_BASE + TDX_HEAP_MEMOR= Y_SIZE) + %define TDX_STACK_MEMORY_SIZE FixedPcdGet32 (PcdOvmfSecPeiTempRamSiz= e) / 2 + + %define TDX_HOB_MEMORY_BASE FixedPcdGet32 (PcdOvmfSecGhcbBase) + %define TDX_HOB_MEMORY_SIZE FixedPcdGet32 (PcdOvmfSecGhcbSize) + + %define TDX_MAILBOX_MEMORY_BASE FixedPcdGet32 (PcdOvmfSecGhcbBackupBas= e) + %define TDX_MAILBOX_MEMORY_SIZE FixedPcdGet32 (PcdOvmfSecGhcbBackupSiz= e) + + %define OVMF_PAGE_TABLE_BASE FixedPcdGet32 (PcdOvmfSecPageTablesBas= e) + %define OVMF_PAGE_TABLE_SIZE FixedPcdGet32 (PcdOvmfSecPageTablesSiz= e) + + %define TDX_EXTRA_PAGE_TABLE_BASE FixedPcdGet32 (PcdOvmfSecGhcbPageTable= Base) + %define TDX_EXTRA_PAGE_TABLE_SIZE FixedPcdGet32 (PcdOvmfSecGhcbPageTable= Size) + %define PT_ADDR(Offset) (FixedPcdGet32 (PcdOvmfSecPageTablesBase) + (Off= set)) =20 %define GHCB_PT_ADDR (FixedPcdGet32 (PcdOvmfSecGhcbPageTableBase)) @@ -76,8 +115,11 @@ %define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 (PcdSevEsWorkAreaBase) + = 8) %define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaBase) = + 16) %define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase)= + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize)) -%include "Ia32/Flat32ToFlat64.asm" -%include "Ia32/PageTables64.asm" + + %include "X64/TdxMetadata.asm" + + %include "Ia32/Flat32ToFlat64.asm" + %include "Ia32/PageTables64.asm" %endif =20 %include "Ia16/Real16ToFlat32.asm" @@ -88,5 +130,6 @@ %define SEV_ES_AP_RESET_IP FixedPcdGet32 (PcdSevEsWorkAreaBase) %define SEV_LAUNCH_SECRET_BASE FixedPcdGet32 (PcdSevLaunchSecretBase) %define SEV_LAUNCH_SECRET_SIZE FixedPcdGet32 (PcdSevLaunchSecretSize) + %define OVMF_IMAGE_SIZE_IN_KB FixedPcdGet32 (PcdOvmfImageSizeInKb) %include "Ia16/ResetVectorVtf0.asm" =20 diff --git a/OvmfPkg/ResetVector/X64/TdxMetadata.asm b/OvmfPkg/ResetVector/= X64/TdxMetadata.asm new file mode 100644 index 000000000000..8dba8daa0165 --- /dev/null +++ b/OvmfPkg/ResetVector/X64/TdxMetadata.asm @@ -0,0 +1,97 @@ +;-------------------------------------------------------------------------= ----- +; @file +; Tdx Virtual Firmware metadata +; +; Copyright (c) 2021, Intel Corporation. All rights reserved.
+; SPDX-License-Identifier: BSD-2-Clause-Patent +; +;-------------------------------------------------------------------------= ----- + +BITS 64 + +%define TDX_VIRTUAL_FIRMWARE + +ALIGN 16 +TIMES (15 - ((TdxGuidedStructureEnd - TdxGuidedStructureStart + 15) % 16))= DB 0 + +TdxGuidedStructureStart: + +; +; TDVF meta data +; +TdxMetadataGuid: + DB 0xf3, 0xf9, 0xea, 0xe9, 0x8e, 0x16, 0xd5, 0x44 + DB 0xa8, 0xeb, 0x7f, 0x4d, 0x87, 0x38, 0xf6, 0xae + +_Descriptor: + DB 'T','D','V','F' ; Signature + DD TdxGuidedStructureEnd - _Descriptor ; Length + DD TDX_METADATA_VERSION ; Version + DD (TdxGuidedStructureEnd - _Descriptor - 16)/32 ; Number of sections + +_Bfv: + DD TDX_BFV_RAW_DATA_OFFSET + DD TDX_BFV_RAW_DATA_SIZE + DQ TDX_BFV_MEMORY_BASE + DQ TDX_BFV_MEMORY_SIZE + DD TDX_METADATA_SECTION_TYPE_BFV + DD TDX_METADATA_ATTRIBUTES_EXTENDMR + +_Cfv: + DD TDX_CFV_RAW_DATA_OFFSET + DD TDX_CFV_RAW_DATA_SIZE + DQ TDX_CFV_MEMORY_BASE + DQ TDX_CFV_MEMORY_SIZE + DD TDX_METADATA_SECTION_TYPE_CFV + DD 0 + +_Stack: + DD 0 + DD 0 + DQ TDX_STACK_MEMORY_BASE + DQ TDX_STACK_MEMORY_SIZE + DD TDX_METADATA_SECTION_TYPE_TEMP_MEM + DD 0 + +_Heap: + DD 0 + DD 0 + DQ TDX_HEAP_MEMORY_BASE + DQ TDX_HEAP_MEMORY_SIZE + DD TDX_METADATA_SECTION_TYPE_TEMP_MEM + DD 0 + +_MailBox: + DD 0 + DD 0 + DQ TDX_MAILBOX_MEMORY_BASE + DQ TDX_MAILBOX_MEMORY_SIZE + DD TDX_METADATA_SECTION_TYPE_TEMP_MEM + DD 0 + +_TdHob: + DD 0 + DD 0 + DQ TDX_HOB_MEMORY_BASE + DQ TDX_HOB_MEMORY_SIZE + DD TDX_METADATA_SECTION_TYPE_TD_HOB + DD 0 + +_TdxPageTable: + DD 0 + DD 0 + DQ TDX_EXTRA_PAGE_TABLE_BASE + DQ TDX_EXTRA_PAGE_TABLE_SIZE + DD TDX_METADATA_SECTION_TYPE_TEMP_MEM + DD 0 + +_OvmfPageTable: + DD 0 + DD 0 + DQ OVMF_PAGE_TABLE_BASE + DQ OVMF_PAGE_TABLE_SIZE + DD TDX_METADATA_SECTION_TYPE_TEMP_MEM + DD 0 + +TdxGuidedStructureEnd: +ALIGN 16 --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77677): https://edk2.groups.io/g/devel/message/77677 Mute This Topic: https://groups.io/mt/84144138/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri May 3 12:49:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77678+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77678+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1626052815; cv=none; d=zohomail.com; s=zohoarc; b=cjoXKOfcnj29ESak/JfgZxjKuTD5pRMdFZrTbHiwHfT/bk2m/u09cP/C2Pg4CjZPGem5mOYX4RXo3BPVRHWrejPwlvuN7bhUm4qcJ4M3/6aXbm6snw0ErxXVqX7GyQ/noLzckSJRZMSNKN239P2lgQxIIzZR7EDDGnTWrQmg57w= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1626052815; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=8WpUdfdph5U5tt0vgmAywxGXHO5Y3q2SQEvLid/xLcw=; b=a1fqctBtIMcVIQIcIU9dnB2WbNDyIi1p/a0pAhtnhVQIuKqgL16INZrB3dryBmQleCwgCCZGLEUbynv1/1QbuCejRbe7fJQt15hVouVRyEhD8IYd5+Y0A/0uOZuLE8aCC3CN7hdsbGk6w9i8UKkXsX/I+dw4TiLknDXT5FXtyvw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77678+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1626052815695147.70040503895632; Sun, 11 Jul 2021 18:20:15 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id knH1YY1788612xqRFqKdSP1o; Sun, 11 Jul 2021 18:20:15 -0700 X-Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web12.5424.1626052808517988836 for ; Sun, 11 Jul 2021 18:20:14 -0700 X-IronPort-AV: E=McAfee;i="6200,9189,10042"; a="209726403" X-IronPort-AV: E=Sophos;i="5.84,232,1620716400"; d="scan'208";a="209726403" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Jul 2021 18:20:14 -0700 X-IronPort-AV: E=Sophos;i="5.84,232,1620716400"; d="scan'208";a="459018153" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.238.4.4]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Jul 2021 18:20:12 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Eric Dong , Jiewen Yao , Ray Ni , Laszlo Ersek Subject: [edk2-devel] [PATCH 3/6] UefiCpuPkg/ResetVector: Add InitTdx in UefiCpuPkg Date: Mon, 12 Jul 2021 09:19:39 +0800 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: K7R2EtgpVgzCxadg7nkhBLECx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1626052815; bh=6aknYSgRPsrA/pXaiA8Q9ftSxtlPLajvRV424lbBRgM=; h=Cc:Date:From:Reply-To:Subject:To; b=h9+wm7/IibBM0IWeVX8ggyWPz7RAchrxQ2nPOC4aflFpcUKhhawSvYbOMbO8Qo0nT+T vj7w0QIkQIduzPeAObkX1YU1e/DgSEZk6mzdTlvc7ERX+dyLo8VrU/KWtI92Qb6hEmIWF GoqHi7CJMMUpyZiSRHrbot/cNcd+PPiGqpw= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1626052816254100001 Content-Type: text/plain; charset="utf-8" RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 In ResetVector phase some Tdx initialization may be needed, for example, recording the Tdx flag ('TDXG'), CPU GPA width, etc. It will be called by the Main32 entry point in Main.asm. InitTdx.asm in UefiCpuPkg/ResetVector is a placeholder and the actual initialization is done in other Pkg, such as OvmfPkg. Cc: Eric Dong Cc: Jiewen Yao Cc: Ray Ni Cc: Laszlo Ersek Signed-off-by: Min Xu --- UefiCpuPkg/ResetVector/Vtf0/Ia32/InitTdx.asm | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 UefiCpuPkg/ResetVector/Vtf0/Ia32/InitTdx.asm diff --git a/UefiCpuPkg/ResetVector/Vtf0/Ia32/InitTdx.asm b/UefiCpuPkg/Rese= tVector/Vtf0/Ia32/InitTdx.asm new file mode 100644 index 000000000000..feb917779fbd --- /dev/null +++ b/UefiCpuPkg/ResetVector/Vtf0/Ia32/InitTdx.asm @@ -0,0 +1,15 @@ +;-------------------------------------------------------------------------= ----- +; @file +; Tdx Initialization. +; +; Copyright (c) 2021, Intel Corporation. All rights reserved.
