[edk2-devel] [PATCH v1 1/1] UefiPayloadPkg: Add dependency of VariableSmm driver.

[Li, Zhihao]

REF： https://bugzilla.tianocore.org/show_bug.cgi?id=3882

UefiCpuPkg define a new Protocol with the new services
SmmWaitForAllProcessor(), which can be used by SMI handler
to optionally wait for other APs to complete SMM rendezvous in
relaxed AP mode.

VariableSmm driver need use SmmCpuRendezvousLib, So add
SmmCpuRendezvousLib dependency in UefiPayloadPkg which use
VariableSmm driver.

Cc: Guo Dong 
Cc: Ray Ni 
Cc: Maurice Ma 
Cc: Benjamin You 
Cc: Sean Rhodes 
Cc: Siyuan Fu 

Signed-off-by: Zhihao Li 
---
 UefiPayloadPkg/UefiPayloadPkg.dsc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc 
b/UefiPayloadPkg/UefiPayloadPkg.dsc
index 14a8d157a292..a9feba47bbd9 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.dsc
+++ b/UefiPayloadPkg/UefiPayloadPkg.dsc
@@ -3,7 +3,7 @@
 #

 # Provides drivers and definitions to create uefi payload for bootloaders.

 #

-# Copyright (c) 2014 - 2021, Intel Corporation. All rights reserved.

+# Copyright (c) 2014 - 2022, Intel Corporation. All rights reserved.

 # Copyright (c) Microsoft Corporation.

 # SPDX-License-Identifier: BSD-2-Clause-Patent

 #

@@ -352,6 +352,7 @@
   SmmCpuFeaturesLib|UefiCpuPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf

   
CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf

   
ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf

+  
SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf

 !if $(PERFORMANCE_MEASUREMENT_ENABLE)

   PerformanceLib|MdeModulePkg/Library/SmmPerformanceLib/SmmPerformanceLib.inf

 !endif

-- 
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88150): https://edk2.groups.io/g/devel/message/88150
Mute This Topic: https://groups.io/mt/90102732/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v1 1/1] UefiPayloadPkg: Add dependency of VariableSmm driver.

[Li, Zhihao]

REF： https://bugzilla.tianocore.org/show_bug.cgi?id=3882

UefiCpuPkg define a new Protocol with the new services
SmmWaitForAllProcessor(), which can be used by SMI handler
to optionally wait for other APs to complete SMM rendezvous in
relaxed AP mode.

VariableSmm driver need use SmmCpuRendezvousLib, So add
SmmCpuRendezvousLib dependency in UefiPayloadPkg which use
VariableSmm driver.

Cc: Guo Dong 
Cc: Ray Ni 
Cc: Maurice Ma 
Cc: Benjamin You 
Cc: Sean Rhodes 
Cc: Siyuan Fu 

Signed-off-by: Zhihao Li 
---
 UefiPayloadPkg/UefiPayloadPkg.dsc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc 
b/UefiPayloadPkg/UefiPayloadPkg.dsc
index 14a8d157a292..a9feba47bbd9 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.dsc
+++ b/UefiPayloadPkg/UefiPayloadPkg.dsc
@@ -3,7 +3,7 @@
 #

 # Provides drivers and definitions to create uefi payload for bootloaders.

 #

-# Copyright (c) 2014 - 2021, Intel Corporation. All rights reserved.

+# Copyright (c) 2014 - 2022, Intel Corporation. All rights reserved.

 # Copyright (c) Microsoft Corporation.

 # SPDX-License-Identifier: BSD-2-Clause-Patent

 #

@@ -352,6 +352,7 @@
   SmmCpuFeaturesLib|UefiCpuPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf

   
CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf

   
ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf

+  
SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf

 !if $(PERFORMANCE_MEASUREMENT_ENABLE)

   PerformanceLib|MdeModulePkg/Library/SmmPerformanceLib/SmmPerformanceLib.inf

 !endif

-- 
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88149): https://edk2.groups.io/g/devel/message/88149
Mute This Topic: https://groups.io/mt/90102732/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 3/3] Basetools: turn off gcc12 warning

[Bob Feng]

Hi Gerd,

Could you provide a patch to fix this issue or revert the original commit? 

Thanks,
Bob

-Original Message-
From: Rebecca Cran  
Sent: Tuesday, March 29, 2022 5:30 AM
To: devel@edk2.groups.io; kra...@redhat.com
Cc: Pawel Polawski ; Gao, Liming 
; Chen, Christine ; Oliver 
Steffen ; Feng, Bob C 
Subject: Re: [edk2-devel] [PATCH 3/3] Basetools: turn off gcc12 warning

This breaks building BaseTools with clang 13.1.6 on macOS:


/Applications/Xcode.app/Contents/Developer/usr/bin/make -C DevicePath gcc  -c  
-I .. -I ../Include/Common -I ../Include/ -I ../Include/IndustryStandard -I 
../Common/ -I .. -I . -I ../Include/AArch64/ -MD -fshort-wchar 
-fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations 
-Wno-self-assign -Wno-unused-result -nostdlib -g -O2  
-Wno-error=stringop-overflow DevicePath.c -o DevicePath.o
error: unknown warning option '-Werror=stringop-overflow'; did you mean 
'-Werror=shift-overflow'? [-Werror,-Wunknown-warning-option]


-- 

Rebecca Cran


On 3/24/22 6:04 AM, Gerd Hoffmann wrote:
> In function ‘SetDevicePathEndNode’,
>  inlined from ‘FileDevicePath’ at DevicePathUtilities.c:857:5:
> DevicePathUtilities.c:321:3: error: writing 4 bytes into a region of size 1 
> [-Werror=stringop-overflow=]
>321 |   memcpy (Node, , sizeof 
> (mUefiDevicePathLibEndDevicePath));
>|   
> ^
> In file included from UefiDevicePathLib.h:22,
>   from DevicePathUtilities.c:16:
> ../Include/Protocol/DevicePath.h: In function ‘FileDevicePath’:
> ../Include/Protocol/DevicePath.h:51:9: note: destination object ‘Type’ of 
> size 1
> 51 |   UINT8 Type;   ///< 0x01 Hardware Device Path.
>| ^~~~
>
> Signed-off-by: Gerd Hoffmann 
> ---
>   BaseTools/Source/C/DevicePath/GNUmakefile | 3 +++
>   1 file changed, 3 insertions(+)
>
> diff --git a/BaseTools/Source/C/DevicePath/GNUmakefile 
> b/BaseTools/Source/C/DevicePath/GNUmakefile
> index 7ca08af9662d..b05d2bddfa68 100644
> --- a/BaseTools/Source/C/DevicePath/GNUmakefile
> +++ b/BaseTools/Source/C/DevicePath/GNUmakefile
> @@ -13,6 +13,9 @@ OBJECTS = DevicePath.o UefiDevicePathLib.o 
> DevicePathFromText.o  DevicePathUtili
>   
>   include $(MAKEROOT)/Makefiles/app.makefile
>   
> +# gcc 12 trips over device path handling BUILD_CFLAGS += 
> +-Wno-error=stringop-overflow
> +
>   LIBS = -lCommon
>   ifeq ($(CYGWIN), CYGWIN)
> LIBS += -L/lib/e2fsprogs -luuid


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88147): https://edk2.groups.io/g/devel/message/88147
Mute This Topic: https://groups.io/mt/89997416/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 1/2] UefiPayloadPkg: Add a new DebugPrintErrorLevelLib instance

[Guo Dong]

I replied in another email. It looks the comments are not addressed in this 
patch, especially on this comment:
In the DebugPrintErrorLevel.h, ErrorLevel is defined as UINT32, but its usage 
is not clear for bootloaders ( so need add more info in the header file)

Thanks,
Guo
-Original Message-
From: Xie, Yuanhao  
Sent: Sunday, March 27, 2022 10:59 PM
To: devel@edk2.groups.io
Cc: Dong, Guo ; Ni, Ray ; Maurice Ma 
; You, Benjamin ; Rhodes, Sean 

Subject: [PATCH 1/2] UefiPayloadPkg: Add a new DebugPrintErrorLevelLib instance

It consumes the HOB defined in
UefiPayloadPkg/Include/Guid/DebugPrintErrorLevel.h, and allow bootloader  to 
config DebugPrintErrorLevel.

Cc: Guo Dong 
Cc: Ray Ni 
Cc: Maurice Ma 
Cc: Benjamin You 
Cc: Sean Rhodes 

Signed-off-by: Yuanhao Xie 
---
 UefiPayloadPkg/Include/Guid/DebugPrintErrorLevel.h 
  | 27 +++
 UefiPayloadPkg/Library/DebugPrintErrorLevelLibHob/DebugPrintErrorLevelLibHob.c 
  | 77 
+
 
UefiPayloadPkg/Library/DebugPrintErrorLevelLibHob/DebugPrintErrorLevelLibHob.inf
 | 39 +++
 UefiPayloadPkg/UefiPayloadPkg.dec  
  |  2 +-
 4 files changed, 144 insertions(+), 1 deletion(-)

diff --git a/UefiPayloadPkg/Include/Guid/DebugPrintErrorLevel.h 
b/UefiPayloadPkg/Include/Guid/DebugPrintErrorLevel.h
new file mode 100644
index 00..9a3f4eb28e
--- /dev/null
+++ b/UefiPayloadPkg/Include/Guid/DebugPrintErrorLevel.h
@@ -0,0 +1,27 @@
+/** @file
+  Define the structure for Debug Print Error Level Guid Hob.
+
+Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef UNIVERSAL_PAYLOAD_DEBUG_PRINT_ERROR_LEVEL_H_
+#define UNIVERSAL_PAYLOAD_DEBUG_PRINT_ERROR_LEVEL_H_
+
+#include 
+#include 
+
+#pragma pack (1)
+
+typedef struct {
+  UNIVERSAL_PAYLOAD_GENERIC_HEADERHeader;
+  UINT32  ErrorLevel;
+} UNIVERSAL_PAYLOAD_DEBUG_PRINT_ERROR_LEVEL;
+
+#pragma pack()
+
+#define UNIVERSAL_PAYLOAD_DEBUG_PRINT_ERROR_LEVEL_REVISION  1
+
+extern GUID  gEdkiiDebugPrintErrorLevelGuid; #endif
diff --git 
a/UefiPayloadPkg/Library/DebugPrintErrorLevelLibHob/DebugPrintErrorLevelLibHob.c
 
b/UefiPayloadPkg/Library/DebugPrintErrorLevelLibHob/DebugPrintErrorLevelLibHob.c
new file mode 100644
index 00..18378249ab
--- /dev/null
+++ b/UefiPayloadPkg/Library/DebugPrintErrorLevelLibHob/DebugPrintErrorL
+++ evelLibHob.c
@@ -0,0 +1,77 @@
+/** @file
+  Debug Print Error Level library instance that retrieves
+  the DebugPrintErrorLevel from bootloader.
+
+  Copyright (c) 2022, Intel Corporation. All rights reserved.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+STATIC UINT32  gDebugPrintErrorLevel;
+STATIC BOOLEAN gDebugPrintErrorLevelInitialized = FALSE;
+/**
+  Returns the debug print error level mask for the current module.
+
+  @return  Debug print error level mask for the current module.
+
+**/
+UINT32
+EFIAPI
+GetDebugPrintErrorLevel (
+  VOID
+  )
+{
+  VOID*GuidHob;
+  UNIVERSAL_PAYLOAD_GENERIC_HEADER*GenericHeader;
+  UNIVERSAL_PAYLOAD_DEBUG_PRINT_ERROR_LEVEL   *DebugPrintErrorLevel;
+
+  if (!gDebugPrintErrorLevelInitialized) {
+gDebugPrintErrorLevelInitialized = TRUE;
+gDebugPrintErrorLevel = PcdGet32(PcdDebugPrintErrorLevel);
+GuidHob = GetFirstGuidHob ();
+if (GuidHob != NULL) {
+  GenericHeader = (UNIVERSAL_PAYLOAD_GENERIC_HEADER *)GET_GUID_HOB_DATA 
(GuidHob);
+  if ((sizeof (UNIVERSAL_PAYLOAD_GENERIC_HEADER) < GET_GUID_HOB_DATA_SIZE 
(GuidHob)) 
+  && (GenericHeader->Length <= GET_GUID_HOB_DATA_SIZE (GuidHob))) {
+if (GenericHeader->Revision == 
UNIVERSAL_PAYLOAD_DEBUG_PRINT_ERROR_LEVEL_REVISION) {
+  DebugPrintErrorLevel =  (UNIVERSAL_PAYLOAD_DEBUG_PRINT_ERROR_LEVEL 
*)GET_GUID_HOB_DATA (GuidHob);
+  if (DebugPrintErrorLevel->Header.Length > 
UNIVERSAL_PAYLOAD_SIZEOF_THROUGH_FIELD 
(UNIVERSAL_PAYLOAD_DEBUG_PRINT_ERROR_LEVEL, ErrorLevel)) {
+gDebugPrintErrorLevel = DebugPrintErrorLevel->ErrorLevel;  
+  }
+}
+  } 
+}
+  }
+  return gDebugPrintErrorLevel;
+}
+
+/**
+  Sets the global debug print error level mask fpr the entire platform.
+
+  @param   ErrorLevel Global debug print error level.
+
+  @retval  TRUE   The debug print error level mask was sucessfully set.
+  @retval  FALSE  The debug print error level mask could not be set.
+
+**/
+BOOLEAN
+EFIAPI
+SetDebugPrintErrorLevel (
+  UINT32  ErrorLevel
+  )
+{
+  //
+  // This library uinstance does not support setting the global debug 
+print error
+  // level mask.
+  //
+  return FALSE;
+}
diff --git 

Re: [edk2-devel] [PATCH v1 01/28] MdeModulePkg: Add a new GUID

[Wang, Jian J]

Reviewed-by: Jian J Wang 

Regards,
Jian

> -Original Message-
> From: Vang, Judah 
> Sent: Saturday, March 26, 2022 6:03 AM
> To: devel@edk2.groups.io
> Cc: Wang, Jian J ; Gao, Liming
> ; Mistry, Nishant C 
> Subject: [PATCH v1 01/28] MdeModulePkg: Add a new GUID
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594
> 
> Add a new Variable Store Guid.
> 
> Cc: Jian J Wang 
> Cc: Liming Gao 
> Cc: Nishant C Mistry 
> Signed-off-by: Judah Vang 
> ---
>  MdeModulePkg/MdeModulePkg.dec | 13 -
>  1 file changed, 12 insertions(+), 1 deletion(-)
> 
> diff --git a/MdeModulePkg/MdeModulePkg.dec
> b/MdeModulePkg/MdeModulePkg.dec
> index 40601c95832b..681607db0da6 100644
> --- a/MdeModulePkg/MdeModulePkg.dec
> +++ b/MdeModulePkg/MdeModulePkg.dec
> @@ -4,7 +4,7 @@
>  # and libraries instances, which are used for those modules.
>  #
>  # Copyright (c) 2019, NVIDIA CORPORATION. All rights reserved.
> -# Copyright (c) 2007 - 2021, Intel Corporation. All rights reserved.
> +# Copyright (c) 2007 - 2022, Intel Corporation. All rights reserved.
>  # Copyright (c) 2016, Linaro Ltd. All rights reserved.
>  # (C) Copyright 2016 - 2019 Hewlett Packard Enterprise Development LP
>  # Copyright (c) 2017, AMD Incorporated. All rights reserved.
> @@ -93,6 +93,14 @@ [LibraryClasses]
>#
>TpmMeasurementLib|Include/Library/TpmMeasurementLib.h
> 
> +  ## @libraryclass  Provides interfaces to encrypt/decrypt variable.
> +  #
> +  EncryptionVariableLib|Include/Library/EncryptionVariableLib.h
> +
> +  ## @libraryclass  Provides interfaces to encrypt/decrypt variable.
> +  #
> +  ProtectedVariableLib|Include/Library/ProtectedVariableLib.h
> +
>## @libraryclass  Provides authenticated variable services.
>#
>AuthVariableLib|Include/Library/AuthVariableLib.h
> @@ -505,6 +513,9 @@ [Ppis]
>gEdkiiPeiCapsuleOnDiskPpiGuid = { 0x71a9ea61, 0x5a35, 0x4a5d, 
> { 0xac,
> 0xef, 0x9c, 0xf8, 0x6d, 0x6d, 0x67, 0xe0 } }
>gEdkiiPeiBootInCapsuleOnDiskModePpiGuid   = { 0xb08a11e4, 0xe2b7, 0x4b75,
> { 0xb5, 0x15, 0xaf, 0x61, 0x6, 0x68, 0xbf, 0xd1  } }
> 
> +  ## Include/Ppi/ReadOnlyVariable2.h
> +  gEfiPeiVariableStoreDiscoveredPpiGuid = { 0xa2fc038d, 0xfdf5, 0x4501,
> { 0xaf, 0x8e, 0x69, 0xb0, 0x20, 0xec, 0xe6, 0x63 } }
> +
>  [Protocols]
>## Load File protocol provides capability to load and unload EFI image into
> memory and execute it.
>#  Include/Protocol/LoadPe32Image.h
> --
> 2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88146): https://edk2.groups.io/g/devel/message/88146
Mute This Topic: https://groups.io/mt/90033942/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 14/17] Silicon/Ampere: Update ArmPlatformLib to work with changed ARM_CORE_INFO

[Nhi Pham via groups.io]

On 27/03/2022 05:00, Leif Lindholm wrote:

On Sat, Mar 26, 2022 at 16:12:07 +0700, Nhi Pham via groups.io wrote:

Would you be happy for me to fold that into
"AmpereAltraPkg, JadePkg: Add ACPI support", or would you be able to
submit a v6 of that patch only?

Best Regards,

Leif

Thanks much for the patch. The MPIDR decoding matches with Rebecca's update
for the ArmPlatformLib earlier and the ARM_CORE_INFO is just consumed in the
AcpiSrat.c. So, that is good for now. Please help fold that into the ACPI
patch when merging the rest of the Mt. Jade support patchset.

Done. I just pushed up to and including patch 29 as
41628dcf3332..e18e208e7105.

Thanks, Leif. I'm happy to hear that.


