Disabling cache by default results in violation of BTG protections (if BTG enabled). BIOS cannot assume that cache is disabled before it executes as ACM may be required to enable NEM.
Whatever solution needs to be done here cannot evict ACM-enabled NEM. Why is boot time increasing? In this failing case was ACM executed / cache enabled by ACM? If not, then CD should be 0 by hardware default right? thanks Catharine -----Original Message----- From: Xu, Min M <min.m...@intel.com> Sent: Tuesday, January 9, 2024 11:52 PM To: devel@edk2.groups.io; Ni, Ray <ray...@intel.com>; Wu, MingliangX <mingliangx...@intel.com> Cc: Yao, Jiewen <jiewen....@intel.com>; Xue, Shengfeng <xueshengf...@byosoft.com.cn>; Dong, Eric <eric.d...@intel.com>; Kumar, Rahul R <rahul.r.ku...@intel.com>; kra...@redhat.com; De, Debkumar <debkumar...@intel.com>; West, Catharine <catharine.w...@intel.com>; Xu, Min M <min.m...@intel.com> Subject: RE: [edk2-devel] [PATCH V1 1/1] UefiCpuPkg/ResetVector: Cache Disable should not be set by default in CR0 This patch causes a regression when launching a vm guest with below command: $ /usr/libexec/qemu-kvm \ -name guestVM1 -machine q35 -accel kvm -m 10240 -smp 8 -cpu host -monitor pty \ -drive format=raw,file=/home/tdvf/centos-stream-9.img \ -bios /home/tdvf/OVMF.fd \ -nic user,hostfwd=tcp::2222-:22 -nographic \ -object iommufd,id=iommufd0 \ -device intel-iommu,caching-mode=on,dma-drain=on,x-scalable-mode="modern",x-pasid-mode=true,device-iotlb=on,iommufd=iommufd0 \ -device vfio-pci,sysfsdev=/sys/bus/dsa/devices/vdev0.0,iommufd=iommufd0,bypass-iommu=false Commit e8aa4c6546 (this patch has been merged) clear the CD bit in CR0 when transferring from real16 mode to 32bit protect mode. After the patch is applied, it costs about 60s in DecompressMemFvs@SecMain.c. > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Ni, Ray > Sent: Thursday, August 3, 2023 4:14 PM > To: devel@edk2.groups.io; Ni, Ray <ray...@intel.com>; Xue, Shengfeng > <xueshengf...@byosoft.com.cn>; Dong, Eric <eric.d...@intel.com>; > Kumar, Rahul R <rahul.r.ku...@intel.com>; kra...@redhat.com; De, > Debkumar <debkumar...@intel.com>; West, Catharine > <catharine.w...@intel.com> > Cc: Wu, MingliangX <mingliangx...@intel.com> > Subject: Re: [edk2-devel] [PATCH V1 1/1] UefiCpuPkg/ResetVector: Cache > Disable should not be set by default in CR0 > > The patch resolves an issue in Boot Guard enabled system that NEM is > already enabled by Boot Guard, disabling cache evicts all cache > content which is unexpected. > > Reviewed-by: Ray Ni <ray...@intel.com> > > > -----Original Message----- > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Ni, > > Ray > > Sent: Wednesday, July 26, 2023 5:56 PM > > To: Xue, Shengfeng <xueshengf...@byosoft.com.cn>; > > devel@edk2.groups.io; Dong, Eric <eric.d...@intel.com>; Kumar, Rahul > > R <rahul.r.ku...@intel.com>; kra...@redhat.com; De, Debkumar > > <debkumar...@intel.com>; West, Catharine <catharine.w...@intel.com> > > Cc: Wu, MingliangX <mingliangx...@intel.com> > > Subject: Re: [edk2-devel] [PATCH V1 1/1] UefiCpuPkg/ResetVector: > > Cache Disable should not be set by default in CR0 > > > > This patch is not right. > > > > Intel SDM explicitly says the initial CR0 value is 6000_0010. CD bit is set. > > > > So the ResetVector code that still sets CD bit should be good. > > > > If you are facing NEM enable failure, can you change your NEM enable > > logic to explicitly clear CD bit instead of changing here? > > > > Thanks, > > Ray > > > > > > > -----Original Message----- > > > From: xueshengfeng <xueshengf...@byosoft.com.cn> > > > Sent: Wednesday, July 26, 2023 5:48 PM > > > To: devel@edk2.groups.io; Dong, Eric <eric.d...@intel.com>; Ni, > > > Ray <ray...@intel.com>; Kumar, Rahul R <rahul.r.ku...@intel.com>; > > > kra...@redhat.com; De, Debkumar <debkumar...@intel.com>; West, > > > Catharine <catharine.w...@intel.com> > > > Cc: Wu, MingliangX <mingliangx...@intel.com>; Wu > > > Subject: [PATCH V1 1/1] UefiCpuPkg/ResetVector: Cache Disable > > > should not be set by default in CR0 > > > > > > From: "Wu, MingliangX" <mingliangx...@intel.com> > > > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4511 > > > > > > With 64 bit build we are seeing the CD in control register CR 0 set. > > > This causes the NEM to disabled for some specific bios profiles. > > > > > > Cc: Eric Dong <eric.d...@intel.com> > > > Cc: Ray Ni <ray...@intel.com> > > > Cc: Rahul Kumar <rahul1.ku...@intel.com> > > > Cc: Gerd Hoffmann <kra...@redhat.com> > > > Cc: Debkumar De <debkumar...@intel.com> > > > Cc: Catharine West <catharine.w...@intel.com> > > > Signed-off-by: Wu, Mingliang <mingliangx...@intel.com> > > > --- > > > UefiCpuPkg/ResetVector/Vtf0/Ia16/Real16ToFlat32.asm | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/UefiCpuPkg/ResetVector/Vtf0/Ia16/Real16ToFlat32.asm > > > b/UefiCpuPkg/ResetVector/Vtf0/Ia16/Real16ToFlat32.asm > > > index f59fc6ead4ba..4af2e875c31c 100644 > > > --- a/UefiCpuPkg/ResetVector/Vtf0/Ia16/Real16ToFlat32.asm > > > +++ b/UefiCpuPkg/ResetVector/Vtf0/Ia16/Real16ToFlat32.asm > > > @@ -7,7 +7,7 @@ > > > ; > > > > > > ;----------------------------------------------------------------- > > > -- > > > ----------- > > > > > > -%define SEC_DEFAULT_CR0 0x40000023 > > > +%define SEC_DEFAULT_CR0 0x00000023 > > > %define SEC_DEFAULT_CR4 0x640 > > > > > > BITS 16 > > > -- > > > 2.26.2.windows.1 > > > > > > > > > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#113536): https://edk2.groups.io/g/devel/message/113536 Mute This Topic: https://groups.io/mt/100367559/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