+; SPDX-License-Identifier: BSD-2-Clause-Patent +; +;-------------------------------------------------------------------------= ----- + +BITS 32 + +InitTdx: + nop +doneTdxInit: + OneTimeCallRet InitTdx --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77678): https://edk2.groups.io/g/devel/message/77678 Mute This Topic: https://groups.io/mt/84144140/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri May 3 12:49:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77679+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77679+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1626052817; cv=none; d=zohomail.com; s=zohoarc; b=jrbtBkQFoFcYOpgLlmAYOGY2nr1+mq0fMNuDirmp0yDiJLjWVOrcLGk+kKlErLnnllZ4QPHG1odO+fsfRJivZMsI59yTZbsBk2bNxF7OBosyMdslrgs8K7c2AXAIA9LIMJDWI+0GsLJgWpUD6I/tfW6AfnhzqiAmykm0EctdcHg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1626052817; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=J9bNW1i5IvMDdA5m59qDF+tyUg3PNSOsfXo+seR2m4Q=; b=cYdmvuNTy2gK8I88Ib0HZmZmXfeXScCldQyQSpRWTecFHWK+yDtS4hBAZufGebYJvxh25bbofwz5c7ezQabymUi4Adh5hxy5DgaUhLxhJA/cCNKC1U2wUMYneG3JyOoqnLvzE1aLjZ9kXzewGHoi2o7dllm5aUSCWWCRIFGrdLw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77679+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1626052817511777.8168598273026; Sun, 11 Jul 2021 18:20:17 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id ZJ4xYY1788612xYvGrdevM5n; Sun, 11 Jul 2021 18:20:17 -0700 X-Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web12.5424.1626052808517988836 for ; Sun, 11 Jul 2021 18:20:16 -0700 X-IronPort-AV: E=McAfee;i="6200,9189,10042"; a="209726408" X-IronPort-AV: E=Sophos;i="5.84,232,1620716400"; d="scan'208";a="209726408" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Jul 2021 18:20:16 -0700 X-IronPort-AV: E=Sophos;i="5.84,232,1620716400"; d="scan'208";a="459018165" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.238.4.4]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Jul 2021 18:20:14 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Eric Dong , Jiewen Yao , Ray Ni , Laszlo Ersek Subject: [edk2-devel] [PATCH 4/6] UefiCpuPkg/ResetVector: Add ReloadFlat32 in UefiCpuPkg Date: Mon, 12 Jul 2021 09:19:40 +0800 Message-Id: <4a08dc5d3adbc83f8048db44a6937138048d4435.1626050798.git.min.m.xu@intel.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: HXyt6ik1shj7IrV0rQfL6fOdx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1626052817; bh=W9JEOQioQ+mN4gXKsZkc3IK2yURsnwcJrZqG04MAUrw=; h=Cc:Date:From:Reply-To:Subject:To; b=FSoaeftznm6LsiBWV5sE4J3zvg/NEIdGv2v+AS4bAWolR3lLz59ibhvq6SPrpWQGElE k1qmwtFA9728rxc6NJYdFNV1Trr5jxuj7tolT2QqNqOGNnEmVirvlIjUeZTVNZ6FNYoqX 31Ijnw1VhsnEJke35S3hIjPErfOWmdHCNZ4= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1626052818332100006 Content-Type: text/plain; charset="utf-8" RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 Load the GDT and set the default CR0, then jump to Flat 32 protected mode. Cc: Eric Dong Cc: Jiewen Yao Cc: Ray Ni Cc: Laszlo Ersek Signed-off-by: Min Xu --- .../ResetVector/Vtf0/Ia32/ReloadFlat32.asm | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 UefiCpuPkg/ResetVector/Vtf0/Ia32/ReloadFlat32.asm diff --git a/UefiCpuPkg/ResetVector/Vtf0/Ia32/ReloadFlat32.asm b/UefiCpuPkg= /ResetVector/Vtf0/Ia32/ReloadFlat32.asm new file mode 100644 index 000000000000..e8a4c47762df --- /dev/null +++ b/UefiCpuPkg/ResetVector/Vtf0/Ia32/ReloadFlat32.asm @@ -0,0 +1,43 @@ +;-------------------------------------------------------------------------= ----- +; @file +; Load the GDT and set the CR0, then jump to Flat 32 protected mode. +; +; Copyright (c) 2021, Intel Corporation. All rights reserved.