(I will take a look at patch 30 on Monday, but I couldn't find that I
had signed off on it anywhere.)


It seems like you have not reviewed the v5 of patch 30 yet.

Best regards,

Nhi



Apologies for the delay in getting this merged.


In the future, I will follow up with a patch that makes the representation
of MPIDR in the ARM_CORE_INFO the same as in MADT table.

That sounds ideal, thanks.

Best Regards,

Leif



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88145): https://edk2.groups.io/g/devel/message/88145
Mute This Topic: https://groups.io/mt/8839/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH] bRefClkFreq UFS card attribute need to be programmed after fDeviceInit

[Wu, Hao A]

Pushed via:
PR - https://github.com/tianocore/edk2/pull/2701
Commit - 
https://github.com/tianocore/edk2/commit/7456990e8eebe3b935447253bb6d1d3129839122

Best Regards,
Hao Wu

> -Original Message-
> From: devel@edk2.groups.io  On Behalf Of Wu, Hao A
> Sent: Monday, March 28, 2022 8:30 AM
> To: devel@edk2.groups.io; Bandaru, Purna Chandra Rao
> 
> Cc: Albecki, Mateusz ; Gao, Liming
> ; Liu, Zhiguang 
> Subject: Re: [edk2-devel] [PATCH] bRefClkFreq UFS card attribute need to be
> programmed after fDeviceInit
> 
> Will slightly modify the subject to:
> MdeModulePkg/Ufs: bRefClkFreq attribute be programmed after fDeviceInit
> 
> Reviewed-by: Hao A Wu  Will wait a day before merging
> to see if comment from other reviewers.
> 
> Best Regards,
> Hao Wu
> 
> > -Original Message-
> > From: devel@edk2.groups.io  On Behalf Of
> > Bandaru, Purna Chandra Rao
> > Sent: Friday, March 25, 2022 8:18 PM
> > To: devel@edk2.groups.io
> > Cc: Bandaru, Purna Chandra Rao ;
> > Wu, Hao A ; Albecki, Mateusz
> > ; Gao, Liming ;
> > Liu, Zhiguang 
> > Subject: [edk2-devel] [PATCH] bRefClkFreq UFS card attribute need to
> > be programmed after fDeviceInit
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3886
> >
> > bRefClkFreq UFS card attribute need to be read and written after
> > successful fDeviceInit and NOP response so that link will be stable.
> >
> > Cc: Wu Hao A 
> > Cc: Albecki Mateusz 
> > Cc: Liming Gao 
> > Cc: Zhiguang Liu 
> >
> > Signed-off-by: Purna Chandra Rao Bandaru
> > 
> > ---
> >  .../Bus/Ufs/UfsPassThruDxe/UfsPassThru.c  | 34 +--
> >  1 file changed, 17 insertions(+), 17 deletions(-)
> >
> > diff --git a/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c
> > b/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c
> > index dc78e09678..ae593ff03a 100644
> > --- a/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c
> > +++ b/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c
> > @@ -919,6 +919,23 @@ UfsPassThruDriverBindingStart (
> >  goto Error;
> >}
> >
> > +  //
> > +  // UFS 2.0 spec Section 13.1.3.3:
> > +  // At the end of the UFS Interconnect Layer initialization on both
> > + host and device side,  // the host shall send a NOP OUT UPIU to
> > + verify that the
> > device UTP Layer is ready.
> > +  //
> > +  Status = UfsExecNopCmds (Private);
> > +  if (EFI_ERROR (Status)) {
> > +DEBUG ((DEBUG_ERROR, "Ufs Sending NOP IN command Error, Status
> > = %r\n", Status));
> > +goto Error;
> > +  }
> > +
> > +  Status = UfsFinishDeviceInitialization (Private);  if (EFI_ERROR
> > + (Status)) {
> > +DEBUG ((DEBUG_ERROR, "Device failed to finish initialization,
> > + Status = %r\n",
> > Status));
> > +goto Error;
> > +  }
> > +
> >if ((mUfsHcPlatform != NULL) &&
> >((mUfsHcPlatform->RefClkFreq == EdkiiUfsCardRefClkFreq19p2Mhz) ||
> > (mUfsHcPlatform->RefClkFreq == EdkiiUfsCardRefClkFreq26Mhz) ||
> > @@ -
> > 967,23 +984,6 @@ UfsPassThruDriverBindingStart (
> >  }
> >}
> >
> > -  //
> > -  // UFS 2.0 spec Section 13.1.3.3:
> > -  // At the end of the UFS Interconnect Layer initialization on both
> > host and device side,
> > -  // the host shall send a NOP OUT UPIU to verify that the device UTP
> > Layer is ready.
> > -  //
> > -  Status = UfsExecNopCmds (Private);
> > -  if (EFI_ERROR (Status)) {
> > -DEBUG ((DEBUG_ERROR, "Ufs Sending NOP IN command Error, Status
> > = %r\n", Status));
> > -goto Error;
> > -  }
> > -
> > -  Status = UfsFinishDeviceInitialization (Private);
> > -  if (EFI_ERROR (Status)) {
> > -DEBUG ((DEBUG_ERROR, "Device failed to finish initialization, Status
> = %r\n",
> > Status));
> > -goto Error;
> > -  }
> > -
> >//
> >// Check if 8 common luns are active and set corresponding bit mask.
> >//
> > --
> > 2.31.1.windows.1
> >
> >
> >
> >
> >
> 
> 
> 
> 
> 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88144): https://edk2.groups.io/g/devel/message/88144
Mute This Topic: https://groups.io/mt/90020932/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] Event: TianoCore Bug Triage - APAC / NAMO - 03/29/2022 #cal-reminder

[devel@edk2.groups.io Calendar]

BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Groups.io Inc//Groups.io Calendar//EN
METHOD:PUBLISH
REFRESH-INTERVAL;VALUE=DURATION:PT1H
X-PUBLISHED-TTL:PT1H
CALSCALE:GREGORIAN
BEGIN:VTIMEZONE
TZID:America/Los_Angeles
LAST-MODIFIED:20220317T223602Z
TZURL:http://tzurl.org/zoneinfo-outlook/America/Los_Angeles
X-LIC-LOCATION:America/Los_Angeles
BEGIN:DAYLIGHT
TZNAME:PDT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
DTSTART:19700308T02
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU
END:DAYLIGHT
BEGIN:STANDARD
TZNAME:PST
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
DTSTART:19701101T02
RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
X-GIOIDS:Event:1238718 
UID:mlda.1580078539586725120.r...@groups.io
DTSTAMP:20220329T013001Z
ORGANIZER;CN=Liming Gao:mailto:gaolim...@byosoft.com.cn
DTSTART:20220330T013000Z
DTEND:20220330T023000Z
SUMMARY:TianoCore Bug Triage - APAC / NAMO
DESCRIPTION:TianoCore Bug Triage - APAC / NAMO\n\nHosted by Liming Gao\n\
 n
 \n\nMicrosoft Teams meeting\n\n*Join on your computer or mobile a
 pp*\n\nClick here to join the meeting ( https://teams.microsoft.com/l/mee
 tup-join/19%3ameeting_OTUyZTg2NjgtNDhlNS00ODVlLTllYTUtYzg1OTNjNjdiZjFh%40
 thread.v2/0?context=%7b%22Tid%22%3a%2246c98d88-e344-4ed4-8496-4ed7712e255
 d%22%2c%22Oid%22%3a%22b286b53a-1218-4db3-bfc9-3d4c5aa7669e%22%7d )\n\n*Jo
 in with a video conferencing device*\n\nte...@conf.intel.com\n\nVideo Con
 ference ID: 116 062 094 0\n\nAlternate VTC dialing instructions ( https:/
 /conf.intel.com/teams/?conf=1160620940=teams=conf.intel.com=te
 st_call )\n\n*Or call in (audio only)*\n\n+1 916-245-6934\,\,77463821# ( 
 tel:+19162456934\,\,77463821# ) United States\, Sacramento\n\nPhone Confe
 rence ID: 774 638 21#\n\nFind a local number ( https://dialin.teams.micro
 soft.com/d195d438-2daa-420e-b9ea-da26f9d1d6d5?id=77463821 ) | Reset PIN (
  https://mysettings.lync.com/pstnconferencing )\n\nLearn More ( https://a
 ka.ms/JoinTeamsMeeting ) | Meeting options ( https://teams.microsoft.com/
 meetingOptions/?organizerId=b286b53a-1218-4db3-bfc9-3d4c5aa7669e
 =46c98d88-e344-4ed4-8496-4ed7712e255d=19_meeting_OTUyZTg2NjgtNDh
 lNS00ODVlLTllYTUtYzg1OTNjNjdiZjFh@thread.v2=0=en-US )
LOCATION:https://teams.microsoft.com/l/meetup-join/19%3ameeting_OTk1YzJhN
 2UtOGQwNi00NjY4LWEwMTktY2JiODRlYTY1NmY0%40thread.v2/0?context=%7b%22Tid%2
 2%3a%2246c98d88-e344-4ed4-8496-4ed7712e255d%22%2c%22Oid%22%3a%226e4ce4c4-
 1242-431b-9a51-92cd01a5df3c%22%7d
SEQUENCE:2
END:VEVENT
END:VCALENDAR


invite.ics
Description: application/ics

[edk2-devel] Now: Tools, CI, Code base construction meeting series - 03/28/2022 #cal-notice

[devel@edk2.groups.io Calendar]

*Tools, CI, Code base construction meeting series*

*When:*
03/28/2022
4:30pm to 5:30pm
(UTC-07:00) America/Los Angeles

*Where:*
https://github.com/tianocore/edk2/discussions/2614

View Event ( https://edk2.groups.io/g/devel/viewevent?eventid=1463509 )

*Description:*

TianoCore community,

Microsoft and Intel will be hosting a series of open meetings to discuss build, 
CI, tools, and other related topics. If you are interested, have ideas/opinions 
please join us. These meetings will be Monday 4:30pm Pacific Time on Microsoft 
Teams.

MS Teams Link in following discussion: * 
https://github.com/tianocore/edk2/discussions/2614

Anyone is welcome to join.

* tianocore/edk2: EDK II (github.com)
* tianocore/edk2-basetools: EDK II BaseTools Python tools as a PIP module 
(github.com) https://github.com/tianocore/edk2-basetools
* tianocore/edk2-pytool-extensions: Extensions to the edk2 build system 
allowing for a more robust and plugin based build system and tool execution 
environment (github.com) https://github.com/tianocore/edk2-pytool-extensions
* tianocore/edk2-pytool-library: Python library package that supports UEFI 
development (github.com) https://github.com/tianocore/edk2-pytool-library

MS Teams Browser Clients * 
https://docs.microsoft.com/en-us/microsoftteams/get-clients?tabs=Windows#browser-client


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88142): https://edk2.groups.io/g/devel/message/88142
Mute This Topic: https://groups.io/mt/90098114/21656
Mute #cal-notice:https://edk2.groups.io/g/devel/mutehashtag/cal-notice
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: 回复: [edk2-devel] [PATCH v1 1/1] MdeModulePkg: PiSmmCore: Inspect memory guarded with pool headers

[Kun Qin]

Thanks, Liming.

SMM owners/authors,

Could you please also review the original issue and this patch to 
provide feedback?


Thanks,
Kun

On 3/17/2022 6:20 PM, gaoliming wrote:

Reviewed-by: Liming Gao 


-邮件原件-
发件人: devel@edk2.groups.io  代表 Kun Qin
发送时间: 2022年3月16日 12:00
收件人: devel@edk2.groups.io
抄送: Jiewen Yao ; Eric Dong ;
Ray Ni ; Jian J Wang ; Liming Gao

主题: [edk2-devel] [PATCH v1 1/1] MdeModulePkg: PiSmmCore: Inspect
memory guarded with pool headers

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3488

Current free pool routine from PiSmmCore will inspect memory guard status
for target buffer without considering pool headers. This could lead to
`IsMemoryGuarded` function to return incorrect results.

In that sense, allocating a 0 sized pool could cause an allocated buffer
directly points into a guard page, which is legal. However, trying to
free this pool will cause the routine changed in this commit to read XP
pages, which leads to page fault.

This change will inspect memory guarded with pool headers. This can avoid
errors when a pool content happens to be on a page boundary.

Cc: Jiewen Yao 
Cc: Eric Dong 
Cc: Ray Ni 
Cc: Jian J Wang 
Cc: Liming Gao 

Signed-off-by: Kun Qin 
---
  MdeModulePkg/Core/PiSmmCore/Pool.c | 10 +-
  1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/MdeModulePkg/Core/PiSmmCore/Pool.c
b/MdeModulePkg/Core/PiSmmCore/Pool.c
index 96ebe811c669..e1ff40a8ea55 100644
--- a/MdeModulePkg/Core/PiSmmCore/Pool.c
+++ b/MdeModulePkg/Core/PiSmmCore/Pool.c
@@ -382,11 +382,6 @@ SmmInternalFreePool (
  return EFI_INVALID_PARAMETER;
}

-  MemoryGuarded = IsHeapGuardEnabled () &&
-  IsMemoryGuarded
((EFI_PHYSICAL_ADDRESS)(UINTN)Buffer);
-  HasPoolTail = !(MemoryGuarded &&
-  ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) ==
0));
-
FreePoolHdr = (FREE_POOL_HEADER *)((POOL_HEADER *)Buffer - 1);
ASSERT (FreePoolHdr->Header.Signature == POOL_HEAD_SIGNATURE);
ASSERT (!FreePoolHdr->Header.Available);
@@ -394,6 +389,11 @@ SmmInternalFreePool (
  return EFI_INVALID_PARAMETER;
}

+  MemoryGuarded = IsHeapGuardEnabled () &&
+  IsMemoryGuarded
((EFI_PHYSICAL_ADDRESS)(UINTN)FreePoolHdr);
+  HasPoolTail = !(MemoryGuarded &&
+  ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) ==
0));
+
if (HasPoolTail) {
  PoolTail = HEAD_TO_TAIL (>Header);
  ASSERT (PoolTail->Signature == POOL_TAIL_SIGNATURE);
--
2.35.1.windows.2











-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88141): https://edk2.groups.io/g/devel/message/88141
Mute This Topic: https://groups.io/mt/89859554/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 3/3] Basetools: turn off gcc12 warning

[Rebecca Cran]

This breaks building BaseTools with clang 13.1.6 on macOS:


/Applications/Xcode.app/Contents/Developer/usr/bin/make -C DevicePath
gcc  -c  -I .. -I ../Include/Common -I ../Include/ -I 
../Include/IndustryStandard -I ../Common/ -I .. -I . -I 
../Include/AArch64/ -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror 
-Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result 
-nostdlib -g -O2  -Wno-error=stringop-overflow DevicePath.c -o DevicePath.o
error: unknown warning option '-Werror=stringop-overflow'; did you mean 
'-Werror=shift-overflow'? [-Werror,-Wunknown-warning-option]



--

Rebecca Cran


On 3/24/22 6:04 AM, Gerd Hoffmann wrote:

In function ‘SetDevicePathEndNode’,
 inlined from ‘FileDevicePath’ at DevicePathUtilities.c:857:5:
DevicePathUtilities.c:321:3: error: writing 4 bytes into a region of size 1 
[-Werror=stringop-overflow=]
   321 |   memcpy (Node, , sizeof 
(mUefiDevicePathLibEndDevicePath));
   |   
^
In file included from UefiDevicePathLib.h:22,
  from DevicePathUtilities.c:16:
../Include/Protocol/DevicePath.h: In function ‘FileDevicePath’:
../Include/Protocol/DevicePath.h:51:9: note: destination object ‘Type’ of size 1
51 |   UINT8 Type;   ///< 0x01 Hardware Device Path.
   | ^~~~

Signed-off-by: Gerd Hoffmann 
---
  BaseTools/Source/C/DevicePath/GNUmakefile | 3 +++
  1 file changed, 3 insertions(+)

diff --git a/BaseTools/Source/C/DevicePath/GNUmakefile 
b/BaseTools/Source/C/DevicePath/GNUmakefile
index 7ca08af9662d..b05d2bddfa68 100644
--- a/BaseTools/Source/C/DevicePath/GNUmakefile
+++ b/BaseTools/Source/C/DevicePath/GNUmakefile
@@ -13,6 +13,9 @@ OBJECTS = DevicePath.o UefiDevicePathLib.o 
DevicePathFromText.o  DevicePathUtili
  
  include $(MAKEROOT)/Makefiles/app.makefile
  
+# gcc 12 trips over device path handling

+BUILD_CFLAGS += -Wno-error=stringop-overflow
+
  LIBS = -lCommon
  ifeq ($(CYGWIN), CYGWIN)
LIBS += -L/lib/e2fsprogs -luuid



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88140): https://edk2.groups.io/g/devel/message/88140
Mute This Topic: https://groups.io/mt/89997416/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH 1/2] OvmfPkg/AmdSev: Reorder MEMFD pages to match the order in OvmfPkgX64.fdf

[Dov Murik]

Reorder the pages in the MEMFD section of AmdSevX64.fdf so that it
matches the same order used in OvmfPkgX64.fdf.

After this change, this is the difference in the MEMFD of the two
targets:

$ diff -u \
   <(sed -ne '/FD.MEMFD/,/FV.SECFV/p' OvmfPkg/OvmfPkgX64.fdf) \
   <(sed -ne '/FD.MEMFD/,/FV.SECFV/p' OvmfPkg/AmdSev/AmdSevX64.fdf)
--- /dev/fd/63  2022-03-28 18:07:59.657531210 +
+++ /dev/fd/62  2022-03-28 18:07:59.657531210 +
@@ -32,6 +32,12 @@
 0x00E000|0x001000
 
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidSize

+0x00F000|0x000C00
+gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize
+
+0x00FC00|0x000400
+gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize
+
 0x01|0x01
 
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize

Cc: Ard Biesheuvel 
Cc: Jiewen Yao 
Cc: Jordan Justen 
Cc: Gerd Hoffmann 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Min Xu 
Cc: Tom Lendacky 
Cc: Tobin Feldman-Fitzthum 
Signed-off-by: Dov Murik 
---
 OvmfPkg/AmdSev/AmdSevX64.fdf | 18 +-
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index 31f2be66361f..208f969cefc9 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -59,21 +59,21 @@ 
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmf
 0x00B000|0x001000
 
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize
 
-0x00C000|0x000C00
-gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize
-
-0x00CC00|0x000400
-gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize
-
-0x00D000|0x001000
+0x00C000|0x001000
 
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize
 
-0x00E000|0x001000
+0x00D000|0x001000
 
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize
 
-0x00F000|0x001000
+0x00E000|0x001000
 
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidSize
 
+0x00F000|0x000C00
+gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize
+
+0x00FC00|0x000400
+gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize
+
 0x01|0x01
 
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
 
-- 
2.20.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88139): https://edk2.groups.io/g/devel/message/88139
Mute This Topic: https://groups.io/mt/90092200/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH 0/2] OvmfPkg: Enable measured direct boot on AMD SEV-SNP

[Dov Murik]

AMD SEV and SEV-ES support measured direct boot with
kernel/initrd/cmdline hashes injected by QEMU and verified by OVMF
during boot.

