From nobody Mon Feb  9 11:08:26 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+86797+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+86797+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1645271938; cv=none;
	d=zohomail.com; s=zohoarc;
	b=A+Zy3sNG1d3QmHDreE7vIzLK7KLOh1D2d5GEBNFt96syVSxgdbQM9CJnbKByIV3W6lSnbQ0IYotDJKvxTNM36BhQct+GD7mes+LOJbP3v/X4dEye0sDw+V6+huNlaBmmyhXjkKsiIjPeHftK/ooYa0S5YpbEDcnMIytbGFxW65I=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1645271938;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=2M9giMQTQeDg5m0cvps/27ZQXglm0TAledw2ynKBUK8=;
	b=YVIUqTKNhUwnQ6plkqdA8rzWdh7ezApnpofx+j0+GLiFQ6Ne9ul+vz9L9txecm2mft7AyPb9RIez44czi+B9HexzcoOpNzWoQvzk0HE7vDLKgm4d+JffM9RyUzA6HEEFm5TnXfce+KE9AZQir2i+Qhqts0BvZ26bE7CJKbGUsgo=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+86797+1787277+3901457@groups.io;
	dmarc=fail header.from=<min.m.xu@intel.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1645271938749869.132031035727;
 Sat, 19 Feb 2022 03:58:58 -0800 (PST)
Return-Path: <bounce+27952+86797+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id LvODYY1788612xmN071cGO4D;
 Sat, 19 Feb 2022 03:58:58 -0800
X-Received: from mga17.intel.com (mga17.intel.com [192.55.52.151])
 by mx.groups.io with SMTP id smtpd.web08.9102.1645271934717883800
 for <devel@edk2.groups.io>;
 Sat, 19 Feb 2022 03:58:54 -0800
X-IronPort-AV: E=McAfee;i="6200,9189,10262"; a="231915536"
X-IronPort-AV: E=Sophos;i="5.88,381,1635231600";
   d="scan'208";a="231915536"
X-Received: from orsmga008.jf.intel.com ([10.7.209.65])
  by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 19 Feb 2022 03:58:48 -0800
X-IronPort-AV: E=Sophos;i="5.88,381,1635231600";
   d="scan'208";a="546691399"
X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.175.253])
  by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 19 Feb 2022 03:58:45 -0800
From: "Min Xu" <min.m.xu@intel.com>
To: devel@edk2.groups.io
Cc: Min Xu <min.m.xu@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Brijesh Singh <brijesh.singh@amd.com>,
	Erdem Aktas <erdemaktas@google.com>,
	James Bottomley <jejb@linux.ibm.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Gerd Hoffmann <kraxel@redhat.com>
Subject: [edk2-devel] [PATCH V6 34/42] OvmfPkg: Update PlatformPei to support
 Tdx guest
Date: Sat, 19 Feb 2022 19:56:47 +0800
Message-Id: 
 <e3f9e638e14d62b93f1b2e3db376b84b87c7d87c.1645261991.git.min.m.xu@intel.com>
In-Reply-To: <cover.1645261990.git.min.m.xu@intel.com>
References: <cover.1645261990.git.min.m.xu@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,min.m.xu@intel.com
X-Gm-Message-State: 8kARx78ocCI9QewvTkQvzp1cx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1645271938;
 bh=uKvGmixDzx5/cerHg0sjd2xIRLEu1r0Qi1Yj2teEG6E=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=n2AnAhyrR5JZtBCf7FQ8y1fEWi8Cvhot/CkDgurHmuaeGSWv/Ivva8lrAhHq6PSMgxP
 vrkSoYoEiHG4R2Vy2Ey39Dz2i0dMbxjC3/Acas/i3PWZI89jGzgO9R7v+yvatECk1X06U
 88qnVTlkN2zTcQpP6vnaU2GLn/99LxExhD0=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1645271940322100025
Content-Type: text/plain; charset="utf-8"

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429

OvmfPkg/PlatformPei is updated to support Tdx guest. There are below
major changes.
 - Set Tdx related PCDs
 - Build Tdx PlatformInfoHob
 - Publish Tdx RamRegions

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 OvmfPkg/OvmfPkg.dec                  |  1 +
 OvmfPkg/PlatformPei/FeatureControl.c |  7 +++-
 OvmfPkg/PlatformPei/IntelTdx.c       | 61 ++++++++++++++++++++++++++++
 OvmfPkg/PlatformPei/MemDetect.c      | 13 +++++-
 OvmfPkg/PlatformPei/Platform.c       |  1 +
 OvmfPkg/PlatformPei/Platform.h       | 11 +++++
 OvmfPkg/PlatformPei/PlatformPei.inf  |  4 ++
 7 files changed, 95 insertions(+), 3 deletions(-)
 create mode 100644 OvmfPkg/PlatformPei/IntelTdx.c