+; SPDX-License-Identifier: BSD-2-Clause-Patent +; +;-------------------------------------------------------------------------= ----- + +%define SEC_DEFAULT_CR0 0x00000023 +%define SEC_DEFAULT_CR4 0x640 + +BITS 32 + +; +; Modified: EAX, EBX, CR0, CR4, DS, ES, FS, GS, SS +; +ReloadFlat32: + + cli + mov ebx, ADDR_OF(gdtr) + lgdt [ebx] + + mov eax, SEC_DEFAULT_CR0 + mov cr0, eax + + jmp LINEAR_CODE_SEL:dword ADDR_OF(jumpToFlat32BitAndLandHere) +BITS 32 +jumpToFlat32BitAndLandHere: + + mov eax, SEC_DEFAULT_CR4 + mov cr4, eax + + debugShowPostCode POSTCODE_32BIT_MODE + + mov ax, LINEAR_SEL + mov ds, ax + mov es, ax + mov fs, ax + mov gs, ax + mov ss, ax + + OneTimeCallRet ReloadFlat32 --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77679): https://edk2.groups.io/g/devel/message/77679 Mute This Topic: https://groups.io/mt/84144141/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri May 3 12:49:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77680+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77680+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1626052819; cv=none; d=zohomail.com; s=zohoarc; b=E4TBSb8uqFAj0+uq3Tj9/ItEfAN+RnKZeQVv8CLgZB9dVhg7ugMGK0NVipqyqsSTuCY1H+6yc4Np68p/kZMkFp5QoG2Q7/o1mwKl2WZArDAMBSMwmkDpdXby8Os4rTVbgoKIZJwdZjT4Ohm5CdvjdXLS+PrpORTuzcROSi8xoIA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1626052819; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=jAC1OvmE5eIrP231MbD20glz3LeCbXLDsi1nd/ps8Hg=; b=QEfVXbIPJDZBjX6IXFifSrWoofg2Nnm6x2kwkHEE3BSs1guObNv2XEk42s7d5Iy+lRUqEWpS6A3r8GQNYCD9HaTkH600MthJkpphjFK/8MSveqKpXKRQp78vFJXINF+9dhtpascFF32bBInQJkDpFHO1JsNEdEczE9P3mSOug5s= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77680+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1626052819639760.836030462531; Sun, 11 Jul 2021 18:20:19 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id oKkmYY1788612xu8vxIpKRIH; Sun, 11 Jul 2021 18:20:19 -0700 X-Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web12.5424.1626052808517988836 for ; Sun, 11 Jul 2021 18:20:18 -0700 X-IronPort-AV: E=McAfee;i="6200,9189,10042"; a="209726410" X-IronPort-AV: E=Sophos;i="5.84,232,1620716400"; d="scan'208";a="209726410" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Jul 2021 18:20:18 -0700 X-IronPort-AV: E=Sophos;i="5.84,232,1620716400"; d="scan'208";a="459018175" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.238.4.4]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Jul 2021 18:20:16 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Eric Dong , Ray Ni , Jiewen Yao , Laszlo Ersek Subject: [edk2-devel] [PATCH 5/6] UefiCpuPkg/ResetVector: Add Main32 entry point in Main.asm Date: Mon, 12 Jul 2021 09:19:41 +0800 Message-Id: <196ca7415612858fa81885a4d4eb85cb09ea67e2.1626050798.git.min.m.xu@intel.