From nobody Sun Feb 8 21:12:32 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+88123+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+88123+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1648455029; cv=none; d=zohomail.com; s=zohoarc; b=NWrs6jD00exZkeYm/z3JLGYzS4EgTVgMrYdSzU7DUlJ1QFPYIaKOTI0hx/VQqOUbhB2xPO9aD84b3rgrt8/4D7igwf7Du20RcDa84UuQYQplFgduWHHVVwGrjse2aUtfnl62t2Wjx0wq8NTGrthgvHywLnMKLyXG9D+Lvc2rmMo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1648455029; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=NRh6aGV0Hae8XpVmtqBCw6sCeuP9Sd30meC/Jn+ZLBc=; b=HRMU6y3bykoJbnDvB9eBBxhNNn7VRsP+yFYvpnLesCHOqCIteQRUbxZjZFV1Y1ysj2THrUQQWUVAWXCwIsQ2ynnRT0pgr87yx5+WRhNAzDBy8INg5JMFePSymFj5230VgeKBxQpklYaFg4xN+CcVmThAZanXhRQR01QPk0woRCk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+88123+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1648455029635787.6737433609195; Mon, 28 Mar 2022 01:10:29 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id n9MdYY1788612xKHLQmIbrXc; Mon, 28 Mar 2022 01:10:29 -0700 X-Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by mx.groups.io with SMTP id smtpd.web12.8487.1648455017030517745 for ; Mon, 28 Mar 2022 01:10:28 -0700 X-IronPort-AV: E=McAfee;i="6200,9189,10299"; a="257771298" X-IronPort-AV: E=Sophos;i="5.90,216,1643702400"; d="scan'208";a="257771298" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Mar 2022 01:10:28 -0700 X-IronPort-AV: E=Sophos;i="5.90,216,1643702400"; d="scan'208";a="563428359" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.175.167]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Mar 2022 01:10:25 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Ard Biesheuvel , Jordan Justen , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky , Gerd Hoffmann Subject: [edk2-devel] [PATCH V11 34/47] OvmfPkg: Check Tdx in QemuFwCfgPei to avoid DMA operation Date: Mon, 28 Mar 2022 16:08:13 +0800 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: 8J8wsbdaOSnlenl7UC7kOovLx1787277AA= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1648455029; bh=0TIHwYaitTNKVGth2vr6GSXLntvL0YRbsdrZX3ggMo0=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=V6GttbGageupDcsK7XswfJ7vG7z5DUoLDU1RnRf3clmbzMLWBFl4PENSPDRLZK0Wquj TzqxQjgVCacJA2T1CQigoEuX3byOjvDxYk8am2MGGZQ2jKdBdM2va8yhFCQSAob0o/fXW 50HxLepZ3mFqKzmv1kIzHEujpjIaWb7OLgs= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1648455029963100017 RFC=EF=BC=9A https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 If TDX is enabled then we do not support DMA operation in PEI phase. This is mainly because DMA in TDX guest requires using bounce buffer (which need to allocate dynamic memory and allocating a PAGE size'd buffer can be challenge in PEI phase). Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Gerd Hoffmann Acked-by: Gerd Hoffmann Signed-off-by: Min Xu --- .../QemuFwCfgLib/QemuFwCfgLibInternal.h | 11 +++++++ OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c | 32 +++++++++++++++++++ .../Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf | 2 ++ 3 files changed, 45 insertions(+) diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLibInternal.h b/OvmfPkg/= Library/QemuFwCfgLib/QemuFwCfgLibInternal.h index 0b77cad1c030..6f7beb6ac1c7 100644 --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLibInternal.h +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLibInternal.h @@ -59,4 +59,15 @@ InternalQemuFwCfgDmaBytes ( IN UINT32 Control ); =20 +/** + Check if it is Tdx guest + + @retval TRUE It is Tdx guest + @retval FALSE It is not Tdx guest +**/ +BOOLEAN +QemuFwCfgIsTdxGuest ( + VOID + ); + #endif diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c b/OvmfPkg/Library/= QemuFwCfgLib/QemuFwCfgPei.c index f696fb7cacaa..b8230613dcea 100644 --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c @@ -14,12 +14,30 @@ #include #include #include +#include =20 #include "QemuFwCfgLibInternal.h" =20 STATIC BOOLEAN mQemuFwCfgSupported =3D FALSE; STATIC BOOLEAN mQemuFwCfgDmaSupported; =20 +/** + Check if it is Tdx guest + + @retval TRUE It is Tdx guest + @retval FALSE It is not Tdx guest +**/ +BOOLEAN +QemuFwCfgIsTdxGuest ( + VOID + ) +{ + CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER *CcWorkAreaHeader; + + CcWorkAreaHeader =3D (CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER *)FixedPcd= Get32 (PcdOvmfWorkAreaBase); + return (CcWorkAreaHeader !=3D NULL && CcWorkAreaHeader->GuestType =3D=3D= GUEST_TYPE_INTEL_TDX); +} + /** Returns a boolean indicating if the firmware configuration interface is available or not. @@ -81,6 +99,14 @@ QemuFwCfgInitialize ( // if (MemEncryptSevIsEnabled ()) { DEBUG ((DEBUG_INFO, "SEV: QemuFwCfg fallback to IO Port interface.\n= ")); + } else if (QemuFwCfgIsTdxGuest ()) { + // + // If TDX is enabled then we do not support DMA operations in PEI ph= ase. + // This is mainly because DMA in TDX guest requires using bounce buf= fer + // (which need to allocate dynamic memory and allocating a PAGE size= 'd + // buffer can be challenge in PEI phase) + // + DEBUG ((DEBUG_INFO, "TDX: QemuFwCfg fallback to IO Port interface.\n= ")); } else { mQemuFwCfgDmaSupported =3D TRUE; DEBUG ((DEBUG_INFO, "QemuFwCfg interface (DMA) is supported.\n")); @@ -163,6 +189,12 @@ InternalQemuFwCfgDmaBytes ( // ASSERT (!MemEncryptSevIsEnabled ()); =20 + // + // TDX does not support DMA operations in PEI stage, we should + // not have reached here. + // + ASSERT (!QemuFwCfgIsTdxGuest ()); + Access.Control =3D SwapBytes32 (Control); Access.Length =3D SwapBytes32 (Size); Access.Address =3D SwapBytes64 ((UINTN)Buffer); diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf b/OvmfPkg/Lib= rary/QemuFwCfgLib/QemuFwCfgPeiLib.inf index 9f9af7d03201..3910511880c9 100644 --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf @@ -43,3 +43,5 @@ MemoryAllocationLib MemEncryptSevLib =20 +[Pcd] + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#88123): https://edk2.groups.io/g/devel/message/88123 Mute This Topic: https://groups.io/mt/90080011/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-