To enable the same approach for AMD SEV-SNP we make sure the page in
which QEMU inserts the hashes of kernel/initrd/cmdline is not already
pre-validated, as SNP doesn't allow validating a page twice.

The first patch rearranges the pages in AmdSevX64's MEMFD so they are in
the same order both as in the main target (OvmfPkgX64), with the
exception of the SEV Launch Secret page which isn't defined in
OvmfPkgX64.

The second patch modifies the SNP metadata structure such that on
AmdSev target the SEV Launch Secret page is not included in the ranges
that are pre-validated (zero pages) by the VMM; instead the VMM will
insert content into this page, or mark it explicitly as a zero page if
no hashes are added.

A corresponding RFC patch to QEMU will be published soon.

Cc: Ard Biesheuvel 
Cc: Jiewen Yao 
Cc: Jordan Justen 
Cc: Gerd Hoffmann 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Min Xu 
Cc: Tom Lendacky 
Cc: Tobin Feldman-Fitzthum 

Dov Murik (2):
  OvmfPkg/AmdSev: Reorder MEMFD pages to match the order in
OvmfPkgX64.fdf
  OvmfPkg/ResetVector: Exclude SEV launch secrets page from
pre-validation

 OvmfPkg/AmdSev/AmdSevX64.fdf  | 18 +-
 OvmfPkg/ResetVector/ResetVector.nasmb | 15 ++-
 2 files changed, 23 insertions(+), 10 deletions(-)

-- 
2.20.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88137): https://edk2.groups.io/g/devel/message/88137
Mute This Topic: https://groups.io/mt/90092198/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH 2/2] OvmfPkg/ResetVector: Exclude SEV launch secrets page from pre-validation

[Dov Murik]

In order to allow the VMM (such as QEMU) to add a page with hashes of
kernel/initrd/cmdline for measured direct boot on SNP, this page must
not be part of the SNP metadata list reported to the VMM.

Check if that page is defined; if it is, skip it in the metadata list.
In such case, VMM should fill the page with the hashes content, or
explicitly update it as a zero page (if kernel hashes are not used).

Note that for SNP, the launch secret part of the page (lower 3KB) are
not relevant and will stay zero.  The last 1KB is used for the hashes.

This should have no effect on OvmfPkgX64 targets (which don't define
PcdSevLaunchSecretBase).

Cc: Ard Biesheuvel 
Cc: Jiewen Yao 
Cc: Jordan Justen 
Cc: Gerd Hoffmann 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Min Xu 
Cc: Tom Lendacky 
Cc: Tobin Feldman-Fitzthum 
Signed-off-by: Dov Murik 
---
 OvmfPkg/ResetVector/ResetVector.nasmb | 15 ++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb 
b/OvmfPkg/ResetVector/ResetVector.nasmb
index 9421f4818907..ac4c7e763b82 100644
--- a/OvmfPkg/ResetVector/ResetVector.nasmb
+++ b/OvmfPkg/ResetVector/ResetVector.nasmb
@@ -121,7 +121,20 @@
   ;
   %define SNP_SEC_MEM_BASE_DESC_2 (GHCB_BASE + 0x1000)
   %define SNP_SEC_MEM_SIZE_DESC_2 (SEV_SNP_SECRETS_BASE - 
SNP_SEC_MEM_BASE_DESC_2)
-  %define SNP_SEC_MEM_BASE_DESC_3 (CPUID_BASE + CPUID_SIZE)
+
+  %if (FixedPcdGet32 (PcdSevLaunchSecretBase) > 0)
+; There's a reserved page for SEV secrets and hashes; the VMM will fill and
+; validate the page, or mark it as a zero page.
+%define EXPECTED_END_OF_LAUNCH_SECRET_PAGE (FixedPcdGet32 
(PcdSevLaunchSecretBase) + \
+FixedPcdGet32 
(PcdSevLaunchSecretSize) + \
+FixedPcdGet32 
(PcdQemuHashTableSize))
+%if (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase) != 
EXPECTED_END_OF_LAUNCH_SECRET_PAGE)
+  %error "PcdOvmfSecPeiTempRamBase must start directly after the SEV 
Launch Secret page"
+%endif
+%define SNP_SEC_MEM_BASE_DESC_3 (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase))
+  %else
+%define SNP_SEC_MEM_BASE_DESC_3 (CPUID_BASE + CPUID_SIZE)
+  %endif
   %define SNP_SEC_MEM_SIZE_DESC_3 (FixedPcdGet32 (PcdOvmfPeiMemFvBase) - 
SNP_SEC_MEM_BASE_DESC_3)
 
 %include "X64/IntelTdxMetadata.asm"
-- 
2.20.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88138): https://edk2.groups.io/g/devel/message/88138
Mute This Topic: https://groups.io/mt/90092199/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] Question about UEFI, AddressSanitizer and MMU mappings

[Pedro Falcato]

Hi Steven!

Good to know you already have something. I removed your LLVM Optimizations
suggestion that was about MPX, as Intel MPX is pretty dead (Intel is
dropping it, compilers don't support it) as far as I know, and added
a new suggestion for UBSan, ASAN, and possibly MSAN (
https://github.com/tianocore/tianocore.github.io/wiki/Tasks#LLVM_Sanitizer_support),
mentioning your branch; note that I still left you in the "suggested by:".

I briefly looked at your code, and it seems that you had a different idea
for shadow memory allocation. My idea (custom shadow mappings) uses up less
memory and is probably way faster to boot, although I don't think it's
possible to use it in runtime
services/SMM. Is it even important to instrument these with ASAN? I was
thinking that most of the need was in PEI/DXE, not those.

Best regards,
Pedro

On Mon, Mar 28, 2022 at 12:32 PM Steven Shi  wrote:

> We enabled Asan and UBsan on edk2 DXE in 2017 after we introduced the
> CLANG38 build toolchain in edk2. It was quite useful to find dozens of code
> bugs. It is not difficult as it sounds, but we never finished all the
> scope, e.g., PEI, SMM. There are many limitations in current
> implementation, e.g., not cover page memory service. I’m glad if some
> people can continue to enhance it and finish it.
>
>
>
> The edk2 sanitizer branch:
>
> https://github.com/shijunjing/edk2/tree/sanitizer2
>
> Edk2 sanitizer slides:
>
> https://github.com/shijunjing/edk2/blob/sanitizer2/Edk2ASan.pptx
>
> Usage readme:
>
> https://github.com/shijunjing/edk2/blob/sanitizer2/readme_sanitizer.txt
>
>
>
>- OvmfPkgIa32X64 build with sanitizers on edk2 and run:
>
> jshi19@ub2-uefi-b01:~/wksp_efi/edk2-fork4$ git remote -v
>
> origin  https://github.com/shijunjing/edk2.git (fetch)
>
> origin  https://github.com/shijunjing/edk2.git (push)
>
> jshi19@ub2-uefi-b01:~/wksp_efi/edk2-fork4$ git status
>
> On branch sanitizer2
>
> jshi19@ub2-uefi-b01:~/wksp_efi/edk2-fork4$ export
> CLANGSAN40_BIN=~/llvm/clang+llvm-11.0.0-x86_64-linux-gnu-ubuntu-20.04/bin/export
> CLANGSAN40_BIN=~/llvm/clang+llvm-11.0.0-x86_64-linux-gnu-ubuntu-20.04/bin/
>
> jshi19@ub2-uefi-b01:~/wksp_efi/edk2-fork4$ rm Conf/tools_def.txt
>
> jshi19@ub2-uefi-b01:~/wksp_efi/edk2-fork4$ rm Conf/build_rule.txt
>
> jshi19@ub2-uefi-b01:~/wksp_efi/edk2-fork4$ rm Conf/target.txt
>
> jshi19@ub2-uefi-b01:~/wksp_efi/edk2-fork4$ source edksetup.sh
>
> jshi19@ub2-uefi-b01:~/wksp_efi/edk2-fork4$ make -C BaseTools/
>
> jshi19@ub2-uefi-b01:~/wksp_efi/edk2-fork4$ build -p
> OvmfPkg/OvmfPkgIa32X64.dsc -t CLANGSAN40 -a IA32 -a X64 -b NOOPT -n 5
> -DDEBUG_ON_SERIAL_PORT
>
> jshi19@ub2-uefi-b01:~/wksp_efi/edk2-fork4$ qemu-system-x86_64 -m 5120
> -smp 1 -bios
> ~/wksp_efi/edk2-fork4/Build/Ovmf3264/NOOPT_CLANGSAN40/FV/OVMF.fd -global
> e1000.romfile=""  -machine q35 -serial mon:stdio -display none --net none
>
>
>
>- To see the enabling code:
>
> jshi19@ub2-uefi-b01:~/wksp_efi/edk2-fork4$ git diff 4adc364c --name-only
>
>
>
>- Asan Shadow Memory setup:
>
>
> https://github.com/shijunjing/edk2/blob/sanitizer2/OvmfPkg/PlatformPei/MemDetect.c#L1133
>
>
>
>- The compiler instrumentation routines for AddressSanitizer(ASan)
>
>
> https://github.com/shijunjing/edk2/blob/sanitizer2/MdeModulePkg/Library/AsanLib/Asan.c
>
>
>
> This Asan branch was synced to latest edk2 early this month by some
> people’s fuzz test requirement. But I didn’t really test it. I would like
> to help if there is something wrong in it. Let me know.
>
>
>
>
>
> Thanks
>
> *Steven Shi*
>
>
>
>
>
> *From:* devel@edk2.groups.io  * On Behalf Of *Pedro
> Falcato
> *Sent:* Saturday, March 26, 2022 4:48 AM
> *To:* edk2-devel-groups-io ; Andrew Fish <
> af...@apple.com>
> *Cc:* Marvin Häuser 
> *Subject:* Re: [edk2-devel] Question about UEFI, AddressSanitizer and MMU
> mappings
>
>
>
> Andrew, Marvin,
>
>
>
> Thanks for the quick responses.
>
>
>
> I'll give you a rundown of asan/kasan: You create a big (16TB in PML5-less
> x86) virtual mapping for ASAN, each byte in the shadow map represents 8
> bytes of address space, and you poison/unpoison memory as you go and
> allocate chunks of the address space (usually through malloc, but in our
> case, AllocatePool()/AllocatePages(), I imagine). Since the only thing you
> have is a large contiguous virtual mapping, you need to either take a page
> fault and create mappings on the address space as you go along (very
> possible in user-space, usually not possible in kernel space and I assume
> UEFI), or you need to do fun stuff w/ page tables; usually, this means that
> you set up some page tables pointing to a zero page and remap those same
> page tables all over the virtual mapping; after taking a look at all our
> available memory, we allocate shadow pages for those (so you can RW to
> them).
>
>
>
> Note that going a different route (with some data structure instead of the
> big mapping) is possible but, if you do, you can't use the faster inline
> ASAN that clang/gcc can generate for you 

Re: 回复: [edk2-devel] [PATCH v1 00/41] Add PrmPkg

[Michael Kubacki]

Hi Liming,

I updated Maintainers.txt in patch [40/41].
https://edk2.groups.io/g/devel/message/87882

Due to the email limit on the mailing list the last few patches had to 
be sent shortly after the initial series.


Regards,
Michael

On 3/28/2022 4:48 AM, gaoliming wrote:

Michael:
   Please also update Maintainers.txt to specify maintainer for new PrmPkg.

Thanks
Liming

-邮件原件-
发件人: devel@edk2.groups.io  代表 Michael
Kubacki
发送时间: 2022年3月23日 0:19
收件人: devel@edk2.groups.io
抄送: Andrew Fish ; Kang Gao ;
Michael D Kinney ; Michael Kubacki
; Leif Lindholm ;
Benjamin You ; Liu Yun ;
Ankit Sinha ; Nate DeSimone

主题: [edk2-devel] [PATCH v1 00/41] Add PrmPkg

From: Michael Kubacki 

This patch series adds a new package called PrmPkg. An RFC was sent
to the edk2 mailing list on January 28, 2022 detailing the proposal,
see https://edk2.groups.io/g/devel/message/86181.

Platform Runtime Mechanism (PRM) is a new firmware solution that has
been developed in edk2-staging/PlatformRuntimeMechanism.

This patch series has been organized to greatly condense the history
from the edk2-staging branch but to preserve important decisions and
changes in history that help establish context of changes and will
serve as valuable references for future development.

Interest in PRM has increased across various vendors and we believe
it is beneficial to make the source code more widely available for
the following reasons:

   1. PRM specification adoption
   2. Feature completeness
   3. Overall validation coverage
   4. Interest from the community and future collaboration

The technical details of PRM are covered in the PRM Specification
in addition to the Readme.md file located in the root of PrmPkg
in this patch series.

1. PRM specification adoption

Intel and Microsoft have worked together to standardize PRM in the
ACPI Specification and the PRM Specification hosted on uefi.org.

   * ACPI 6.4 Specification:
   https://uefi.org/node/4149

   * PRM Specification:

https://uefi.org/sites/default/files/resources/Platform%20Runtime%20Mech
anism%20-%20with%20legal%20notice.pdf

2. Feature completeness

PrmPkg implements the full firmware functionality described in the
PRM Specification and there are no significant changes to
functionality planned at this time.

Though we are very much interested in evolving PRM based on
feedback.

3. Overall validation coverage

PrmPkg has been integrated and tested on client and server systems
in addition to virtual platforms (OvmfPkg/QEMU).

Platform integration is simple and a demonstration of this
integration for OvmfPkg is available in the following branch:
https://github.com/makubacki/edk2/tree/ovmf_prmpkg_integration

The code has been built with:
   * MSFT VS2015, VS2017, and VS2019
   * GCC5 (see https://bugzilla.tianocore.org/show_bug.cgi?id=3802)
   * iASL compiler (20200528 - https://acpica.org/node/181)

The Linux kernel currently includes the following PRM support:
   * _OSC PRM bit - allows FW to know determine the OS is
 PRM-capable and can redirect _DSM method from alternate
 triggers (such as SMI) to PRM.
   * PRM invocation via _DSM, includes PRM module and handler parsing
 from ACPI PRMT table, and also the PRM operation region handler
 for runtime PRM service invocation.
   * An OS configuration for PRM enabling, PRM support can be
 disabled during OS image build.

Note that upstream Linux does not currently support the following:
   * Ability for the OS driver to call a PRM handler directly,
 it has to be via ACPI _DSM.
   * Run time update PRM module and handler via PE/COFF PRM image.

This commit provides additional context of the changes in Linux:
https://github.com/torvalds/linux/commit/cefc7ca46235f01d5233e3abd4b79
452af01d9e9

Windows 11 (https://www.microsoft.com/software-download/windows11)
and Windows Server 2022
(https://docs.microsoft.com/en-us/windows-hardware/drivers/download-the
-wdk)
include the PRM functionality noted above in addition to PRM direct
call and PRM runtime updates.

PRM has been tested on IA32, X64, and AARCH64 targets.

4. Interest from the community and future collaboration

PRM has been presented at several industry conferences:

* OSFC 2020 - "PRM: SMM Goes on a Diet"
   https://cfp.osfc.io/osfc2020/talk/MCJASB/

* OCP Summit 2019 - "Case Study Alternatives for SMM Usage in
   Intel Platforms"
   https://www.youtube.com/watch?v=mu3DRLM1dPA

In addition, Microsoft plans to publish the Windows PRM driver
interface and a WDF sample driver that uses the interface to the
Windows Driver Samples GitHub repository
(https://github.com/microsoft/Windows-driver-samples).

We believe a PrmPkg in edk2 can increase accessibility to PRM and
ease collaboration.

PrmPkg
--
PrmPkg contains the common functionality needed to enable PRM on
any system. It does not contain platform-specific code such as PRM
modules (and by extension PRM handlers). Other than sample modules,
PrmPkg will only contain code needed to provide PRM 

[edk2-devel] [PATCH] Fix Setup numeric default value incorrect issue

[Chen Lin Z]

When default/manufacturing flag get removed from numeric varid, it can't
get default value from StructurePcd in 'UpdateDefaultSettingInFormPackage'
function since there is no EFI_IFR_DEFAULT_OP opcode in IFR file. Add a
chance to get numeric default value from StructurePcd in the case that
numeric minimum value will be used as default value.