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: yNnVcxSikK6vXMvgLW6QnzTwx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1626052819; bh=un4NMIgLXXjT4a+DZbxhcZiVGLpE0FZdjXMBrWEKflw=; h=Cc:Date:From:Reply-To:Subject:To; b=nC4pIEW++MU3zcA+bJFO9n5MqH8rfQiVdJ5+XGYy92KjZNMiIzY3GuVogAOs90wF96i IqKUoUl78ZIKTYyKT5WS0x+ubtVe3zprz0L26XUkKRhp5w9oOVp8VNrfP8N7ZkSQGpxcP onhY77kR4oLMZjNe2XY+UrsnXzTLAr1YByY= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1626052820405100013 Content-Type: text/plain; charset="utf-8" RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 In Tdx all CPUs "reset" to run on 32-bit protected mode with flat descriptor (paging disabled). Main32 entry point is added in UefiCpuPkg/ResetVector/Vtf0/Main.asm so that Main.asm can support the 32-bit protected mode. InitTdx.asm and ReloadFlat32.asm are added in Vtf0/Vtf0.nasmb as well. Cc: Eric Dong Cc: Ray Ni Cc: Jiewen Yao Cc: Laszlo Ersek Signed-off-by: Min Xu --- UefiCpuPkg/ResetVector/Vtf0/Main.asm | 45 ++++++++++++++++++++++++++ UefiCpuPkg/ResetVector/Vtf0/Vtf0.nasmb | 2 ++ 2 files changed, 47 insertions(+) diff --git a/UefiCpuPkg/ResetVector/Vtf0/Main.asm b/UefiCpuPkg/ResetVector/= Vtf0/Main.asm index 19d08482f831..90e1dc678233 100644 --- a/UefiCpuPkg/ResetVector/Vtf0/Main.asm +++ b/UefiCpuPkg/ResetVector/Vtf0/Main.asm @@ -36,6 +36,51 @@ Main16: =20 BITS 32 =20 +%ifdef ARCH_X64 + + jmp SearchBfv + +; +; Modified: EBX, ECX, EDX, EBP, EDI, ESP +; +; @param[in,out] RAX/EAX 0 +; @param[in] RFLAGS 2 +; @param[in] RCX [31:0] TDINITVP - Untrusted Configuration +; [63:32] 0 +; @param[in] RDX [31:0] VCPUID +; [63:32] 0 +; @param[in] RBX [6:0] CPU supported GPA width +; [7:7] 5 level page table support +; [63:8] 0 +; @param[in] RSI [31:0] VCPU_Index +; [63:32] 0 +; @param[in] RDI/EDI 0 +; @param[in] RBP/EBP 0 +; @param[in] R8 Same as RCX +; @param[out] RBP/EBP Address of Boot Firmware Volume (BFV) +; @param[out] DS Selector allowing flat access to all addresses +; @param[out] ES Selector allowing flat access to all addresses +; @param[out] FS Selector allowing flat access to all addresses +; @param[out] GS Selector allowing flat access to all addresses +; @param[out] SS Selector allowing flat access to all addresses +; +; @return None This routine jumps to SEC and does not return +Main32: + ; + ; Save EBX in EBP because EBX will be changed in ReloadFlat32 + ; + mov ebp, ebx + + OneTimeCall ReloadFlat32 + + ; + ; Init Tdx + ; + OneTimeCall InitTdx + +%endif + +SearchBfv: ; ; Search for the Boot Firmware Volume (BFV) ; diff --git a/UefiCpuPkg/ResetVector/Vtf0/Vtf0.nasmb b/UefiCpuPkg/ResetVecto= r/Vtf0/Vtf0.nasmb index 493738c79c1c..663d6ddc4d24 100644 --- a/UefiCpuPkg/ResetVector/Vtf0/Vtf0.nasmb +++ b/UefiCpuPkg/ResetVector/Vtf0/Vtf0.nasmb @@ -51,6 +51,8 @@ %include "Ia32/SearchForSecEntry.asm" =20 %ifdef ARCH_X64 +%include "Ia32/InitTdx.asm" +%include "Ia32/ReloadFlat32.asm" %include "Ia32/Flat32ToFlat64.asm" %include "Ia32/PageTables64.asm" %endif --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77680): https://edk2.groups.io/g/devel/message/77680 Mute This Topic: https://groups.io/mt/84144143/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri May 3 12:49:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77681+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77681+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1626052828; cv=none; d=zohomail.com; s=zohoarc; b=cx2R3Arha0xladf7ug5OB6Ozw7pwzlJgdEdbNXNCfyeplnXxjaSHBIK4JoV/PPaDF2E5GE6xtsl8p9GBSgBdud+TetdACbslvCr0/GfzUym8Lxk9FMZdnlitON97jwt/MLtTJdSeiLZZwtgNrBCTHVtFl8NbdwvFVkosditun6s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1626052828; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=uMG1bymFeAVLOnxtVilNFv9XHx5EybPkXXabUalWWa8=; b=NbuCXTdQjklTGE4KIOG0YIYsRo2GDbvdGgzA5xNhe/ECWd1iQGOp2Z5oO6q7BncwTLvjVDxQ3Mn0HiF01sVHeq2PMBZBrY49s78BYomigB/51FZ2NTHr43sxGkX7n8dzy1sVrJJjxm2qtudZShVx95lypSx6qzGKGbyqN9ItYVc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77681+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1626052828173125.6953190578098; Sun, 11 Jul 2021 18:20:28 