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index f3d06411b51b..9b8bfb1b7e90 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -133,6 +133,7 @@
   gGrubFileGuid                         =3D {0xb5ae312c, 0xbc8a, 0x43b1, {=
0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}}
   gConfidentialComputingSecretGuid      =3D {0xadf956ad, 0xe98c, 0x484c, {=
0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}}
   gConfidentialComputingSevSnpBlobGuid  =3D {0x067b1f5f, 0xcf26, 0x44c5, {=
0x85, 0x54, 0x93, 0xd7, 0x77, 0x91, 0x2d, 0x42}}
+  gUefiOvmfPkgTdxPlatformGuid           =3D {0xdec9b486, 0x1f16, 0x47c7, {=
0x8f, 0x68, 0xdf, 0x1a, 0x41, 0x88, 0x8b, 0xa5}}
=20
 [Ppis]
   # PPI whose presence in the PPI database signals that the TPM base addre=
ss
diff --git a/OvmfPkg/PlatformPei/FeatureControl.c b/OvmfPkg/PlatformPei/Fea=
tureControl.c
index 9af58c2655f8..5864ee0c214d 100644
--- a/OvmfPkg/PlatformPei/FeatureControl.c
+++ b/OvmfPkg/PlatformPei/FeatureControl.c
@@ -12,6 +12,7 @@
 #include <Library/QemuFwCfgLib.h>
 #include <Ppi/MpServices.h>
 #include <Register/ArchitecturalMsr.h>
+#include <IndustryStandard/Tdx.h>
=20
 #include "Platform.h"
=20
@@ -37,7 +38,11 @@ WriteFeatureControl (
   IN OUT VOID  *WorkSpace
   )
 {
-  AsmWriteMsr64 (MSR_IA32_FEATURE_CONTROL, mFeatureControlValue);
+  if (TdIsEnabled ()) {
+    TdVmCall (TDVMCALL_WRMSR, (UINT64)MSR_IA32_FEATURE_CONTROL, mFeatureCo=
ntrolValue, 0, 0, 0);
+  } else {
+    AsmWriteMsr64 (MSR_IA32_FEATURE_CONTROL, mFeatureControlValue);
+  }
 }
=20
 /**
diff --git a/OvmfPkg/PlatformPei/IntelTdx.c b/OvmfPkg/PlatformPei/IntelTdx.c
new file mode 100644
index 000000000000..37408046787a
--- /dev/null
+++ b/OvmfPkg/PlatformPei/IntelTdx.c
@@ -0,0 +1,61 @@
+/** @file
+  Initialize Intel TDX support.
+
+  Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/HobLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <IndustryStandard/Tdx.h>
+#include <IndustryStandard/QemuFwCfg.h>
+#include <Library/QemuFwCfgLib.h>
+#include <Library/PeiServicesLib.h>
+#include <Library/TdxLib.h>
+#include <Library/PlatformInitLib.h>
+#include <WorkArea.h>
+#include <ConfidentialComputingGuestAttr.h>
+#include "Platform.h"
+
+/**
+  This Function checks if TDX is available, if present then it sets
+  the dynamic PCDs for Tdx guest. It also builds Guid hob which contains
+  the Host Bridge DevId.
+  **/
+VOID
+IntelTdxInitialize (
+  VOID
+  )
+{
+ #ifdef MDE_CPU_X64
+  EFI_HOB_PLATFORM_INFO  PlatformInfoHob;
+  RETURN_STATUS          PcdStatus;
+
+  if (!TdIsEnabled ()) {
+    return;
+  }
+
+  PcdStatus =3D PcdSet64S (PcdConfidentialComputingGuestAttr, CCAttrIntelT=
dx);
+  ASSERT_RETURN_ERROR (PcdStatus);
+
+  PcdStatus =3D PcdSetBoolS (PcdIa32EferChangeAllowed, FALSE);
+  ASSERT_RETURN_ERROR (PcdStatus);
+
+  PcdStatus =3D PcdSet64S (PcdTdxSharedBitMask, TdSharedPageMask ());
+  ASSERT_RETURN_ERROR (PcdStatus);
+
+  PcdStatus =3D PcdSetBoolS (PcdSetNxForStack, TRUE);
+  ASSERT_RETURN_ERROR (PcdStatus);
+
+  ZeroMem (&PlatformInfoHob, sizeof (PlatformInfoHob));
+  PlatformInfoHob.HostBridgePciDevId =3D mHostBridgeDevId;
+
+  BuildGuidDataHob (&gUefiOvmfPkgTdxPlatformGuid, &PlatformInfoHob, sizeof=
