On Thu, Oct 21, 2021 at 08:17:34AM +0800, Min Xu wrote: > RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429 > > Intel's Trust Domain Extensions (Intel TDX) refers to an Intel technology > that extends Virtual Machines Extensions (VMX) and Multi-Key Total Memory > Encryption (MKTME) with a new kind of virutal machines guest called a > Trust Domain (TD). A TD is desinged to run in a CPU mode that protects the > confidentiality of TD memory contents and the TD's CPU state from other > software, including the hosting Virtual-Machine Monitor (VMM), unless > explicitly shared by the TD itself. > > Note: Intel TDX is only available on X64, so the Tdx related changes are > in X64 path. In IA32 path, there may be null stub to make the build > success. > > This patch includes below major changes. > > 1. Ia32/IntelTdx.asm > IntelTdx.asm includes below routines used in ResetVector > - IsTdx > Check if the running system is Tdx guest. > > - InitTdxWorkarea > It initialize the TDX_WORK_AREA. Because it is called by both BSP and > APs and to avoid the race condition, only BSP can initialize the > WORK_AREA. AP will wait until the field of TDX_WORK_AREA_PGTBL_READY > is set. > > - ReloadFlat32 > After reset all CPUs in TDX are initialized to 32-bit protected mode. > But GDT register is not set. So this routine loads the GDT then jump > to Flat 32 protected mode again. > > - InitTdx > This routine wrap above 3 routines together to do Tdx initialization > in ResetVector phase. > > - IsTdxEnabled > It is a OneTimeCall to probe if TDX is enabled by checking the > CC_WORK_AREA. > > - CheckTdxFeaturesBeforeBuildPagetables > This routine is called to check if it is Non-TDX guest, TDX-Bsp or > TDX-APs. Because in TDX guest all the initialization is done by BSP > (including the page tables). APs should not build the tables. > > - TdxPostBuildPageTables > It is called after Page Tables are built by BSP. > byte[TDX_WORK_AREA_PGTBL_READY] is set by BSP to indicate APs can > leave spin and go. > > 2. Ia32/PageTables64.asm > As described above only the TDX BSP build the page tables. So > PageTables64.asm is updated to make sure only TDX BSP build the > PageTables. TDX APs will skip the page table building and set Cr3 > directly. > > 3. Ia16/ResetVectorVtf0.asm > In Tdx all CPUs "reset" to run on 32-bit protected mode with flat > descriptor (paging disabled). But in Non-Td guest the initial state of > CPUs is 16-bit real mode. To resolve this conflict, BITS 16/32 is used > in the ResetVectorVtf0.asm. It checks the 32-bit protected mode or 16-bit > real mode, then jump to the corresponding entry point.
Acked-by: Gerd Hoffmann <kra...@redhat.com> -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#82448): https://edk2.groups.io/g/devel/message/82448 Mute This Topic: https://groups.io/mt/86479667/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