Signed-off-by: Chen Lin Z 
Signed-off-by: Dandan Bi 
---
 .../Universal/HiiDatabaseDxe/ConfigRouting.c  | 14 +++
 .../Universal/HiiDatabaseDxe/HiiDatabase.h| 23 +++
 2 files changed, 37 insertions(+)

diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigRouting.c 
b/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigRouting.c
index 2f792d2965..8bfa0f4bf1 100644
--- a/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigRouting.c
+++ b/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigRouting.c
@@ -2171,6 +2171,7 @@ ParseIfrData (
   UINTNPackageOffset;
   EFI_IFR_VARSTORE *IfrVarStore;
   EFI_IFR_VARSTORE_EFI *IfrEfiVarStore;
+  EFI_IFR_VARSTORE_EFI *IfrEfiVarStoreTmp;
   EFI_IFR_OP_HEADER*IfrOpHdr;
   EFI_IFR_ONE_OF   *IfrOneOf;
   EFI_IFR_REF4 *IfrRef;
@@ -2187,6 +2188,7 @@ ParseIfrData (
   IFR_BLOCK_DATA   *BlockData;
   CHAR16   *VarStoreName;
   UINTNNameSize;
+  UINTNNvDefaultStoreSize;
   UINT16   VarWidth;
   UINT16   VarDefaultId;
   BOOLEAN  FirstOneOfOption;
@@ -2303,6 +2305,14 @@ ParseIfrData (
 }
 
 AsciiStrToUnicodeStrS ((CHAR8 *)IfrEfiVarStore->Name, VarStoreName, 
NameSize);
+IfrEfiVarStoreTmp = AllocatePool (IfrEfiVarStore->Header.Length + 
AsciiStrSize ((CHAR8 *)IfrEfiVarStore->Name));
+if (IfrEfiVarStoreTmp == NULL) {
+  Status = EFI_OUT_OF_RESOURCES;
+  goto Done;
+}
+
+CopyMem (IfrEfiVarStoreTmp, IfrEfiVarStore, 
IfrEfiVarStore->Header.Length);
+AsciiStrToUnicodeStrS ((CHAR8 *)IfrEfiVarStore->Name, (CHAR16 
*)&(IfrEfiVarStoreTmp->Name[0]), AsciiStrSize ((CHAR8 *)IfrEfiVarStore->Name) * 
sizeof (CHAR16));
 
 if (IsThisVarstore (>Guid, VarStoreName, ConfigHdr)) {
   //
@@ -2502,9 +2512,13 @@ ParseIfrData (
   //
   // Set default value base on the DefaultId list get from IFR data.
   //
+  NvDefaultStoreSize = PcdGetSize (PcdNvStoreDefaultValueBuffer);
   for (LinkData = DefaultIdArray->Entry.ForwardLink; LinkData != 
>Entry; LinkData = LinkData->ForwardLink) {
 DefaultDataPtr= BASE_CR (LinkData, IFR_DEFAULT_DATA, 
Entry);
 DefaultData.DefaultId = DefaultDataPtr->DefaultId;
+if (NvDefaultStoreSize > sizeof 
(PCD_NV_STORE_DEFAULT_BUFFER_HEADER)) {
+  FindQuestionDefaultSetting (DefaultData.DefaultId, 
IfrEfiVarStoreTmp, &(IfrOneOf->Question), , VarWidth, 
QuestionReferBitField);
+}
 InsertDefaultValue (BlockData, );
   }
 }
diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabase.h 
b/MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabase.h
index c4ca6ad6ee..421c293cfc 100644
--- a/MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabase.h
+++ b/MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabase.h
@@ -2308,6 +2308,29 @@ HiiGetConfigRespInfo (
   IN CONST EFI_HII_DATABASE_PROTOCOL  *This
   );
 
+/**
+  Find question default value from PcdNvStoreDefaultValueBuffer
+
+  @param DefaultId  Default store ID
+  @param EfiVarStorePoint to EFI VarStore header
+  @param IfrQuestionHdr Point to Question header
+  @param ValueBufferPoint to Buffer includes the found default setting
+  @param Width  Width of the default value
+  @param BitFieldQuestion   Whether the Question is stored in Bit field.
+
+  @retval EFI_SUCCESS   Question default value is found.
+  @retval EFI_NOT_FOUND Question default value is not found.
+**/
+EFI_STATUS
+FindQuestionDefaultSetting (
+  IN  UINT16   DefaultId,
+  IN  EFI_IFR_VARSTORE_EFI *EfiVarStore,
+  IN  EFI_IFR_QUESTION_HEADER  *IfrQuestionHdr,
+  OUT VOID *ValueBuffer,
+  IN  UINTNWidth,
+  IN  BOOLEAN  BitFieldQuestion
+  );
+
 //
 // Global variables
 //
-- 
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88134): https://edk2.groups.io/g/devel/message/88134
Mute This Topic: https://groups.io/mt/90084404/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] Question about UEFI, AddressSanitizer and MMU mappings

[Steven Shi]

We enabled Asan and UBsan on edk2 DXE in 2017 after we introduced the CLANG38 
build toolchain in edk2. It was quite useful to find dozens of code bugs. It is 
not difficult as it sounds, but we never finished all the scope, e.g., PEI, 
SMM. There are many limitations in current implementation, e.g., not cover page 
memory service. I’m glad if some people can continue to enhance it and finish 
it.

The edk2 sanitizer branch:
https://github.com/shijunjing/edk2/tree/sanitizer2
Edk2 sanitizer slides:
https://github.com/shijunjing/edk2/blob/sanitizer2/Edk2ASan.pptx
Usage readme:
https://github.com/shijunjing/edk2/blob/sanitizer2/readme_sanitizer.txt


  *   OvmfPkgIa32X64 build with sanitizers on edk2 and run:

jshi19@ub2-uefi-b01:~/wksp_efi/edk2-fork4$ git remote -v

origin  https://github.com/shijunjing/edk2.git (fetch)

origin  https://github.com/shijunjing/edk2.git (push)

jshi19@ub2-uefi-b01:~/wksp_efi/edk2-fork4$ git status

On branch sanitizer2

jshi19@ub2-uefi-b01:~/wksp_efi/edk2-fork4$ export 
CLANGSAN40_BIN=~/llvm/clang+llvm-11.0.0-x86_64-linux-gnu-ubuntu-20.04/bin/export
 CLANGSAN40_BIN=~/llvm/clang+llvm-11.0.0-x86_64-linux-gnu-ubuntu-20.04/bin/

jshi19@ub2-uefi-b01:~/wksp_efi/edk2-fork4$ rm Conf/tools_def.txt

jshi19@ub2-uefi-b01:~/wksp_efi/edk2-fork4$ rm Conf/build_rule.txt

jshi19@ub2-uefi-b01:~/wksp_efi/edk2-fork4$ rm Conf/target.txt

jshi19@ub2-uefi-b01:~/wksp_efi/edk2-fork4$ source edksetup.sh

jshi19@ub2-uefi-b01:~/wksp_efi/edk2-fork4$ make -C BaseTools/

jshi19@ub2-uefi-b01:~/wksp_efi/edk2-fork4$ build -p OvmfPkg/OvmfPkgIa32X64.dsc 
-t CLANGSAN40 -a IA32 -a X64 -b NOOPT -n 5 -DDEBUG_ON_SERIAL_PORT

jshi19@ub2-uefi-b01:~/wksp_efi/edk2-fork4$ qemu-system-x86_64 -m 5120 -smp 1 
-bios ~/wksp_efi/edk2-fork4/Build/Ovmf3264/NOOPT_CLANGSAN40/FV/OVMF.fd -global 
e1000.romfile=""  -machine q35 -serial mon:stdio -display none --net none



  *   To see the enabling code:
jshi19@ub2-uefi-b01:~/wksp_efi/edk2-fork4$ git diff 4adc364c --name-only


  *   Asan Shadow Memory setup:
https://github.com/shijunjing/edk2/blob/sanitizer2/OvmfPkg/PlatformPei/MemDetect.c#L1133


  *   The compiler instrumentation routines for AddressSanitizer(ASan)
https://github.com/shijunjing/edk2/blob/sanitizer2/MdeModulePkg/Library/AsanLib/Asan.c

This Asan branch was synced to latest edk2 early this month by some people’s 
fuzz test requirement. But I didn’t really test it. I would like to help if 
there is something wrong in it. Let me know.


Thanks
Steven Shi


From: devel@edk2.groups.io  On Behalf Of Pedro Falcato
Sent: Saturday, March 26, 2022 4:48 AM
To: edk2-devel-groups-io ; Andrew Fish 
Cc: Marvin Häuser 
Subject: Re: [edk2-devel] Question about UEFI, AddressSanitizer and MMU mappings

Andrew, Marvin,

Thanks for the quick responses.

I'll give you a rundown of asan/kasan: You create a big (16TB in PML5-less x86) 
virtual mapping for ASAN, each byte in the shadow map represents 8 bytes of 
address space, and you poison/unpoison memory as you go and allocate chunks of 
the address space (usually through malloc, but in our case, 
AllocatePool()/AllocatePages(), I imagine). Since the only thing you have is a 
large contiguous virtual mapping, you need to either take a page fault and 
create mappings on the address space as you go along (very possible in 
user-space, usually not possible in kernel space and I assume UEFI), or you 
need to do fun stuff w/ page tables; usually, this means that you set up some 
page tables pointing to a zero page and remap those same page tables all over 
the virtual mapping; after taking a look at all our available memory, we 
allocate shadow pages for those (so you can RW to them).

Note that going a different route (with some data structure instead of the big 
mapping) is possible but, if you do, you can't use the faster inline ASAN that 
clang/gcc can generate for you (which do these same memory accesses, but 
inlined instead of doing e.g call __asan_load_8).

So yeah, if SetMemoryAttributes is the only thing we have, we're going to need 
some support MMU code for each architecture.

Since adding AddressSanitizer support is pretty involved (build system + actual 
ASAN code + MMU support code for each arch), I feel like it would be a good 
large project for this year. I also feel tempted to throw UBSan into the mix 
and just call it "Add LLVM Sanitizer support to EDK2", but I don't know if 
that's too much for a GSoC student. Would love some feedback on this.

Note: I would like to work on this, but since I'll be a mentor this year I 
prefer to first see if a student is interested in this project.

Best regards,
Pedro

On Fri, Mar 25, 2022 at 6:42 PM Andrew Fish via groups.io 
mailto:apple@groups.io>> wrote:
From an UEFI point of view if you own the memory you can do what you want with 
it. The UEFI Spec does not deal with paging but the PI Spec does have 
abstractions for how the CPU operates via the CPU ARCH Protocol [1].

So for example if you want to write 

[edk2-devel] 回复: [PATCH v1 01/28] MdeModulePkg: Add a new GUID

[gaoliming]

Judah:
  Is there the detail information or wiki about the code design and usage
for this feature? 

Thanks
Liming
> -邮件原件-
> 发件人: Judah Vang 
> 发送时间: 2022年3月26日 6:03
> 收件人: devel@edk2.groups.io
> 抄送: Jian J Wang ; Liming Gao
> ; Nishant C Mistry 
> 主题: [PATCH v1 01/28] MdeModulePkg: Add a new GUID
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594
> 
> Add a new Variable Store Guid.
> 
> Cc: Jian J Wang 
> Cc: Liming Gao 
> Cc: Nishant C Mistry 
> Signed-off-by: Judah Vang 
> ---
>  MdeModulePkg/MdeModulePkg.dec | 13 -
>  1 file changed, 12 insertions(+), 1 deletion(-)
> 
> diff --git a/MdeModulePkg/MdeModulePkg.dec
> b/MdeModulePkg/MdeModulePkg.dec
> index 40601c95832b..681607db0da6 100644
> --- a/MdeModulePkg/MdeModulePkg.dec
> +++ b/MdeModulePkg/MdeModulePkg.dec
> @@ -4,7 +4,7 @@
>  # and libraries instances, which are used for those modules.
>  #
>  # Copyright (c) 2019, NVIDIA CORPORATION. All rights reserved.
> -# Copyright (c) 2007 - 2021, Intel Corporation. All rights reserved.
> +# Copyright (c) 2007 - 2022, Intel Corporation. All rights reserved.
>  # Copyright (c) 2016, Linaro Ltd. All rights reserved.
>  # (C) Copyright 2016 - 2019 Hewlett Packard Enterprise Development
> LP
>  # Copyright (c) 2017, AMD Incorporated. All rights reserved.
> @@ -93,6 +93,14 @@ [LibraryClasses]
>#
>TpmMeasurementLib|Include/Library/TpmMeasurementLib.h
> 
> +  ## @libraryclass  Provides interfaces to encrypt/decrypt variable.
> +  #
> +  EncryptionVariableLib|Include/Library/EncryptionVariableLib.h
> +
> +  ## @libraryclass  Provides interfaces to encrypt/decrypt variable.
> +  #
> +  ProtectedVariableLib|Include/Library/ProtectedVariableLib.h
> +
>## @libraryclass  Provides authenticated variable services.
>#
>AuthVariableLib|Include/Library/AuthVariableLib.h
> @@ -505,6 +513,9 @@ [Ppis]
>gEdkiiPeiCapsuleOnDiskPpiGuid = { 0x71a9ea61, 0x5a35,
> 0x4a5d, { 0xac, 0xef, 0x9c, 0xf8, 0x6d, 0x6d, 0x67, 0xe0 } }
>gEdkiiPeiBootInCapsuleOnDiskModePpiGuid   = { 0xb08a11e4, 0xe2b7,
> 0x4b75, { 0xb5, 0x15, 0xaf, 0x61, 0x6, 0x68, 0xbf, 0xd1  } }
> 
> +  ## Include/Ppi/ReadOnlyVariable2.h
> +  gEfiPeiVariableStoreDiscoveredPpiGuid = { 0xa2fc038d, 0xfdf5,
> 0x4501, { 0xaf, 0x8e, 0x69, 0xb0, 0x20, 0xec, 0xe6, 0x63 } }
> +
>  [Protocols]
>## Load File protocol provides capability to load and unload EFI image
into
> memory and execute it.
>#  Include/Protocol/LoadPe32Image.h
> --
> 2.26.2.windows.1





-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88132): https://edk2.groups.io/g/devel/message/88132
Mute This Topic: https://groups.io/mt/90080359/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

回复: [edk2-devel] [PATCH v1 00/41] Add PrmPkg

[gaoliming]

Michael:
  Please also update Maintainers.txt to specify maintainer for new PrmPkg. 

Thanks
Liming
> -邮件原件-
> 发件人: devel@edk2.groups.io  代表 Michael
> Kubacki
> 发送时间: 2022年3月23日 0:19
> 收件人: devel@edk2.groups.io
> 抄送: Andrew Fish ; Kang Gao ;
> Michael D Kinney ; Michael Kubacki
> ; Leif Lindholm ;
> Benjamin You ; Liu Yun ;
> Ankit Sinha ; Nate DeSimone
> 
> 主题: [edk2-devel] [PATCH v1 00/41] Add PrmPkg
> 
> From: Michael Kubacki 
> 
> This patch series adds a new package called PrmPkg. An RFC was sent
> to the edk2 mailing list on January 28, 2022 detailing the proposal,
> see https://edk2.groups.io/g/devel/message/86181.
> 
> Platform Runtime Mechanism (PRM) is a new firmware solution that has
> been developed in edk2-staging/PlatformRuntimeMechanism.
> 
> This patch series has been organized to greatly condense the history
> from the edk2-staging branch but to preserve important decisions and
> changes in history that help establish context of changes and will
> serve as valuable references for future development.
> 
> Interest in PRM has increased across various vendors and we believe
> it is beneficial to make the source code more widely available for
> the following reasons:
> 
>   1. PRM specification adoption
>   2. Feature completeness
>   3. Overall validation coverage
>   4. Interest from the community and future collaboration
> 
> The technical details of PRM are covered in the PRM Specification
> in addition to the Readme.md file located in the root of PrmPkg
> in this patch series.
> 
> 1. PRM specification adoption
> 
> Intel and Microsoft have worked together to standardize PRM in the
> ACPI Specification and the PRM Specification hosted on uefi.org.
> 
>   * ACPI 6.4 Specification:
>   https://uefi.org/node/4149
> 
>   * PRM Specification:
> 
> https://uefi.org/sites/default/files/resources/Platform%20Runtime%20Mech
> anism%20-%20with%20legal%20notice.pdf
> 
> 2. Feature completeness
> 
> PrmPkg implements the full firmware functionality described in the
> PRM Specification and there are no significant changes to
> functionality planned at this time.
> 
> Though we are very much interested in evolving PRM based on
> feedback.
> 
> 3. Overall validation coverage
> 
> PrmPkg has been integrated and tested on client and server systems
> in addition to virtual platforms (OvmfPkg/QEMU).
> 
> Platform integration is simple and a demonstration of this
> integration for OvmfPkg is available in the following branch:
> https://github.com/makubacki/edk2/tree/ovmf_prmpkg_integration
> 
> The code has been built with:
>   * MSFT VS2015, VS2017, and VS2019
>   * GCC5 (see https://bugzilla.tianocore.org/show_bug.cgi?id=3802)
>   * iASL compiler (20200528 - https://acpica.org/node/181)
> 
> The Linux kernel currently includes the following PRM support:
>   * _OSC PRM bit - allows FW to know determine the OS is
> PRM-capable and can redirect _DSM method from alternate
> triggers (such as SMI) to PRM.
>   * PRM invocation via _DSM, includes PRM module and handler parsing
> from ACPI PRMT table, and also the PRM operation region handler
> for runtime PRM service invocation.
>   * An OS configuration for PRM enabling, PRM support can be
> disabled during OS image build.
> 
> Note that upstream Linux does not currently support the following:
>   * Ability for the OS driver to call a PRM handler directly,
> it has to be via ACPI _DSM.
>   * Run time update PRM module and handler via PE/COFF PRM image.
> 
> This commit provides additional context of the changes in Linux:
> https://github.com/torvalds/linux/commit/cefc7ca46235f01d5233e3abd4b79
> 452af01d9e9
> 
> Windows 11 (https://www.microsoft.com/software-download/windows11)
> and Windows Server 2022
> (https://docs.microsoft.com/en-us/windows-hardware/drivers/download-the
> -wdk)
> include the PRM functionality noted above in addition to PRM direct
> call and PRM runtime updates.
> 
> PRM has been tested on IA32, X64, and AARCH64 targets.
> 
> 4. Interest from the community and future collaboration
> 
> PRM has been presented at several industry conferences:
> 
> * OSFC 2020 - "PRM: SMM Goes on a Diet"
>   https://cfp.osfc.io/osfc2020/talk/MCJASB/
> 
> * OCP Summit 2019 - "Case Study Alternatives for SMM Usage in
>   Intel Platforms"
>   https://www.youtube.com/watch?v=mu3DRLM1dPA
> 
> In addition, Microsoft plans to publish the Windows PRM driver
> interface and a WDF sample driver that uses the interface to the
> Windows Driver Samples GitHub repository
> (https://github.com/microsoft/Windows-driver-samples).
> 
> We believe a PrmPkg in edk2 can increase accessibility to PRM and
> ease collaboration.
> 
> PrmPkg
> --
> PrmPkg contains the common functionality needed to enable PRM on
> any system. It does not contain platform-specific code such as PRM
> modules (and by extension PRM handlers). Other than sample modules,
> PrmPkg will only contain code needed to provide PRM feature
> functionality as defined in the PRM 

回复: [edk2-devel] [PATCH v1 00/17] *** SUBJECT HERE ***

[gaoliming]

Yu:
  Please submit one feature BZ to record this change.