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id utnOYY1788612xuDSDzRzOmV; Sun, 11 Jul 2021 18:20:26 -0700 X-Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web12.5424.1626052808517988836 for ; Sun, 11 Jul 2021 18:20:21 -0700 X-IronPort-AV: E=McAfee;i="6200,9189,10042"; a="209726432" X-IronPort-AV: E=Sophos;i="5.84,232,1620716400"; d="scan'208";a="209726432" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Jul 2021 18:20:21 -0700 X-IronPort-AV: E=Sophos;i="5.84,232,1620716400"; d="scan'208";a="459018181" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.238.4.4]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Jul 2021 18:20:18 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Laszlo Ersek , Tom Lendacky Subject: [edk2-devel] [PATCH 6/6] OvmfPkg/ResetVector: Update ResetVector to support Tdx Date: Mon, 12 Jul 2021 09:19:42 +0800 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: iYVbA7Dy1GRLwrJsWyDu112Vx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1626052826; bh=F+f4h9L+k2dKp13dQcxSQlCkiJkwVYnZWnUoxUJGBSE=; h=Cc:Date:From:Reply-To:Subject:To; b=OTa7wGQkpFHBCvN40ki8gFmnR43QGuciDAT4l1Cmg19439tuQvoMdgHhyh/995PKMYA Ti+nc+3k7YfsvCbDjLKHEnjnMdz/B7B58ESKVErFDboHzpyuGuUNvOKqdZd1m5TQYkEh9 VKL8PN2QUMFk/N4LI06uzEucMd6F0NKHVAs= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1626052828861100002 Content-Type: text/plain; charset="utf-8" RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 In Tdx all CPUs "reset" to run on 32-bit protected mode with flat descriptor (paging disabled). But in Non-Td guest the initial state of CPUs is 16-bit real mode. To resolve this conflict, BITS 16/32 is used in the very beginning of ResetVector. It will check the 32-bit protected mode or 16-bit real mode, then jump to the corresponding entry point. This is done in OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm. InitTdx.asm is called to record the Tdx signature ('TDXG') and other tdx information in a TDX_WORK_AREA which can be used by the other routines in ResetVector. Main32 in UefiCpuPkg/ResetVector/Vtf0/Main.asm is the entry point for Tdx guest. It call ReloadFlat32 to load the GDT and set the CR0, then jump to flat32. After that InitTdx is called to do the above Tdx initializa= tion. Then Tdx jumps to 64-bit long mode by doing following tasks: 1. SetCr3ForPageTables64 For OVMF, some initial page tables is built at: PcdOvmfSecPageTablesBase - (PcdOvmfSecPageTablesBase + 0x6000) This page table supports the 4-level page table. But Tdx support 4-level and 5-level page table based on the CPU GPA widt= h. 48bit is 4-level paging, 52-bit is 5-level paging. If 5-level page table is supported (GPAW is 52), then a top level page directory pointers (1 * 256TB entry) is generated in the TdxPageTable. 2. Set Cr4 Enable PAE. 3. Adjust Cr3 If GPAW is 48, then Cr3 is PT_ADDR (0). If GPAW is 52, then Cr3 is TDX_PT_ADDR (0). Tdx MailBox [0x10, 0x800] is reserved for OS. So we initialize piece of this area ([0x10, 0x20]) to record the Tdx flag ('TDXG') and other Tdx info so t= hat they can be used in the following flow. After all above is successfully done, Tdx jump to SecEntry. Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Laszlo Ersek Cc: Tom Lendacky Signed-off-by: Min Xu --- OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 21 ++++++++ OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm | 47 ++++++++++++++++ OvmfPkg/ResetVector/Ia32/InitTdx.asm | 57 ++++++++++++++++++++ OvmfPkg/ResetVector/Ia32/PageTables64.asm | 41 ++++++++++++++ OvmfPkg/ResetVector/ResetVector.nasmb | 17 ++++++ 5 files changed, 183 insertions(+) create mode 100644 OvmfPkg/ResetVector/Ia32/InitTdx.asm diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm b/OvmfPkg/ResetVe= ctor/Ia16/ResetVectorVtf0.asm index ac86ce69ebe8..a390ed81d021 100644 --- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm +++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm @@ -155,10 +155,31 @@ resetVector: ; ; This is where the processor will begin execution ; +; In IA32 we follow the standard reset vector flow. While in X64, Td guest +; may be supported. Td guest requires the startup mode to be 32-bit +; protected mode but the legacy VM startup mode is 16-bit real mode. +; To make NASM generate such shared entry code that behaves correctly in +; both 16-bit and 32-bit mode, more BITS directives are added. +; +%ifdef ARCH_IA32 + nop nop jmp EarlyBspInitReal16 =20 +%else + + smsw ax + test al, 1 + jz .Real +BITS 32 + jmp Main32 +BITS 16 +.Real: + jmp EarlyBspInitReal16 + +%endif + ALIGN 16 =20 fourGigabytes: diff --git a/OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm b/OvmfPkg/ResetVec= tor/Ia32/Flat32ToFlat64.asm index c6d0d898bcd1..2206ca719593 100644 --- a/OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm +++ b/OvmfPkg/ResetVector/Ia32/Flat32ToFlat64.asm @@ -17,6 +17,9 @@ Transition32FlatTo64Flat: =20 OneTimeCall SetCr3ForPageTables64 =20 + cmp dword[TDX_WORK_AREA], 0x47584454 ; 'TDXG' + jz TdxTransition32FlatTo64Flat + mov eax, cr4 bts eax, 5 ; enable PAE mov cr4, eax @@ -65,10 +68,54 @@ EnablePaging: bts eax, 31 ; set PG mov cr0, eax ; enable paging =20 + jmp _jumpTo64Bit + +; +; Tdx Transition from 32Flat to 64Flat +; +TdxTransition32FlatTo64Flat: + + mov eax, cr4 + bts eax, 5 ; enable PAE + + ; + ; byte[TDX_WORK_AREA_PAGELEVEL5] holds the indicator whether 52bit is = supported. + ; if it is the case, need to set LA57 and use 5-level paging + ; + cmp byte[TDX_WORK_AREA_PAGELEVEL5], 0 + jz .set_cr4 + bts eax, 12 +.set_cr4: + mov cr4, eax + mov ebx, cr3 + + ; + ; if la57 is not set, we are ok + ; if using 5-level paging, adjust top-level page directory + ; + bt eax, 12 + jnc .set_cr3 + mov ebx, TDX_PT_ADDR (0) +.set_cr3: + mov cr3, ebx + + mov eax, cr0 + bts eax, 31 ; set PG + mov cr0, eax ; enable paging + +_jumpTo64Bit: jmp LINEAR_CODE64_SEL:ADDR_OF(jumpTo64BitAndLandHere) + BITS 64 jumpTo64BitAndLandHere: =20 + ; + ; For Td guest we are done and jump to the end + ; + mov eax, TDX_WORK_AREA + cmp dword [eax], 0x47584454 ; 'TDXG' + jz GoodCompare + ; ; Check if the second step of the SEV-ES mitigation is to be performed. ; diff --git a/OvmfPkg/ResetVector/Ia32/InitTdx.asm b/OvmfPkg/ResetVector/Ia3= 2/InitTdx.asm new file mode 100644 index 000000000000..de8273da6a0c --- /dev/null +++ b/OvmfPkg/ResetVector/Ia32/InitTdx.asm @@ -0,0 +1,57 @@ +;-------------------------------------------------------------------------= ----- +; @file +; Initialize TDX_WORK_AREA to record the Tdx flag ('TDXG') and other Tdx= info +; so that the following codes can use these information. +; +; Copyright (c) 2021, Intel Corporation. All rights reserved.
+; SPDX-License-Identifier: BSD-2-Clause-Patent +; +;-------------------------------------------------------------------------= ----- + +BITS 32 + +; +; Modified: EBP +; +InitTdx: + ; + ; In Td guest, BSP/AP shares the same entry point + ; BSP builds up the page table, while APs shouldn't do the same task. + ; Instead, APs just leverage the page table which is built by BSP. + ; APs will wait until the page table is ready. + ; In Td guest, vCPU 0 is treated as the BSP, the others are APs. + ; ESI indicates the vCPU ID. + ; + cmp esi, 0 + je tdBspEntry + +apWait: + cmp byte[TDX_WORK_AREA_PGTBL_READY], 