1. Patchew
  2. EDK2
  3. [edk2-devel] [PATCH V3 00/29] Enable Intel TDX in OvmfPkg (Config-A)
  4. View patch

[edk2-devel] [PATCH V3 28/29] OvmfPkg/QemuFwCfgLib: Support Tdx in QemuFwCfgDxe

Min Xu posted 29 patches 4 years, 3 months ago
There is a newer version of this series
[edk2-devel] [PATCH V3 28/29] OvmfPkg/QemuFwCfgLib: Support Tdx in QemuFwCfgDxe
Posted by Min Xu 4 years, 3 months ago 
RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

In the previous QemuFwCfgDxe only SEV is supported. This commit
introduce TDX support in QemuFwCfgDxe.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c      | 9 +++++----
 OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf | 1 +
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c
index 0182c9235cac..7a60b3e82863 100644
--- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c
+++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c
@@ -19,6 +19,7 @@
 #include <Library/DebugLib.h>
 #include <Library/QemuFwCfgLib.h>
 #include <Library/UefiBootServicesTableLib.h>
+#include <Library/MemEncryptTdxLib.h>
 #include <Library/MemEncryptSevLib.h>
 
 #include "QemuFwCfgLibInternal.h"
@@ -85,7 +86,7 @@ QemuFwCfgInitialize (
     DEBUG ((DEBUG_INFO, "QemuFwCfg interface (DMA) is supported.\n"));
   }
 
-  if (mQemuFwCfgDmaSupported && MemEncryptSevIsEnabled ()) {
+  if (mQemuFwCfgDmaSupported && (MemEncryptSevIsEnabled () || (MemEncryptTdxIsEnabled ()))) {
     EFI_STATUS   Status;
 
     //
@@ -96,7 +97,7 @@ QemuFwCfgInitialize (
                     (VOID **)&mIoMmuProtocol);
     if (EFI_ERROR (Status)) {
       DEBUG ((DEBUG_ERROR,
-        "QemuFwCfgSevDma %a:%a Failed to locate IOMMU protocol.\n",
+        "QemuFwCfgDma %a:%a Failed to locate IOMMU protocol.\n",
         gEfiCallerBaseName, __FUNCTION__));
       ASSERT (FALSE);
       CpuDeadLoop ();
@@ -371,10 +372,10 @@ InternalQemuFwCfgDmaBytes (
   DataBuffer = Buffer;
 
   //
-  // When SEV is enabled, map Buffer to DMA address before issuing the DMA
+  // When SEV or TDX is enabled, map Buffer to DMA address before issuing the DMA
   // request
   //
-  if (MemEncryptSevIsEnabled ()) {
+  if (MemEncryptSevIsEnabled() || MemEncryptTdxIsEnabled ()) {
     VOID                  *AccessBuffer;
     EFI_PHYSICAL_ADDRESS  DataBufferAddress;
 
diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf
index 48899ff1236a..ce3eaa5ed8b4 100644
--- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf
+++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf
@@ -43,6 +43,7 @@
   IoLib
   MemoryAllocationLib
   MemEncryptSevLib
+  MemEncryptTdxLib
 
 [Protocols]
   gEdkiiIoMmuProtocolGuid                         ## SOMETIMES_CONSUMES
-- 
2.29.2.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#82983): https://edk2.groups.io/g/devel/message/82983
Mute This Topic: https://groups.io/mt/86739896/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH V3 28/29] OvmfPkg/QemuFwCfgLib: Support Tdx in QemuFwCfgDxe
Posted by Gerd Hoffmann 4 years, 3 months ago 
On Mon, Nov 01, 2021 at 09:16:17PM +0800, Min Xu wrote:
> RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429
> 
> In the previous QemuFwCfgDxe only SEV is supported. This commit
> introduce TDX support in QemuFwCfgDxe.
> 
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Brijesh Singh <brijesh.singh@amd.com>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Signed-off-by: Min Xu <min.m.xu@intel.com>
> ---
>  OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c      | 9 +++++----
>  OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf | 1 +
>  2 files changed, 6 insertions(+), 4 deletions(-)
> 
> diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c
> index 0182c9235cac..7a60b3e82863 100644
> --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c
> +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c
> @@ -19,6 +19,7 @@
>  #include <Library/DebugLib.h>
>  #include <Library/QemuFwCfgLib.h>
>  #include <Library/UefiBootServicesTableLib.h>
> +#include <Library/MemEncryptTdxLib.h>
>  #include <Library/MemEncryptSevLib.h>
>  
>  #include "QemuFwCfgLibInternal.h"
> @@ -85,7 +86,7 @@ QemuFwCfgInitialize (
>      DEBUG ((DEBUG_INFO, "QemuFwCfg interface (DMA) is supported.\n"));
>    }
>  
> -  if (mQemuFwCfgDmaSupported && MemEncryptSevIsEnabled ()) {
> +  if (mQemuFwCfgDmaSupported && (MemEncryptSevIsEnabled () || (MemEncryptTdxIsEnabled ()))) {
>      EFI_STATUS   Status;

Should be possible to just check the ConfidentialComputing PCD here.

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#83228): https://edk2.groups.io/g/devel/message/83228
Mute This Topic: https://groups.io/mt/86739896/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH V3 28/29] OvmfPkg/QemuFwCfgLib: Support Tdx in QemuFwCfgDxe
Posted by Min Xu 4 years, 1 month ago 
Hi,

> > diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c
> > b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c
> > index 0182c9235cac..7a60b3e82863 100644
> > --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c
> > +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c
> > @@ -19,6 +19,7 @@
> >  #include <Library/DebugLib.h>
> >  #include <Library/QemuFwCfgLib.h>
> >  #include <Library/UefiBootServicesTableLib.h>
> > +#include <Library/MemEncryptTdxLib.h>
> >  #include <Library/MemEncryptSevLib.h>
> >
> >  #include "QemuFwCfgLibInternal.h"
> > @@ -85,7 +86,7 @@ QemuFwCfgInitialize (
> >      DEBUG ((DEBUG_INFO, "QemuFwCfg interface (DMA) is supported.\n"));
> >    }
> >
> > -  if (mQemuFwCfgDmaSupported && MemEncryptSevIsEnabled ()) {
> > +  if (mQemuFwCfgDmaSupported && (MemEncryptSevIsEnabled () ||
> > + (MemEncryptTdxIsEnabled ()))) {
> >      EFI_STATUS   Status;
> 
> Should be possible to just check the ConfidentialComputing PCD here.
> 
MemEncryptTdxIsEnabled() is checking the ConfidentialComputing PCD.
MemEncryptSevIsEnabled () has 3 implementations in SEC/PEI/DXE. In SEC/PEI phase the ConfidentialComputing PCD has not been ready and it just checks the Msr.Bits.SevBit. 

Another consideration is that as the first step we make the least change so that it will not break the existing feature. After that we revisit here and refine the code if possible.

Thanks
Min


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#84669): https://edk2.groups.io/g/devel/message/84669
Mute This Topic: https://groups.io/mt/86739896/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.