Thanks
Liming
> -邮件原件-
> 发件人: devel@edk2.groups.io  代表 Yu Pu
> 发送时间: 2022年3月23日 19:48
> 收件人: devel@edk2.groups.io
> 抄送: Yu Pu 
> 主题: [edk2-devel] [PATCH v1 00/17] *** SUBJECT HERE ***
> 
> *** BLURB HERE ***
> 
> Yu Pu (17):
>   IntelFsp2Pkg: Add CpuLib to module INFs that depend on UefiCpuLib.
>   IntelFsp2WrapperPkg: Add CpuLib to module INFs that depend on
> UefiCpuLib.
>   OvmfPkg: Add CpuLib to module INFs that depend on UefiCpuLib.
>   PcAtChipsetPkg: Add CpuLib to module INFs that depend on UefiCpuLib.
>   SourceLevelDebugPkg: Add CpuLib to module INFs that depend on
> UefiCpuLib.
>   UefiCpuPkg: Add CpuLib to module INFs that depend on UefiCpuLib.
>   UefiPayloadPkg: Add CpuLib to module INFs that depend on UefiCpuLib.
>   MdePkg: Move API and implementation from UefiCpuLib to CpuLib
>   UefiCpuPkg: Move API and implementation from UefiCpuLib to CpuLib.
>   IntelFsp2Pkg: Remove UefiCpuLib from module INFs.
>   IntelFsp2WrapperPkg： Remove UefiCpuLib from module INFs.
>   OvmfPkg: Remove UefiCpuLib from module INFs.
>   PcAtChipsetPkg: Remove UefiCpuLib from module INFs.
>   SourceLevelDebugPkg: Remove UefiCpuLib from module INFs.
>   UefiCpuPkg: Remove UefiCpuLib from module INFs.
>   UefiPayloadPkg: Remove UefiCpuLib from module INFs.
>   UefiCpuLib: Remove UefiCpuLib.
> 
>  UefiCpuPkg/Library/BaseUefiCpuLib/BaseUefiCpuLib.c =>
> MdePkg/Library/BaseCpuLib/X86BaseCpuLib.c |  8 +--
>  OvmfPkg/Sec/SecMain.c
> |  2 +-
>  UefiCpuPkg/Library/BaseXApicLib/BaseXApicLib.c
> |  2 +-
>  UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.c
> |  2 +-
>  IntelFsp2Pkg/FspSecCore/FspSecCoreM.inf
> |  2 +-
>  IntelFsp2Pkg/FspSecCore/SecMain.h
> |  2 +-
>  IntelFsp2Pkg/IntelFsp2Pkg.dsc
> |  2 +-
>  IntelFsp2Pkg/Tools/Tests/QemuFspPkg.dsc
> |  1 -
>  IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
> |  2 +-
>  IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
> |  2 +-
>  IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
> |  2 +-
>  MdePkg/Include/Library/CpuLib.h
> | 53 
>  MdePkg/Library/BaseCpuLib/BaseCpuLib.inf
> |  7 +++
>  {UefiCpuPkg/Library/BaseUefiCpuLib =>
> MdePkg/Library/BaseCpuLib}/Ia32/InitializeFpu.nasm|  0
>  {UefiCpuPkg/Library/BaseUefiCpuLib =>
> MdePkg/Library/BaseCpuLib}/X64/InitializeFpu.nasm |  0
>  OvmfPkg/AmdSev/AmdSevX64.dsc
> |  1 -
>  OvmfPkg/Bhyve/BhyveX64.dsc
> |  1 -
>  OvmfPkg/CloudHv/CloudHvX64.dsc
> |  1 -
>  OvmfPkg/Microvm/MicrovmX64.dsc
> |  1 -
>  OvmfPkg/OvmfPkgIa32.dsc
> |  1 -
>  OvmfPkg/OvmfPkgIa32X64.dsc
> |  1 -
>  OvmfPkg/OvmfPkgX64.dsc
> |  1 -
>  OvmfPkg/OvmfXen.dsc
> |  1 -
>  OvmfPkg/Sec/SecMain.inf
> |  2 +-
>  PcAtChipsetPkg/PcAtChipsetPkg.dsc
> |  2 +-
>  SourceLevelDebugPkg/SourceLevelDebugPkg.dsc
> |  2 +-
>  UefiCpuPkg/CpuDxe/CpuDxe.h
> |  1 -
>  UefiCpuPkg/CpuDxe/CpuDxe.inf
> |  1 -
>  UefiCpuPkg/Include/Library/UefiCpuLib.h
> | 65 
>  UefiCpuPkg/Library/BaseUefiCpuLib/BaseUefiCpuLib.inf
> | 41 
>  UefiCpuPkg/Library/BaseUefiCpuLib/BaseUefiCpuLib.uni
> | 16 -
>  UefiCpuPkg/Library/BaseXApicLib/BaseXApicLib.inf
> |  2 +-
>  UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf
> |  2 +-
>  UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
> |  1 -
>  UefiCpuPkg/Library/MpInitLib/MpLib.h
> |  1 -
>  UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
> |  1 -
>  UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
> |  2 +-
>  UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
> |  1 -
>  UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfileInternal.h
> |  1 -
>  UefiCpuPkg/SecCore/SecCore.inf
> |  2 +-
>  UefiCpuPkg/SecCore/SecCoreNative.inf
> |  2 +-
>  UefiCpuPkg/SecCore/SecMain.h
> |  2 +-
>  UefiCpuPkg/UefiCpuPkg.dec
> |  5 --
>  UefiCpuPkg/UefiCpuPkg.dsc
> |  2 -
>  UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h
> |  2 +-
>  UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf
> |  2 +-
>  UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf
> |  2 +-
>  UefiPayloadPkg/UefiPayloadPkg.dsc
> |  1 -
>  48 files changed, 82 insertions(+), 174 deletions(-)
>  rename UefiCpuPkg/Library/BaseUefiCpuLib/BaseUefiCpuLib.c =>
> MdePkg/Library/BaseCpuLib/X86BaseCpuLib.c (93%)
>  rename {UefiCpuPkg/Library/BaseUefiCpuLib =>
> MdePkg/Library/BaseCpuLib}/Ia32/InitializeFpu.nasm (100%)
>  rename {UefiCpuPkg/Library/BaseUefiCpuLib =>
> MdePkg/Library/BaseCpuLib}/X64/InitializeFpu.nasm (100%)
>  delete mode 100644 UefiCpuPkg/Include/Library/UefiCpuLib.h
>  delete mode 100644
> UefiCpuPkg/Library/BaseUefiCpuLib/BaseUefiCpuLib.inf
>  delete mode 100644
> UefiCpuPkg/Library/BaseUefiCpuLib/BaseUefiCpuLib.uni
> 
> --
> 2.30.0.windows.2
> 
> 
> 
> 
> 





-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88130): https://edk2.groups.io/g/devel/message/88130
Mute This Topic: https://groups.io/mt/90080271/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub 

Re: [edk2-devel] [PATCH V11 14/47] UefiCpuPkg: Enable Tdx support in MpInitLib

[Ni, Ray]

+  CopyMem (ProcessorInfoBuffer, , sizeof 
(EFI_PROCESSOR_INFORMATION));

Min,
You may not directly copy the whole structure to ProcessorInfoBuffer.

Because per the structure definition(below), ExtendedInformation is only filled 
when
CPU_V2_EXTENDED_TOPOLOGY is set in ProcessorNumber.

This behavior is to be backward compatible with old caller that passes old 
structure (without ExtendedInformation)
and support new caller that passes new structure requiring ExtendedInformation.

So, the correct behavior is to only fill ExtendedInformation when 
CPU_V2_EXTENDED_TOPOLOGY is set in ProcessorNumber.
The CPU_V2_EXTENDED_TOPOLOGY is a flag to tell callee that caller provides a 
big enough buffer for ExtendedInformation.

  UINT32StatusFlag;
  ///
  /// The physical location of the processor, including the physical package 
number
  /// that identifies the cartridge, the physical core number within package, 
and
  /// logical thread number within core.
  ///
  EFI_CPU_PHYSICAL_LOCATION Location;
  ///
  /// The extended information of the processor. This field is filled only when
  /// CPU_V2_EXTENDED_TOPOLOGY is set in parameter ProcessorNumber.
  EXTENDED_PROCESSOR_INFORMATIONExtendedInformation;
} EFI_PROCESSOR_INFORMATION;


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88129): https://edk2.groups.io/g/devel/message/88129
Mute This Topic: https://groups.io/mt/90079988/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V11 39/47] OvmfPkg: Update PlatformPei to support Tdx guest

[Min Xu]

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

OvmfPkg/PlatformPei is updated to support Tdx guest. There are below
major changes.
 - Set Tdx related PCDs
 - Publish Tdx RamRegions

In this patch there is another new function BuildPlatformInfoHob ().
This function builds EFI_HOB_PLATFORM_INFO which contains the
HostBridgeDevId. The hob is built in both Td guest and Non-Td guest.

Cc: Ard Biesheuvel 
Cc: Jordan Justen 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Acked-by: Gerd Hoffmann 
Signed-off-by: Min Xu 
---
 OvmfPkg/OvmfPkg.dec  |  1 +
 OvmfPkg/PlatformPei/FeatureControl.c |  7 +++-
 OvmfPkg/PlatformPei/IntelTdx.c   | 51 
 OvmfPkg/PlatformPei/MemDetect.c  | 13 +--
 OvmfPkg/PlatformPei/Platform.c   | 13 +++
 OvmfPkg/PlatformPei/Platform.h   | 19 +++
 OvmfPkg/PlatformPei/PlatformPei.inf  |  3 ++
 7 files changed, 104 insertions(+), 3 deletions(-)
 create mode 100644 OvmfPkg/PlatformPei/IntelTdx.c

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index f3d06411b51b..746050d64ba7 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -133,6 +133,7 @@
   gGrubFileGuid = {0xb5ae312c, 0xbc8a, 0x43b1, {0x9c, 
0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}}
   gConfidentialComputingSecretGuid  = {0xadf956ad, 0xe98c, 0x484c, {0xae, 
0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}}
   gConfidentialComputingSevSnpBlobGuid  = {0x067b1f5f, 0xcf26, 0x44c5, {0x85, 
0x54, 0x93, 0xd7, 0x77, 0x91, 0x2d, 0x42}}
+  gUefiOvmfPkgPlatformInfoGuid  = {0xdec9b486, 0x1f16, 0x47c7, {0x8f, 
0x68, 0xdf, 0x1a, 0x41, 0x88, 0x8b, 0xa5}}
 
 [Ppis]
   # PPI whose presence in the PPI database signals that the TPM base address
diff --git a/OvmfPkg/PlatformPei/FeatureControl.c 
b/OvmfPkg/PlatformPei/FeatureControl.c
index 9af58c2655f8..5864ee0c214d 100644
--- a/OvmfPkg/PlatformPei/FeatureControl.c
+++ b/OvmfPkg/PlatformPei/FeatureControl.c
@@ -12,6 +12,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include "Platform.h"
 
@@ -37,7 +38,11 @@ WriteFeatureControl (
   IN OUT VOID  *WorkSpace
   )
 {
-  AsmWriteMsr64 (MSR_IA32_FEATURE_CONTROL, mFeatureControlValue);
+  if (TdIsEnabled ()) {
+TdVmCall (TDVMCALL_WRMSR, (UINT64)MSR_IA32_FEATURE_CONTROL, 
mFeatureControlValue, 0, 0, 0);
+  } else {
+AsmWriteMsr64 (MSR_IA32_FEATURE_CONTROL, mFeatureControlValue);
+  }
 }
 
 /**
diff --git a/OvmfPkg/PlatformPei/IntelTdx.c b/OvmfPkg/PlatformPei/IntelTdx.c
new file mode 100644
index ..3c1ddbfafd80
--- /dev/null
+++ b/OvmfPkg/PlatformPei/IntelTdx.c
@@ -0,0 +1,51 @@
+/** @file
+  Initialize Intel TDX support.
+
+  Copyright (c) 2021, Intel Corporation. All rights reserved.
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "Platform.h"
+
+/**
+  This Function checks if TDX is available, if present then it sets
+  the dynamic PCDs for Tdx guest.
+  **/
+VOID
+IntelTdxInitialize (
+  VOID
+  )
+{
+ #ifdef MDE_CPU_X64
+  RETURN_STATUS  PcdStatus;
+
+  if (!TdIsEnabled ()) {
+return;
+  }
+
+  PcdStatus = PcdSet64S (PcdConfidentialComputingGuestAttr, CCAttrIntelTdx);
+  ASSERT_RETURN_ERROR (PcdStatus);
+
+  PcdStatus = PcdSet64S (PcdTdxSharedBitMask, TdSharedPageMask ());
+  ASSERT_RETURN_ERROR (PcdStatus);
+
+  PcdStatus = PcdSetBoolS (PcdSetNxForStack, TRUE);
+  ASSERT_RETURN_ERROR (PcdStatus);
+ #endif
+}
diff --git a/OvmfPkg/PlatformPei/MemDetect.c b/OvmfPkg/PlatformPei/MemDetect.c
index 61d7d3059f7b..2e47b1322990 100644
--- a/OvmfPkg/PlatformPei/MemDetect.c
+++ b/OvmfPkg/PlatformPei/MemDetect.c
@@ -37,7 +37,6 @@ Module Name:
 
 #include 
 #include 
-
 #include "Platform.h"
 
 VOID
@@ -231,7 +230,12 @@ GetPeiMemoryCap (
 PdpEntries  = 1 << (mPlatformInfoHob.PhysMemAddressWidth - 30);
 ASSERT (PdpEntries <= 0x200);
   } else {
-Pml4Entries = 1 << (mPlatformInfoHob.PhysMemAddressWidth - 39);
+if (mPlatformInfoHob.PhysMemAddressWidth > 48) {
+  Pml4Entries = 0x200;
+} else {
+  Pml4Entries = 1 << (mPlatformInfoHob.PhysMemAddressWidth - 39);
+}
+
 ASSERT (Pml4Entries <= 0x200);
 PdpEntries = 512;
   }
@@ -354,6 +358,11 @@ InitializeRamRegions (
   IN EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
   )
 {
+  if (TdIsEnabled ()) {
+PlatformTdxPublishRamRegions ();
+return;
+  }
+
   PlatformQemuInitializeRam (PlatformInfoHob);
 
   SevInitializeRam ();
diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
index f05aec599fcb..f006755d5fdb 100644
--- a/OvmfPkg/PlatformPei/Platform.c
+++ b/OvmfPkg/PlatformPei/Platform.c
@@ -310,6 +310,17 @@ MaxCpuCountInitialization (
   ASSERT_RETURN_ERROR (PcdStatus);
 }
 
+/**
+ * @brief Builds PlatformInfo Hob
+ */
+VOID
+BuildPlatformInfoHob (
+  VOID
+  )
+{
+  

[edk2-devel] [PATCH V11 38/47] OvmfPkg: Update PlatformInitLib for Tdx guest

[Min Xu]

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

There are below changes in PlatformInitLib for Tdx guest:

1. Publish ram regions
In Tdx guest, the system memory is passed in TdHob by host VMM. So
the major task of PlatformTdxPublishRamRegions is to walk thru the
TdHob list and transfer the ResourceDescriptorHob and MemoryAllocationHob
to the hobs in DXE phase.

2. Build MemoryAllocationHob for Tdx Mailbox and Ovmf work area.

3. Update of PlatformAddressWidthInitialization. The physical
address width that Tdx guest supports is either 48 or 52.

4. Update of PlatformMemMapInitialization.
0xA - 0xF is VGA bios region.  Platform initialization marks the
region as MMIO region. Dxe code maps MMIO region as IO region.
As TDX guest, MMIO region is maps as shared.  However VGA BIOS doesn't need
to be shared.  Guest TDX Linux maps VGA BIOS as private and accesses for
BIOS and stuck on repeating EPT violation.  VGA BIOS (more generally ROM
region) should be private.  Skip marking VGA BIOA region [0xa000, 0xf]
as MMIO in HOB.