 (EFI_HOB_PLATFORM_INFO));
+ #endif
+}
diff --git a/OvmfPkg/PlatformPei/MemDetect.c b/OvmfPkg/PlatformPei/MemDetec=
t.c
index 9b62625f9d91..47642cfa07a6 100644
--- a/OvmfPkg/PlatformPei/MemDetect.c
+++ b/OvmfPkg/PlatformPei/MemDetect.c
@@ -37,7 +37,6 @@ Module Name:
 #include <Library/QemuFwCfgLib.h>
 #include <Library/QemuFwCfgSimpleParserLib.h>
 #include <Library/PlatformInitLib.h>
-
 #include "Platform.h"
=20
 UINT8  mPhysMemAddressWidth;
@@ -219,7 +218,12 @@ GetPeiMemoryCap (
     PdpEntries  =3D 1 << (mPhysMemAddressWidth - 30);
     ASSERT (PdpEntries <=3D 0x200);
   } else {
-    Pml4Entries =3D 1 << (mPhysMemAddressWidth - 39);
+    if (TdIsEnabled ()) {
+      Pml4Entries =3D 0x200;
+    } else {
+      Pml4Entries =3D 1 << (mPhysMemAddressWidth - 39);
+    }
+
     ASSERT (Pml4Entries <=3D 0x200);
     PdpEntries =3D 512;
   }
@@ -334,6 +338,11 @@ InitializeRamRegions (
   VOID
   )
 {
+  if (TdIsEnabled ()) {
+    PlatformTdxPublishRamRegions ();
+    return;
+  }
+
   PlatformInitializeRamRegions (
     mQemuUc32Base,
     mHostBridgeDevId,
diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
index 5f175bf7014d..5c3c42953032 100644
--- a/OvmfPkg/PlatformPei/Platform.c
+++ b/OvmfPkg/PlatformPei/Platform.c
@@ -437,6 +437,7 @@ InitializePlatform (
=20
   InstallClearCacheCallback ();
   AmdSevInitialize ();
+  IntelTdxInitialize ();
   MiscInitialization ();
   InstallFeatureControlCallback ();
=20
diff --git a/OvmfPkg/PlatformPei/Platform.h b/OvmfPkg/PlatformPei/Platform.h
index 64af9cde1002..a8484b3fa374 100644
--- a/OvmfPkg/PlatformPei/Platform.h
+++ b/OvmfPkg/PlatformPei/Platform.h
@@ -10,6 +10,7 @@
 #define _PLATFORM_PEI_H_INCLUDED_
=20
 #include <IndustryStandard/E820.h>
+#include <IndustryStandard/IntelTdx.h>
=20
 VOID
 AddressWidthInitialization (
@@ -66,6 +67,16 @@ AmdSevInitialize (
   VOID
   );
=20
+/**
+  This Function checks if TDX is available, if present then it sets
+  the dynamic PCDs for Tdx guest. It also builds Guid hob which contains
+  the Host Bridge DevId.
+  **/
+VOID
+IntelTdxInitialize (
+  VOID
+  );
+
 extern EFI_BOOT_MODE  mBootMode;
=20
 VOID
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat=
formPei.inf
index 65e417b2f254..79213f8eb743 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -31,6 +31,7 @@
   MemTypeInfo.c
   Platform.c
   Platform.h
+  IntelTdx.c
=20
 [Packages]
   EmbeddedPkg/EmbeddedPkg.dec
@@ -43,6 +44,7 @@
 [Guids]
   gEfiMemoryTypeInformationGuid
   gFdtHobGuid
+  gUefiOvmfPkgTdxPlatformGuid
=20
 [LibraryClasses]
   BaseLib
@@ -109,6 +111,8 @@
   gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled
   gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
   gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures
+  gEfiMdeModulePkgTokenSpaceGuid.PcdIa32EferChangeAllowed
+  gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask
=20
 [FixedPcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase
--=20
2.29.2.windows.2



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#86797): https://edk2.groups.io/g/devel/message/86797
Mute This Topic: https://groups.io/mt/89252065/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-