0 + je apWait + jmp doneTdxInit + +tdBspEntry: + ; + ; It is of Tdx Guest + ; Save the Tdx info in TDX_WORK_AREA so that the following code can use + ; these information. + ; + mov dword [TDX_WORK_AREA], 0x47584454 ; 'TDXG' + + ; + ; EBP[6:0] CPU supported GPA width + ; + and ebp, 0x3f + cmp ebp, 52 + jl NotPageLevel5 + mov byte[TDX_WORK_AREA_PAGELEVEL5], 1 + +NotPageLevel5: + ; + ; ECX[31:0] TDINITVP - Untrusted Configuration + ; + mov DWORD[TDX_WORK_AREA_INITVP], ecx + mov DWORD[TDX_WORK_AREA_INFO], ebp + +doneTdxInit: + OneTimeCallRet InitTdx diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto= r/Ia32/PageTables64.asm index 5fae8986d9da..508df6cf5967 100644 --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm @@ -218,6 +218,24 @@ SevEsDisabled: ; SetCr3ForPageTables64: =20 + ; + ; Check Td guest + ; + cmp dword[TDX_WORK_AREA], 0x47584454 ; 'TDXG' + jnz CheckSev + + xor edx, edx + + ; + ; In Td guest, BSP builds the page table and set the flag of + ; TDX_WORK_AREA_PGTBL_READY. APs check this flag and then set + ; cr3 directly. + ; + cmp byte[TDX_WORK_AREA_PGTBL_READY], 1 + jz SetCr3 + jmp SevNotActive + +CheckSev: OneTimeCall CheckSevFeatures xor edx, edx test eax, eax @@ -277,6 +295,29 @@ pageTableEntriesLoop: mov [(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], edx loop pageTableEntriesLoop =20 + ; + ; If it is Td guest, TdxExtraPageTable should be initialized as well + ; + cmp dword[TDX_WORK_AREA], 0x47584454 ; 'TDXG' + jnz IsSevEs + + xor eax, eax + mov ecx, 0x400 +tdClearTdxPageTablesMemoryLoop: + mov dword [ecx * 4 + TDX_PT_ADDR (0) - 4], eax + loop tdClearTdxPageTablesMemoryLoop + + xor edx, edx + ; + ; Top level Page Directory Pointers (1 * 256TB entry) + ; + mov dword[TDX_PT_ADDR (0)], PT_ADDR (0) + PAGE_PDP_ATTR + mov dword[TDX_PT_ADDR (4)], edx + + mov byte[TDX_WORK_AREA_PGTBL_READY], 1 + jmp SetCr3 + +IsSevEs: OneTimeCall IsSevEsEnabled test eax, eax jz SetCr3 diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re= setVector.nasmb index b653fe87abd6..47ea23095c0a 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -106,6 +106,21 @@ %define TDX_EXTRA_PAGE_TABLE_BASE FixedPcdGet32 (PcdOvmfSecGhcbPageTable= Base) %define TDX_EXTRA_PAGE_TABLE_SIZE FixedPcdGet32 (PcdOvmfSecGhcbPageTable= Size) =20 + ; + ; TdMailboxBase [0x10, 0x800] is reserved for OS. + ; Td guest initialize piece of this area (TdMailboxBase [0x10,0x20]) to + ; record the Td guest info so that this information can be used in the + ; following ResetVector flow. + ; + %define TD_MAILBOX_WORKAREA_OFFSET 0x10 + %define TDX_WORK_AREA (TDX_MAILBOX_MEMORY_BASE + TD_MAIL= BOX_WORKAREA_OFFSET) + %define TDX_WORK_AREA_PAGELEVEL5 (TDX_WORK_AREA + 4) + %define TDX_WORK_AREA_PGTBL_READY (TDX_WORK_AREA + 5) + %define TDX_WORK_AREA_INITVP (TDX_WORK_AREA + 8) + %define TDX_WORK_AREA_INFO (TDX_WORK_AREA + 8 + 4) + + %define TDX_PT_ADDR(Offset) (TDX_EXTRA_PAGE_TABLE_BASE + (Offset)) + %define PT_ADDR(Offset) (FixedPcdGet32 (PcdOvmfSecPageTablesBase) + (Off= set)) =20 %define GHCB_PT_ADDR (FixedPcdGet32 (PcdOvmfSecGhcbPageTableBase)) @@ -117,6 +132,8 @@ %define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase)= + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize)) =20 %include "X64/TdxMetadata.asm" + %include "Ia32/InitTdx.asm" + %include "Ia32/ReloadFlat32.asm" =20 %include "Ia32/Flat32ToFlat64.asm" %include "Ia32/PageTables64.asm" --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77681): https://edk2.groups.io/g/devel/message/77681 Mute This Topic: https://groups.io/mt/84144144/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-