Cc: Ard Biesheuvel 
Cc: Jordan Justen 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Acked-by: Gerd Hoffmann 
Signed-off-by: Min Xu 
---
 OvmfPkg/Include/Library/PlatformInitLib.h | 14 ++
 OvmfPkg/Library/PlatformInitLib/IntelTdx.c| 49 +++
 .../Library/PlatformInitLib/IntelTdxNull.c| 16 ++
 OvmfPkg/Library/PlatformInitLib/MemDetect.c   | 14 ++
 OvmfPkg/Library/PlatformInitLib/Platform.c|  4 +-
 5 files changed, 96 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/Include/Library/PlatformInitLib.h 
b/OvmfPkg/Include/Library/PlatformInitLib.h
index 6152a43d0da7..2987a367cc9c 100644
--- a/OvmfPkg/Include/Library/PlatformInitLib.h
+++ b/OvmfPkg/Include/Library/PlatformInitLib.h
@@ -220,4 +220,18 @@ ProcessTdxHobList (
   VOID
   );
 
+/**
+  In Tdx guest, the system memory is passed in TdHob by host VMM. So
+  the major task of PlatformTdxPublishRamRegions is to walk thru the
+  TdHob list and transfer the ResourceDescriptorHob and MemoryAllocationHob
+  to the hobs in DXE phase.
+
+  MemoryAllocationHob should also be created for Mailbox and Ovmf work area.
+**/
+VOID
+EFIAPI
+PlatformTdxPublishRamRegions (
+  VOID
+  );
+
 #endif // PLATFORM_INIT_LIB_H_
diff --git a/OvmfPkg/Library/PlatformInitLib/IntelTdx.c 
b/OvmfPkg/Library/PlatformInitLib/IntelTdx.c
index e9196b7ffaa7..c6d7c8bb6e0e 100644
--- a/OvmfPkg/Library/PlatformInitLib/IntelTdx.c
+++ b/OvmfPkg/Library/PlatformInitLib/IntelTdx.c
@@ -512,3 +512,52 @@ TransferTdxHobList (
 Hob.Raw = GET_NEXT_HOB (Hob);
   }
 }
+
+/**
+  In Tdx guest, the system memory is passed in TdHob by host VMM. So
+  the major task of PlatformTdxPublishRamRegions is to walk thru the
+  TdHob list and transfer the ResourceDescriptorHob and MemoryAllocationHob
+  to the hobs in DXE phase.
+
+  MemoryAllocationHob should also be created for Mailbox and Ovmf work area.
+**/
+VOID
+EFIAPI
+PlatformTdxPublishRamRegions (
+  VOID
+  )
+{
+  if (!TdIsEnabled ()) {
+return;
+  }
+
+  TransferTdxHobList ();
+
+  //
+  // The memory region defined by PcdOvmfSecGhcbBackupBase is pre-allocated by
+  // host VMM and used as the td mailbox at the beginning of system boot.
+  //
+  BuildMemoryAllocationHob (
+FixedPcdGet32 (PcdOvmfSecGhcbBackupBase),
+FixedPcdGet32 (PcdOvmfSecGhcbBackupSize),
+EfiACPIMemoryNVS
+);
+
+  if (FixedPcdGet32 (PcdOvmfWorkAreaSize) != 0) {
+//
+// Reserve the work area.
+//
+// Since this memory range will be used by the Reset Vector on S3
+// resume, it must be reserved as ACPI NVS.
+//
+// If S3 is unsupported, then various drivers might still write to the
+// work area. We ought to prevent DXE from serving allocation requests
+// such that they would overlap the work area.
+//
+BuildMemoryAllocationHob (
+  (EFI_PHYSICAL_ADDRESS)(UINTN)FixedPcdGet32 (PcdOvmfWorkAreaBase),
+  (UINT64)(UINTN)FixedPcdGet32 (PcdOvmfWorkAreaSize),
+  EfiBootServicesData
+  );
+  }
+}
diff --git a/OvmfPkg/Library/PlatformInitLib/IntelTdxNull.c 
b/OvmfPkg/Library/PlatformInitLib/IntelTdxNull.c
index af90e0866e89..3ebe582af8de 100644
--- a/OvmfPkg/Library/PlatformInitLib/IntelTdxNull.c
+++ b/OvmfPkg/Library/PlatformInitLib/IntelTdxNull.c
@@ -28,3 +28,19 @@ ProcessTdxHobList (
 {
   return EFI_UNSUPPORTED;
 }
+
+/**
+  In Tdx guest, the system memory is passed in TdHob by host VMM. So
+  the major task of PlatformTdxPublishRamRegions is to walk thru the
+  TdHob list and transfer the ResourceDescriptorHob and MemoryAllocationHob
+  to the hobs in DXE phase.
+
+  MemoryAllocationHob should also be created for Mailbox and Ovmf work area.
+**/
+VOID
+EFIAPI
+PlatformTdxPublishRamRegions (
+  VOID
+  )
+{
+}
diff --git a/OvmfPkg/Library/PlatformInitLib/MemDetect.c 
b/OvmfPkg/Library/PlatformInitLib/MemDetect.c
index 911c0906cb3d..4c1dedf863c3 100644
--- 

[edk2-devel] [PATCH V11 37/47] UefiCpuPkg: Update AddressEncMask in CpuPageTable

[Min Xu]

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

MMIO region in Tdx guest is set with PcdTdxSharedBitMask in TdxDxe's
entry point. In SEV guest the page table entries is set with
PcdPteMemoryEncryptionAddressOrMask when creating 1:1 identity table.

So the AddressEncMask in GetPageTableEntry (@CpuPageTable.c) is either
PcdPteMemoryEncryptionAddressOrMask (in SEV guest), or
PcdTdxSharedBitMask (in TDX guest), or all-0 (in Legacy guest).

Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Eric Dong 
Cc: Ray Ni 
Cc: Rahul Kumar 
Cc: Gerd Hoffmann 
Acked-by: Gerd Hoffmann 
Reviewed-by: Ray Ni 
Signed-off-by: Min Xu 
---
 UefiCpuPkg/CpuDxe/CpuDxe.inf | 1 +
 UefiCpuPkg/CpuDxe/CpuPageTable.c | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/UefiCpuPkg/CpuDxe/CpuDxe.inf b/UefiCpuPkg/CpuDxe/CpuDxe.inf
index d87fe503d152..235241899222 100644
--- a/UefiCpuPkg/CpuDxe/CpuDxe.inf
+++ b/UefiCpuPkg/CpuDxe/CpuDxe.inf
@@ -80,6 +80,7 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask## 
CONSUMES
   gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList  ## 
CONSUMES
   gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize## 
CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask## 
CONSUMES
 
 [Depex]
   TRUE
diff --git a/UefiCpuPkg/CpuDxe/CpuPageTable.c b/UefiCpuPkg/CpuDxe/CpuPageTable.c
index d9e65ab4b22a..f7a4d92e921a 100644
--- a/UefiCpuPkg/CpuDxe/CpuPageTable.c
+++ b/UefiCpuPkg/CpuDxe/CpuPageTable.c
@@ -307,6 +307,9 @@ GetPageTableEntry (
   // Make sure AddressEncMask is contained to smallest supported address field.
   //
   AddressEncMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) & 
PAGING_1G_ADDRESS_MASK_64;
+  if (AddressEncMask == 0) {
+AddressEncMask = PcdGet64 (PcdTdxSharedBitMask) & 
PAGING_1G_ADDRESS_MASK_64;
+  }
 
   if (PagingContext->MachineType == IMAGE_FILE_MACHINE_X64) {
 if ((PagingContext->ContextData.X64.Attributes & 
PAGE_TABLE_LIB_PAGING_CONTEXT_IA32_X64_ATTRIBUTES_5_LEVEL) != 0) {
-- 
2.29.2.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88126): https://edk2.groups.io/g/devel/message/88126
Mute This Topic: https://groups.io/mt/90080014/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V11 36/47] MdeModulePkg: Add PcdTdxSharedBitMask

[Min Xu]

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

Guest Physical Address (GPA) space in Td guest is divided into private
and shared sub-spaces, determined by the SHARED bit of GPA. This PCD
holds the shared bit mask. Its default value is 0 and it will be set
in PlatformPei driver if it is of Td guest.

Cc: Jian J Wang 
Cc: Hao A Wu 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Acked-by: Gerd Hoffmann 
Reviewed-by: Jian J Wang 
Signed-off-by: Min Xu 
---
 MdeModulePkg/MdeModulePkg.dec  | 4 
 OvmfPkg/AmdSev/AmdSevX64.dsc   | 3 +++
 OvmfPkg/Bhyve/BhyveX64.dsc | 3 +++
 OvmfPkg/CloudHv/CloudHvX64.dsc | 3 +++
 OvmfPkg/Microvm/MicrovmX64.dsc | 3 +++
 OvmfPkg/OvmfPkgIa32.dsc| 3 +++
 OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
 OvmfPkg/OvmfPkgX64.dsc | 3 +++
 OvmfPkg/OvmfXen.dsc| 3 +++
 9 files changed, 26 insertions(+)

diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 40601c95832b..cf79292ec877 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -2083,6 +2083,10 @@
   # @Prompt Enable PCIe Resizable BAR Capability support.
   
gEfiMdeModulePkgTokenSpaceGuid.PcdPcieResizableBarSupport|FALSE|BOOLEAN|0x1024
 
+  ## This PCD holds the shared bit mask for page table entries when Tdx is 
enabled.
+  # @Prompt The shared bit mask when Intel Tdx is enabled.
+  gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0|UINT64|0x1025
+
 [PcdsPatchableInModule]
   ## Specify memory size with page number for PEI code when
   #  Loading Module at Fixed Address feature is enabled.
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index c173a72134f4..dda98aa43bdb 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -558,6 +558,9 @@
   # Set memory encryption mask
   gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0
 
+  # Set Tdx shared bit mask
+  gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0
+
   # Set SEV-ES defaults
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0
diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc
index 656e407473bb..0daae82d6705 100644
--- a/OvmfPkg/Bhyve/BhyveX64.dsc
+++ b/OvmfPkg/Bhyve/BhyveX64.dsc
@@ -550,6 +550,9 @@
   # Set memory encryption mask
   gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0
 
+  # Set Tdx shared bit mask
+  gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0
+
   gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
 
   # MdeModulePkg resolution sets up the system display resolution
diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc
index c307f1cc7550..1732f281b435 100644
--- a/OvmfPkg/CloudHv/CloudHvX64.dsc
+++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
@@ -603,6 +603,9 @@
   # Set memory encryption mask
   gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0
 
+  # Set Tdx shared bit mask
+  gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0
+
   # Set SEV-ES defaults
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
index 0eac0c02c630..cde90f523520 100644
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
@@ -592,6 +592,9 @@
   # Set memory encryption mask
   gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0
 
+  # Set Tdx shared bit mask
+  gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0
+
   # Set SEV-ES defaults
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 8f02dca63869..01a26c234a88 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -618,6 +618,9 @@
   # Set memory encryption mask
   gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0
 
+  # Set Tdx shared bit mask
+  gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0
+
   # Set SEV-ES defaults
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 98a6748c62dd..bf08e893e053 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -631,6 +631,7 @@
 
   # Set memory encryption mask
   gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0
+  gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0
 
   # Set SEV-ES defaults
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 2df5b2999610..3092036bb7f6 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -642,6 +642,9 @@
   # Set memory encryption mask
   gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0
 
+  # Set 

[edk2-devel] [PATCH V11 35/47] MdeModulePkg: Skip setting IA32_ERER.NXE if it has already been set

[Min Xu]

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

If IA32_ERER.NXE has already been set, skip setting it again.

Cc: Jian J Wang 
Cc: Hao A Wu 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Acked-by: Gerd Hoffmann 
Reviewed-by: Jian J Wang 
Signed-off-by: Min Xu 
---
 MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c 
b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
index 1ebab2782010..a451ca160408 100644
--- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
+++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
@@ -179,9 +179,11 @@ EnableExecuteDisableBit (
 {
   UINT64  MsrRegisters;
 
-  MsrRegisters  = AsmReadMsr64 (0xC080);
-  MsrRegisters |= BIT11;
-  AsmWriteMsr64 (0xC080, MsrRegisters);
+  MsrRegisters = AsmReadMsr64 (0xC080);
+  if ((MsrRegisters & BIT11) == 0) {
+MsrRegisters |= BIT11;
+AsmWriteMsr64 (0xC080, MsrRegisters);
+  }
 }
 
 /**
-- 
2.29.2.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88124): https://edk2.groups.io/g/devel/message/88124
Mute This Topic: https://groups.io/mt/90080012/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V11 34/47] OvmfPkg: Check Tdx in QemuFwCfgPei to avoid DMA operation

[Min Xu]

RFC： https://bugzilla.tianocore.org/show_bug.cgi?id=3429

If TDX is enabled then we do not support DMA operation in PEI phase.
This is mainly because DMA in TDX guest requires using bounce buffer
(which need to allocate dynamic memory and allocating a PAGE size'd
buffer can be challenge in PEI phase).

Cc: Ard Biesheuvel 
Cc: Jordan Justen 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Acked-by: Gerd Hoffmann 
Signed-off-by: Min Xu 
---
 .../QemuFwCfgLib/QemuFwCfgLibInternal.h   | 11 +++
 OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c   | 32 +++
 .../Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf  |  2 ++
 3 files changed, 45 insertions(+)

diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLibInternal.h 
b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLibInternal.h
index 0b77cad1c030..6f7beb6ac1c7 100644
--- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLibInternal.h
+++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLibInternal.h
@@ -59,4 +59,15 @@ InternalQemuFwCfgDmaBytes (
   IN UINT32  Control
   );
 
+/**
+  Check if it is Tdx guest
+
+  @retvalTRUE   It is Tdx guest
+  @retvalFALSE  It is not Tdx guest
+**/
+BOOLEAN
+QemuFwCfgIsTdxGuest (
+  VOID
+  );
+
 #endif
diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c 
b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c
index f696fb7cacaa..b8230613dcea 100644
--- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c
+++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c
@@ -14,12 +14,30 @@
 #include 
 #include 
 #include 
+#include 
 
 #include "QemuFwCfgLibInternal.h"
 
 STATIC BOOLEAN  mQemuFwCfgSupported = FALSE;
 STATIC BOOLEAN  mQemuFwCfgDmaSupported;
 
+/**
+  Check if it is Tdx guest
+
+  @retvalTRUE   It is Tdx guest
+  @retvalFALSE  It is not Tdx guest
+**/
+BOOLEAN
+QemuFwCfgIsTdxGuest (
+  VOID
+  )
+{
+  CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER  *CcWorkAreaHeader;
+
+  CcWorkAreaHeader = (CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER *)FixedPcdGet32 
(PcdOvmfWorkAreaBase);
+  return (CcWorkAreaHeader != NULL && CcWorkAreaHeader->GuestType == 
GUEST_TYPE_INTEL_TDX);
+}
+
 /**
   Returns a boolean indicating if the firmware configuration interface
   is available or not.
@@ -81,6 +99,14 @@ QemuFwCfgInitialize (
 //
 if (MemEncryptSevIsEnabled ()) {
   DEBUG ((DEBUG_INFO, "SEV: QemuFwCfg fallback to IO Port interface.\n"));
+} else if (QemuFwCfgIsTdxGuest ()) {
+  //
+  // If TDX is enabled then we do not support DMA operations in PEI phase.
+  // This is mainly because DMA in TDX guest requires using bounce buffer
+  // (which need to allocate dynamic memory and allocating a PAGE size'd
+  // buffer can be challenge in PEI phase)
+  //
+  DEBUG ((DEBUG_INFO, "TDX: QemuFwCfg fallback to IO Port interface.\n"));
 } else {
   mQemuFwCfgDmaSupported = TRUE;
   DEBUG ((DEBUG_INFO, "QemuFwCfg interface (DMA) is supported.\n"));
@@ -163,6 +189,12 @@ InternalQemuFwCfgDmaBytes (
   //
   ASSERT (!MemEncryptSevIsEnabled ());
 
+  //
+  // TDX does not support DMA operations in PEI stage, we should
+  // not have reached here.
+  //
+  ASSERT (!QemuFwCfgIsTdxGuest ());
+
   Access.Control = SwapBytes32 (Control);
   Access.Length  = SwapBytes32 (Size);
   Access.Address = SwapBytes64 ((UINTN)Buffer);
diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf 
b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf
index 9f9af7d03201..3910511880c9 100644
--- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf
+++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf
@@ -43,3 +43,5 @@
   MemoryAllocationLib
   MemEncryptSevLib
 
+[Pcd]
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
-- 
2.29.2.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88123): https://edk2.groups.io/g/devel/message/88123
Mute This Topic: https://groups.io/mt/90080011/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V11 33/47] OvmfPkg: Update Sec to support Tdx

[Min Xu]

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

There are below major changes in this commit.

1. SecEntry.nasm
In TDX BSP and APs goes to the same entry point in SecEntry.nasm.

BSP initialize the temporary stack and then jumps to SecMain, just as
legacy Ovmf does.

APs spin in a modified mailbox loop using initial mailbox structure.
Its structure defition is in OvmfPkg/Include/IndustryStandard/IntelTdx.h.
APs wait for command to see if the command is for me. If so execute the
command.

2. Sec/SecMain.c
When host VMM create the Td guest, the system memory informations are
stored in TdHob, which is a memory region described in Tdx metadata.
The system memory region in TdHob should be accepted before it can be
accessed. So the major task of this patch is to process the TdHobList
to accept the memory. After that TDVF follow the standard OVMF flow
and jump to PEI phase.

PcdUse1GPageTable is set to FALSE by default in OvmfPkgX64.dsc. It gives
no chance for Intel TDX to support 1G page table. To support 1G page
table this PCD is set to TRUE in OvmfPkgX64.dsc.

TDX_GUEST_SUPPORTED is defined in OvmfPkgX64.dsc. This macro wraps the
Tdx specific code.

TDX only works on X64, so the code is only valid in X64 arch.

Cc: Ard Biesheuvel 
Cc: Jordan Justen 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Acked-by: Gerd Hoffmann 
Signed-off-by: Min Xu 
---
 OvmfPkg/AmdSev/AmdSevX64.dsc  |  1 +
 OvmfPkg/Bhyve/BhyveX64.dsc|  1 +
 OvmfPkg/CloudHv/CloudHvX64.dsc|  1 +
 OvmfPkg/Include/TdxCommondefs.inc | 51 +++
 OvmfPkg/Microvm/MicrovmX64.dsc|  1 +
 OvmfPkg/OvmfPkgIa32X64.dsc|  2 +
 OvmfPkg/OvmfPkgX64.dsc| 14 ++
 OvmfPkg/OvmfXen.dsc   |  1 +
 OvmfPkg/Sec/SecMain.c | 29 ++-
 OvmfPkg/Sec/SecMain.inf   |  3 ++
 OvmfPkg/Sec/X64/SecEntry.nasm | 82 +++
 11 files changed, 184 insertions(+), 2 deletions(-)
 create mode 100644 OvmfPkg/Include/TdxCommondefs.inc

diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 785049c88962..c173a72134f4 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -208,6 +208,7 @@
 [LibraryClasses.common]
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
   VmgExitLib|OvmfPkg/Library/VmgExitLib/VmgExitLib.inf
+  TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
 
 [LibraryClasses.common.SEC]
   TimerLib|OvmfPkg/Library/AcpiTimerLib/BaseRomAcpiTimerLib.inf
diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc
index 5fa08bebd73c..656e407473bb 100644
--- a/OvmfPkg/Bhyve/BhyveX64.dsc
+++ b/OvmfPkg/Bhyve/BhyveX64.dsc
@@ -228,6 +228,7 @@
 [LibraryClasses.common]
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
   VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf
+  TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
 
 [LibraryClasses.common.SEC]
 !ifdef $(DEBUG_ON_SERIAL_PORT)
diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc
index b8a82380202c..c307f1cc7550 100644
--- a/OvmfPkg/CloudHv/CloudHvX64.dsc
+++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
@@ -237,6 +237,7 @@
 [LibraryClasses.common]
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
   VmgExitLib|OvmfPkg/Library/VmgExitLib/VmgExitLib.inf
+  TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
 
 [LibraryClasses.common.SEC]
   TimerLib|OvmfPkg/Library/AcpiTimerLib/BaseRomAcpiTimerLib.inf
diff --git a/OvmfPkg/Include/TdxCommondefs.inc 
b/OvmfPkg/Include/TdxCommondefs.inc
new file mode 100644
index ..970eac96592a
--- /dev/null
+++ b/OvmfPkg/Include/TdxCommondefs.inc
@@ -0,0 +1,51 @@
+;--
+; @file
+; TDX Common defitions used by the APs in mailbox
+;
+; Copyright (c) 2021, Intel Corporation. All rights reserved.
+; SPDX-License-Identifier: BSD-2-Clause-Patent
+;
+;--
+
+CommandOffset equ   00h
+ApicidOffset  equ   04h
+WakeupVectorOffsetequ   08h
+OSArgsOffset  equ   10h
+FirmwareArgsOffsetequ   800h
+WakeupArgsRelocatedMailBoxequ   800h
+AcceptPageArgsPhysicalStart   equ   800h
+AcceptPageArgsPhysicalEnd equ   808h
+AcceptPageArgsChunkSize   equ   810h
+AcceptPageArgsPageSizeequ   818h
+CpuArrivalOffset  equ   900h
+CpusExitingOffset equ   0a00h
+TalliesOffset equ   0a08h
+ErrorsOffset  equ   0e08h
+
+SIZE_4KB  equ   1000h
+SIZE_2MB  equ   20h

[edk2-devel] [PATCH V11 32/47] OvmfPkg/Sec: Declare local variable as volatile in SecCoreStartupWithStack

[Min Xu]

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

Declare the local variables in SecCoreStartupWithStack that actually
move the data elements as volatile to prevent the optimizer from
replacing this function with the intrinsic memcpy().

Cc: Ard Biesheuvel 
Cc: Jordan Justen 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Acked-by: Gerd Hoffmann 
Signed-off-by: Min Xu 
---
 OvmfPkg/Sec/SecMain.c | 15 ++-
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
index 2c5561661ef3..02520e25ab9a 100644
--- a/OvmfPkg/Sec/SecMain.c
+++ b/OvmfPkg/Sec/SecMain.c
@@ -757,12 +757,17 @@ SecCoreStartupWithStack (
   //
   IdtTableInStack.PeiService = NULL;
   for (Index = 0; Index < SEC_IDT_ENTRY_COUNT; Index++) {
-UINT8  *Src;
-UINT8  *Dst;
-UINTN  Byte;
+//
+// Declare the local variables that actually move the data elements as
+// volatile to prevent the optimizer from replacing this function with
+// the intrinsic memcpy()
+//
+CONST UINT8 *Src;
+volatile UINT8  *Dst;
+UINTN   Byte;
 
-Src = (UINT8 *)
-Dst = (UINT8 *)[Index];
+Src = (CONST UINT8 *)
+Dst = (volatile UINT8 *)[Index];
 for (Byte = 0; Byte < sizeof (mIdtEntryTemplate); Byte++) {
   Dst[Byte] = Src[Byte];
 }
-- 
2.29.2.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88121): https://edk2.groups.io/g/devel/message/88121
Mute This Topic: https://groups.io/mt/90080009/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V11 31/47] OvmfPkg: Update PlatformInitLib to process Tdx hoblist

[Min Xu]

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

When host VMM create the Td guest, the system memory informations are
stored in TdHob, which is a memory region described in Tdx metadata.
The system memory region in TdHob should be accepted before it can be
accessed. So the newly added function (ProcessTdxHobList) is to process
the TdHobList to accept the memory. Because TdHobList is provided by
host VMM which is not trusted, so its content should be checked before
it is consumed by TDVF.

Because ProcessTdxHobList is to be called in SEC phase, so
PlatformInitLib.inf is updated to support SEC.

Note: In this patch it is BSP which accepts the pages. So there maybe
boot performance issue. There are some mitigations to this issue, such
as lazy accept, 2M accept page size, etc. We will re-visit here in the
future.

EFI_RESOURCE_MEMORY_UNACCEPTED is a new ResourceType in
EFI_HOB_RESOURCE_DESCRIPTOR. It is defined for the unaccepted memory
passed from Host VMM. This is proposed in microsoft/mu_basecore#66
files#diff-b20a11152d1ce9249c691be5690b4baf52069efadf2e2546cdd2eb663d80c9
e4R237 according to UEFI-Code-First. The proposal was approved in 2021
in UEFI Mantis, and will be added to the new PI.next specification.

Per the MdePkg reviewer's comments, before this new ResourceType is
added in the PI spec, it should not be in MdePkg. So it is now
defined as an internal implementation and will be moved to
MdePkg/Include/Pi/PiHob.h after it is added in PI spec.
See https://edk2.groups.io/g/devel/message/87641

PcdTdxAcceptPageSize is added for page accepting. Currently TDX supports
4K and 2M accept page size. The default value is 2M.

Tdx guest is only supported in X64. So for IA32 ProcessTdxHobList
just returns EFI_UNSUPPORTED.

Cc: Ard Biesheuvel 
Cc: Jordan Justen 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Acked-by: Gerd Hoffmann 
Signed-off-by: Min Xu 
---
 OvmfPkg/Include/Library/PlatformInitLib.h |  17 +
 OvmfPkg/Library/PlatformInitLib/IntelTdx.c| 514 ++
 .../Library/PlatformInitLib/IntelTdxNull.c|  30 +
 .../PlatformInitLib/PlatformInitLib.inf   |  13 +-
 OvmfPkg/OvmfPkg.dec   |   3 +
 5 files changed, 576 insertions(+), 1 deletion(-)
 create mode 100644 OvmfPkg/Library/PlatformInitLib/IntelTdx.c
 create mode 100644 OvmfPkg/Library/PlatformInitLib/IntelTdxNull.c

diff --git a/OvmfPkg/Include/Library/PlatformInitLib.h 
b/OvmfPkg/Include/Library/PlatformInitLib.h
index b31f521578c2..6152a43d0da7 100644
--- a/OvmfPkg/Include/Library/PlatformInitLib.h
+++ b/OvmfPkg/Include/Library/PlatformInitLib.h
@@ -203,4 +203,21 @@ PlatformMaxCpuCountInitialization (
   IN OUT EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
   );
 
+/**
+  In Tdx guest, some information need to be passed from host VMM to guest
+  firmware. For example, the memory resource, etc. These information are
+  prepared by host VMM and put in HobList which is described in TdxMetadata.
+
+  Information in HobList is treated as external input. From the security
+  perspective before it is consumed, it should be validated.
+
+  @retval   EFI_SUCCESS   Successfully process the hoblist
+  @retval   OthersOther error as indicated
+**/
+EFI_STATUS
+EFIAPI
+ProcessTdxHobList (
+  VOID
+  );
+
 #endif // PLATFORM_INIT_LIB_H_
diff --git a/OvmfPkg/Library/PlatformInitLib/IntelTdx.c 
b/OvmfPkg/Library/PlatformInitLib/IntelTdx.c
new file mode 100644
index ..e9196b7ffaa7
--- /dev/null
+++ b/OvmfPkg/Library/PlatformInitLib/IntelTdx.c
@@ -0,0 +1,514 @@
+/** @file
+  Initialize Intel TDX support.
+
+  Copyright (c) 2021, Intel Corporation. All rights reserved.
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#define ALIGNED_2MB_MASK0x1f
+#define EFI_RESOURCE_MEMORY_UNACCEPTED  7
+
+/**
+  This function will be called to accept pages. Only BSP accepts pages.
+
+  TDCALL(ACCEPT_PAGE) supports the accept page size of 4k and 2M. To
+  simplify the implementation, the Memory to be accpeted is splitted
+  into 3 parts:
+  -  <-- StartAddress1 (not 2M aligned)
+  |  part 1   |  Length1 < 2M
+  |---|  <-- StartAddress2 (2M aligned)
+  |   |  Length2 = Integer multiples of 2M
+  |  part 2   |
+  |   |
+  |---|  <-- StartAddress3
+  |  part 3   |  Length3 < 2M
+  |---|
+
+  @param[in] PhysicalAddress   Start physical adress
+  @param[in] PhysicalEnd   End physical address
+
+  @retvalEFI_SUCCESS   Accept memory successfully
+  @retvalOthersOther errors as indicated
+**/
+EFI_STATUS
+EFIAPI
+BspAcceptMemoryResourceRange (
+  IN EFI_PHYSICAL_ADDRESS  PhysicalAddress,
+  IN EFI_PHYSICAL_ADDRESS  PhysicalEnd
+  )
+{
+  

[edk2-devel] [PATCH V11 30/47] OvmfPkg/PlatformInitLib: Move functions to Platform.c

[Min Xu]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3863

Move functions in PlatformPei/Platform.c to PlatformInitLib/Platform.c.

Cc: Ard Biesheuvel 
Cc: Jordan Justen 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Cc: Sebastien Boeuf 
Acked-by: Gerd Hoffmann 
Signed-off-by: Min Xu 
---
 OvmfPkg/Include/Library/PlatformInitLib.h  |  34 ++
 OvmfPkg/Library/PlatformInitLib/Platform.c | 465 +
 OvmfPkg/PlatformPei/Platform.c | 451 
 3 files changed, 499 insertions(+), 451 deletions(-)

diff --git a/OvmfPkg/Include/Library/PlatformInitLib.h 
b/OvmfPkg/Include/Library/PlatformInitLib.h
index 62020efadf37..b31f521578c2 100644
--- a/OvmfPkg/Include/Library/PlatformInitLib.h
+++ b/OvmfPkg/Include/Library/PlatformInitLib.h
@@ -169,4 +169,38 @@ PlatformQemuInitializeRamForS3 (
   IN EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
   );
 
+VOID
+EFIAPI
+PlatformMemMapInitialization (
+  IN OUT EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
+  );
+
+/**
+ * Fetch "opt/ovmf/PcdSetNxForStack" from QEMU
+ *
+ * @param Setting The pointer to the setting of 
"/opt/ovmf/PcdSetNxForStack".
+ * @return EFI_SUCCESS  Successfully fetch the settings.
+ */
+EFI_STATUS
+EFIAPI
+PlatformNoexecDxeInitialization (
+  IN OUT EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
+  );
+
+VOID
+EFIAPI
+PlatformMiscInitialization (
+  IN EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
+  );
+
+/**
+  Fetch the boot CPU count and the possible CPU count from QEMU, and expose
+  them to UefiCpuPkg modules.
+**/
+VOID
+EFIAPI
+PlatformMaxCpuCountInitialization (
+  IN OUT EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
+  );
+
 #endif // PLATFORM_INIT_LIB_H_
diff --git a/OvmfPkg/Library/PlatformInitLib/Platform.c 
b/OvmfPkg/Library/PlatformInitLib/Platform.c
index e41f230ff563..c4fa7d445394 100644
--- a/OvmfPkg/Library/PlatformInitLib/Platform.c
+++ b/OvmfPkg/Library/PlatformInitLib/Platform.c
@@ -19,6 +19,18 @@
 #include 
 #include 
 #include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
 #include 
 
 VOID
@@ -104,3 +116,456 @@ PlatformAddMemoryRangeHob (
 {
   PlatformAddMemoryBaseSizeHob (MemoryBase, (UINT64)(MemoryLimit - 
MemoryBase));
 }
+
+VOID
+EFIAPI
+PlatformMemMapInitialization (
+  IN OUT EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
+  )
+{
+  UINT64  PciIoBase;
+  UINT64  PciIoSize;
+  UINT32  TopOfLowRam;
+  UINT64  PciExBarBase;
+  UINT32  PciBase;
+  UINT32  PciSize;
+
+  PciIoBase = 0xC000;
+  PciIoSize = 0x4000;
+
+  //
+  // Video memory + Legacy BIOS region
+  //
+  PlatformAddIoMemoryRangeHob (0x0A, BASE_1MB);
+
+  if (PlatformInfoHob->HostBridgeDevId == 0x /* microvm */) {
+PlatformAddIoMemoryBaseSizeHob (MICROVM_GED_MMIO_BASE, SIZE_4KB);
+PlatformAddIoMemoryBaseSizeHob (0xFEC0, SIZE_4KB); /* ioapic #1 */
+PlatformAddIoMemoryBaseSizeHob (0xFEC1, SIZE_4KB); /* ioapic #2 */
+return;
+  }
+
+  TopOfLowRam  = PlatformGetSystemMemorySizeBelow4gb (PlatformInfoHob);
+  PciExBarBase = 0;
+  if (PlatformInfoHob->HostBridgeDevId == INTEL_Q35_MCH_DEVICE_ID) {
+//
+// The MMCONFIG area is expected to fall between the top of low RAM and
+// the base of the 32-bit PCI host aperture.
+//
+PciExBarBase = FixedPcdGet64 (PcdPciExpressBaseAddress);
+ASSERT (TopOfLowRam <= PciExBarBase);
+ASSERT (PciExBarBase <= MAX_UINT32 - SIZE_256MB);
+PciBase = (UINT32)(PciExBarBase + SIZE_256MB);
+  } else {
+ASSERT (TopOfLowRam <= PlatformInfoHob->Uc32Base);
+PciBase = PlatformInfoHob->Uc32Base;
+  }
+
+  //
+  // address   purpose   size
+  //     -
+  // max(top, 2g)  PCI MMIO  0xFC00 - max(top, 2g)
+  // 0xFC00gap   44 MB
+  // 0xFEC0IO-APIC4 KB
+  // 0xFEC01000gap 1020 KB
+  // 0xFED0HPET   1 KB
+  // 0xFED00400gap  111 KB
+  // 0xFED1C000gap (PIIX4) / RCRB (ICH9) 16 KB
+  // 0xFED2gap  896 KB
+  // 0xFEE0LAPIC  1 MB
+  //
+  PciSize = 0xFC00 - PciBase;
+  PlatformAddIoMemoryBaseSizeHob (PciBase, PciSize);
+
+  PlatformInfoHob->PcdPciMmio32Base = PciBase;
+  PlatformInfoHob->PcdPciMmio32Size = PciSize;
+
+  PlatformAddIoMemoryBaseSizeHob (0xFEC0, SIZE_4KB);
+  PlatformAddIoMemoryBaseSizeHob (0xFED0, SIZE_1KB);
+  if (PlatformInfoHob->HostBridgeDevId == INTEL_Q35_MCH_DEVICE_ID) {
+PlatformAddIoMemoryBaseSizeHob (ICH9_ROOT_COMPLEX_BASE, SIZE_16KB);
+//
+// Note: there should be an
+//
+//   PlatformAddIoMemoryBaseSizeHob (PciExBarBase, SIZE_256MB);
+//
+// call below, just like the one above for RCBA. However, Linux insists
+// that the MMCONFIG area be marked in the E820 or UEFI memory map as
+// "reserved memory" 

[edk2-devel] [PATCH V11 28/47] OvmfPkg/PlatformPei: Refactor MiscInitialization

[Min Xu]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3863

MiscInitialization is split into 2 functions:
 - PlatformMiscInitialization is for PlatformInitLib.
 - MiscInitialization calls PlatformMiscInitialization and then sets
   PCD. It is for PlatformPei.

Cc: Ard Biesheuvel 
Cc: Jordan Justen 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Cc: Sebastien Boeuf 
Acked-by: Gerd Hoffmann 
Signed-off-by: Min Xu 
---
 OvmfPkg/PlatformPei/Platform.c | 43 --
 1 file changed, 26 insertions(+), 17 deletions(-)

diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
index e91acca9f769..02697c473d01 100644
--- a/OvmfPkg/PlatformPei/Platform.c
+++ b/OvmfPkg/PlatformPei/Platform.c
@@ -57,12 +57,12 @@ PlatformMemMapInitialization (
   IN OUT EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
   )
 {
-  UINT64 PciIoBase;
-  UINT64 PciIoSize;
-  UINT32 TopOfLowRam;
-  UINT64 PciExBarBase;
-  UINT32 PciBase;
-  UINT32 PciSize;
+  UINT64  PciIoBase;
+  UINT64  PciIoSize;
+  UINT32  TopOfLowRam;
+  UINT64  PciExBarBase;
+  UINT32  PciBase;
+  UINT32  PciSize;
 
   PciIoBase = 0xC000;
   PciIoSize = 0x4000;
@@ -360,17 +360,16 @@ MiscInitializationForMicrovm (
 }
 
 VOID
-MiscInitialization (
+PlatformMiscInitialization (
   IN EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
   )
 {
-  UINTN  PmCmd;
-  UINTN  Pmba;
-  UINT32 PmbaAndVal;
-  UINT32 PmbaOrVal;
-  UINTN  AcpiCtlReg;
-  UINT8  AcpiEnBit;
-  RETURN_STATUS  PcdStatus;
+  UINTN   PmCmd;
+  UINTN   Pmba;
+  UINT32  PmbaAndVal;
+  UINT32  PmbaOrVal;
+  UINTN   AcpiCtlReg;
+  UINT8   AcpiEnBit;
 
   //
   // Disable A20 Mask
@@ -417,9 +416,6 @@ MiscInitialization (
   return;
   }
 
-  PcdStatus = PcdSet16S (PcdOvmfHostBridgePciDevId, 
PlatformInfoHob->HostBridgeDevId);
-  ASSERT_RETURN_ERROR (PcdStatus);
-
   if (PlatformInfoHob->HostBridgeDevId == CLOUDHV_DEVICE_ID) {
 DEBUG ((DEBUG_INFO, "%a: Cloud Hypervisor is done.\n", __FUNCTION__));
 return;
@@ -464,6 +460,19 @@ MiscInitialization (
   }
 }
 
+VOID
+MiscInitialization (
+  IN EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
+  )
+{
+  RETURN_STATUS  PcdStatus;
+
+  PlatformMiscInitialization (PlatformInfoHob);
+
+  PcdStatus = PcdSet16S (PcdOvmfHostBridgePciDevId, 
PlatformInfoHob->HostBridgeDevId);
+  ASSERT_RETURN_ERROR (PcdStatus);
+}
+
 VOID
 BootModeInitialization (
   IN OUT EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
-- 
2.29.2.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88118): https://edk2.groups.io/g/devel/message/88118
Mute This Topic: https://groups.io/mt/90080005/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V11 27/47] OvmfPkg/PlatformPei: Refactor NoexecDxeInitialization

[Min Xu]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3863

NoexecDxeInitialization is split into 2 functions:
 - PlatformNoexecDxeInitialization is for PlatformInitLib
 - NoexecDxeInitialization calls PlatformNoexecDxeInitialization and
   then sets PCD.

Cc: Ard Biesheuvel 
Cc: Jordan Justen 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Cc: Sebastien Boeuf 
Acked-by: Gerd Hoffmann 
Signed-off-by: Min Xu 
---
 OvmfPkg/PlatformPei/Platform.c | 34 +-
 1 file changed, 21 insertions(+), 13 deletions(-)

diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
index b83bd7515809..e91acca9f769 100644
--- a/OvmfPkg/PlatformPei/Platform.c
+++ b/OvmfPkg/PlatformPei/Platform.c
@@ -59,7 +59,6 @@ PlatformMemMapInitialization (
 {
   UINT64 PciIoBase;
   UINT64 PciIoSize;
-  RETURN_STATUS  PcdStatus;
   UINT32 TopOfLowRam;
   UINT64 PciExBarBase;
   UINT32 PciBase;
@@ -199,24 +198,33 @@ MemMapInitialization (
   ASSERT_RETURN_ERROR (PcdStatus);
 }
 
-#define UPDATE_BOOLEAN_PCD_FROM_FW_CFG(TokenName)   \
-  do {  \
-BOOLEAN   Setting;  \
-RETURN_STATUS PcdStatus;\
-\
-if (!RETURN_ERROR (QemuFwCfgParseBool ( \
-  "opt/ovmf/" #TokenName, ))) { \
-  PcdStatus = PcdSetBoolS (TokenName, Setting); \
-  ASSERT_RETURN_ERROR (PcdStatus);  \
-}   \
-  } while (0)
+/**
+ * Fetch "opt/ovmf/PcdSetNxForStack" from QEMU
+ *
+ * @param Setting The pointer to the setting of 
"/opt/ovmf/PcdSetNxForStack".
+ * @return EFI_SUCCESS  Successfully fetch the settings.
+ */
+EFI_STATUS
+EFIAPI
+PlatformNoexecDxeInitialization (
+  IN OUT EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
+  )
+{
+  return QemuFwCfgParseBool ("opt/ovmf/PcdSetNxForStack", 
>PcdSetNxForStack);
+}
 
 VOID
 NoexecDxeInitialization (
   VOID
   )
 {
-  UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdSetNxForStack);
+  RETURN_STATUS  Status;
+
+  Status = PlatformNoexecDxeInitialization ();
+  if (!RETURN_ERROR (Status)) {
+Status = PcdSetBoolS (PcdSetNxForStack, mPlatformInfoHob.PcdSetNxForStack);
+ASSERT_RETURN_ERROR (Status);
+  }
 }
 
 VOID
-- 
2.29.2.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88117): https://edk2.groups.io/g/devel/message/88117
Mute This Topic: https://groups.io/mt/90080004/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V11 26/47] OvmfPkg/PlatformPei: Refactor MemMapInitialization

[Min Xu]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3863

MemMapInitialization is split into 2 functions:
 - PlatformMemMapInitialization is for PlatformInfoLib
 - MemMapInitialization calls PlatformMemMapInitialization and then
   sets PCDs. It is for PlatformPei.

Cc: Ard Biesheuvel 
Cc: Jordan Justen 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Cc: Sebastien Boeuf 
Acked-by: Gerd Hoffmann 
Signed-off-by: Min Xu 
---
 OvmfPkg/PlatformPei/Platform.c | 35 +-
 1 file changed, 26 insertions(+), 9 deletions(-)

diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
index f89d14493ecf..b83bd7515809 100644
--- a/OvmfPkg/PlatformPei/Platform.c
+++ b/OvmfPkg/PlatformPei/Platform.c
@@ -52,7 +52,8 @@ EFI_PEI_PPI_DESCRIPTOR  mPpiBootMode[] = {
 };
 
 VOID
-MemMapInitialization (
+EFIAPI
+PlatformMemMapInitialization (
   IN OUT EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
   )
 {
@@ -110,10 +111,6 @@ MemMapInitialization (
   //
   PciSize = 0xFC00 - PciBase;
   PlatformAddIoMemoryBaseSizeHob (PciBase, PciSize);
-  PcdStatus = PcdSet64S (PcdPciMmio32Base, PciBase);
-  ASSERT_RETURN_ERROR (PcdStatus);
-  PcdStatus = PcdSet64S (PcdPciMmio32Size, PciSize);
-  ASSERT_RETURN_ERROR (PcdStatus);
 
   PlatformInfoHob->PcdPciMmio32Base = PciBase;
   PlatformInfoHob->PcdPciMmio32Size = PciSize;
@@ -173,15 +170,35 @@ MemMapInitialization (
 PciIoBase,
 PciIoSize
 );
-  PcdStatus = PcdSet64S (PcdPciIoBase, PciIoBase);
-  ASSERT_RETURN_ERROR (PcdStatus);
-  PcdStatus = PcdSet64S (PcdPciIoSize, PciIoSize);
-  ASSERT_RETURN_ERROR (PcdStatus);
 
   PlatformInfoHob->PcdPciIoBase = PciIoBase;
   PlatformInfoHob->PcdPciIoSize = PciIoSize;
 }
 
+VOID
+MemMapInitialization (
+  IN OUT EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
+  )
+{
+  RETURN_STATUS  PcdStatus;
+
+  PlatformMemMapInitialization (PlatformInfoHob);
+
+  if (PlatformInfoHob->HostBridgeDevId == 0x /* microvm */) {
+return;
+  }
+
+  PcdStatus = PcdSet64S (PcdPciMmio32Base, PlatformInfoHob->PcdPciMmio32Base);
+  ASSERT_RETURN_ERROR (PcdStatus);
+  PcdStatus = PcdSet64S (PcdPciMmio32Size, PlatformInfoHob->PcdPciMmio32Size);
+  ASSERT_RETURN_ERROR (PcdStatus);
+
+  PcdStatus = PcdSet64S (PcdPciIoBase, PlatformInfoHob->PcdPciIoBase);
+  ASSERT_RETURN_ERROR (PcdStatus);
+  PcdStatus = PcdSet64S (PcdPciIoSize, PlatformInfoHob->PcdPciIoSize);
+  ASSERT_RETURN_ERROR (PcdStatus);
+}
+
 #define UPDATE_BOOLEAN_PCD_FROM_FW_CFG(TokenName)   \
   do {  \
 BOOLEAN   Setting;  \
-- 
2.29.2.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88116): https://edk2.groups.io/g/devel/message/88116
Mute This Topic: https://groups.io/mt/90080002/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V11 25/47] OvmfPkg/PlatformPei: Refactor InitializeRamRegions

[Min Xu]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3863

InitializeRamRegions is refactored into 3 calls:
 - PlatformQemuInitializeRam
 - SevInitializeRam
 - PlatformQemuInitializeRamForS3

SevInitializeRam is not in PlatformInitLib. Because in the first stage
PlatformInitLib only support the basic platform featues.

PlatformQemuInitializeRamForS3 wraps the code which was previously in
InitializeRamRegions (many code in 2 if-checks).

Cc: Ard Biesheuvel 
Cc: Jordan Justen 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Cc: Sebastien Boeuf 
Acked-by: Gerd Hoffmann 
Signed-off-by: Min Xu 
---
 OvmfPkg/PlatformPei/MemDetect.c | 40 -
 OvmfPkg/PlatformPei/Platform.c  |  2 +-
 OvmfPkg/PlatformPei/Platform.h  |  3 ++-
 3 files changed, 28 insertions(+), 17 deletions(-)

diff --git a/OvmfPkg/PlatformPei/MemDetect.c b/OvmfPkg/PlatformPei/MemDetect.c
index 45f7eba65d04..23a583ed3386 100644
--- a/OvmfPkg/PlatformPei/MemDetect.c
+++ b/OvmfPkg/PlatformPei/MemDetect.c
@@ -161,7 +161,7 @@ PlatformQemuUc32BaseInitialization (
   // variable MTRR suffices by truncating the size to a whole power of two,
   // while keeping the end affixed to 4GB. This will round the base up.
   //
-  LowerMemorySize   = GetSystemMemorySizeBelow4gb (PlatformInfoHob);
+  LowerMemorySize   = PlatformGetSystemMemorySizeBelow4gb 
(PlatformInfoHob);
   PlatformInfoHob->Uc32Size = GetPowerOfTwo32 ((UINT32)(SIZE_4GB - 
LowerMemorySize));
   PlatformInfoHob->Uc32Base = (UINT32)(SIZE_4GB - PlatformInfoHob->Uc32Size);
   //
@@ -372,7 +372,8 @@ GetHighestSystemMemoryAddressFromPvhMemmap (
 }
 
 UINT32
-GetSystemMemorySizeBelow4gb (
+EFIAPI
+PlatformGetSystemMemorySizeBelow4gb (
   IN EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
   )
 {
@@ -761,7 +762,7 @@ PublishPeiMemory (
   UINT32S3AcpiReservedMemoryBase;
   UINT32S3AcpiReservedMemorySize;
 
-  LowerMemorySize = GetSystemMemorySizeBelow4gb ();
+  LowerMemorySize = PlatformGetSystemMemorySizeBelow4gb ();
   if (mPlatformInfoHob.SmmSmramRequire) {
 //
 // TSEG is chipped from the end of low RAM
@@ -871,7 +872,7 @@ QemuInitializeRamBelow1gb (
 **/
 STATIC
 VOID
-QemuInitializeRam (
+PlatformQemuInitializeRam (
   IN EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
   )
 {
@@ -885,7 +886,7 @@ QemuInitializeRam (
   //
   // Determine total memory size available
   //
-  LowerMemorySize = GetSystemMemorySizeBelow4gb (PlatformInfoHob);
+  LowerMemorySize = PlatformGetSystemMemorySizeBelow4gb (PlatformInfoHob);
 
   if (PlatformInfoHob->BootMode == BOOT_ON_S3_RESUME) {
 //
@@ -995,19 +996,12 @@ QemuInitializeRam (
   }
 }
 
-/**
-  Publish system RAM and reserve memory regions
-
-**/
+STATIC
 VOID
-InitializeRamRegions (
+PlatformQemuInitializeRamForS3 (
   IN EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
   )
 {
-  QemuInitializeRam (PlatformInfoHob);
-
-  SevInitializeRam ();
-
   if (PlatformInfoHob->S3Supported && (PlatformInfoHob->BootMode != 
BOOT_ON_S3_RESUME)) {
 //
 // This is the memory range that will be used for PEI on S3 resume
@@ -1113,7 +1107,7 @@ InitializeRamRegions (
   //
   TsegSize = PlatformInfoHob->Q35TsegMbytes * SIZE_1MB;
   BuildMemoryAllocationHob (
-GetSystemMemorySizeBelow4gb (PlatformInfoHob) - TsegSize,
+PlatformGetSystemMemorySizeBelow4gb (PlatformInfoHob) - TsegSize,
 TsegSize,
 EfiReservedMemoryType
 );
@@ -1152,3 +1146,19 @@ InitializeRamRegions (
  #endif
   }
 }
+
+/**
+  Publish system RAM and reserve memory regions
+
+**/
+VOID
+InitializeRamRegions (
+  IN EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
+  )
+{
+  PlatformQemuInitializeRam (PlatformInfoHob);
+
+  SevInitializeRam ();
+
+  PlatformQemuInitializeRamForS3 (PlatformInfoHob);
+}
diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
index 1275c9187e86..f89d14493ecf 100644
--- a/OvmfPkg/PlatformPei/Platform.c
+++ b/OvmfPkg/PlatformPei/Platform.c
@@ -79,7 +79,7 @@ MemMapInitialization (
 return;
   }
 
-  TopOfLowRam  = GetSystemMemorySizeBelow4gb (PlatformInfoHob);
+  TopOfLowRam  = PlatformGetSystemMemorySizeBelow4gb (PlatformInfoHob);
   PciExBarBase = 0;
   if (PlatformInfoHob->HostBridgeDevId == INTEL_Q35_MCH_DEVICE_ID) {
 //
diff --git a/OvmfPkg/PlatformPei/Platform.h b/OvmfPkg/PlatformPei/Platform.h
index 038a806a1e1b..635d58379a24 100644
--- a/OvmfPkg/PlatformPei/Platform.h
+++ b/OvmfPkg/PlatformPei/Platform.h
@@ -35,7 +35,8 @@ PublishPeiMemory (
   );
 
 UINT32
-GetSystemMemorySizeBelow4gb (
+EFIAPI
+PlatformGetSystemMemorySizeBelow4gb (
   IN EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
   );
 
-- 
2.29.2.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88115): https://edk2.groups.io/g/devel/message/88115
Mute This Topic: https://groups.io/mt/90080001/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: 

[edk2-devel] [PATCH V11 24/47] OvmfPkg/PlatformPei: Refactor QemuUc32BaseInitialization

[Min Xu]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3863

Rename QemuUc32BaseInitialization to PlatformQemuUc32BaseInitialization.
This function is for PlatformInitLib.

Cc: Ard Biesheuvel 
Cc: Jordan Justen 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Cc: Sebastien Boeuf 
Acked-by: Gerd Hoffmann 
Signed-off-by: Min Xu 
---
 OvmfPkg/PlatformPei/MemDetect.c | 3 ++-
 OvmfPkg/PlatformPei/Platform.c  | 2 +-
 OvmfPkg/PlatformPei/Platform.h  | 3 ++-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/OvmfPkg/PlatformPei/MemDetect.c b/OvmfPkg/PlatformPei/MemDetect.c
index 5507d9585bab..45f7eba65d04 100644
--- a/OvmfPkg/PlatformPei/MemDetect.c
+++ b/OvmfPkg/PlatformPei/MemDetect.c
@@ -125,7 +125,8 @@ Q35SmramAtDefaultSmbaseInitialization (
 }
 
 VOID
-QemuUc32BaseInitialization (
+EFIAPI
+PlatformQemuUc32BaseInitialization (
   IN OUT EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
   )
 {
diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
index 20e38a098d52..1275c9187e86 100644
--- a/OvmfPkg/PlatformPei/Platform.c
+++ b/OvmfPkg/PlatformPei/Platform.c
@@ -780,7 +780,7 @@ InitializePlatform (
 
   PublishPeiMemory ();
 
-  QemuUc32BaseInitialization ();
+  PlatformQemuUc32BaseInitialization ();
 
   InitializeRamRegions ();
 
diff --git a/OvmfPkg/PlatformPei/Platform.h b/OvmfPkg/PlatformPei/Platform.h
index ff4459d79fe4..038a806a1e1b 100644
--- a/OvmfPkg/PlatformPei/Platform.h
+++ b/OvmfPkg/PlatformPei/Platform.h
@@ -40,7 +40,8 @@ GetSystemMemorySizeBelow4gb (
   );
 
 VOID
-QemuUc32BaseInitialization (
+EFIAPI
+PlatformQemuUc32BaseInitialization (
   IN OUT EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
   );
 
-- 
2.29.2.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88114): https://edk2.groups.io/g/devel/message/88114
Mute This Topic: https://groups.io/mt/9008/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V11 23/47] OvmfPkg/PlatformPei: Refactor MaxCpuCountInitialization

[Min Xu]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3863

MaxCpuCountInitialization is splitted into two:
 - PlatformMaxCpuCountInitialization is for PlatformInitLib
 - MaxCpuCountInitialization is for PlatformPei. It calls
   PlatformMaxCpuCountInitialization then sets PCDs.

Cc: Ard Biesheuvel 
Cc: Jordan Justen 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Cc: Sebastien Boeuf 
Acked-by: Gerd Hoffmann 
Signed-off-by: Min Xu 
---
 OvmfPkg/PlatformPei/Platform.c | 33 +++--
 1 file changed, 23 insertions(+), 10 deletions(-)

diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
index 7d370c9b8fa8..20e38a098d52 100644
--- a/OvmfPkg/PlatformPei/Platform.c
+++ b/OvmfPkg/PlatformPei/Platform.c
@@ -539,16 +539,15 @@ Q35BoardVerification (
 
 /**
   Fetch the boot CPU count and the possible CPU count from QEMU, and expose
-  them to UefiCpuPkg modules. Set the mMaxCpuCount variable.
+  them to UefiCpuPkg modules. Set the MaxCpuCount field in PlatformInfoHob.
 **/
 VOID
-MaxCpuCountInitialization (
+PlatformMaxCpuCountInitialization (
   IN OUT EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
   )
 {
-  UINT16 BootCpuCount;
-  UINT32 MaxCpuCount;
-  RETURN_STATUS  PcdStatus;
+  UINT16  BootCpuCount;
+  UINT32  MaxCpuCount;
 
   //
   // Try to fetch the boot CPU count.
@@ -705,15 +704,29 @@ MaxCpuCountInitialization (
 ));
   ASSERT (BootCpuCount <= MaxCpuCount);
 
-  PcdStatus = PcdSet32S (PcdCpuBootLogicalProcessorNumber, BootCpuCount);
-  ASSERT_RETURN_ERROR (PcdStatus);
-  PcdStatus = PcdSet32S (PcdCpuMaxLogicalProcessorNumber, MaxCpuCount);
-  ASSERT_RETURN_ERROR (PcdStatus);
-
   PlatformInfoHob->PcdCpuMaxLogicalProcessorNumber  = MaxCpuCount;
   PlatformInfoHob->PcdCpuBootLogicalProcessorNumber = BootCpuCount;
 }
 
+/**
+  Fetch the boot CPU count and the possible CPU count from QEMU, and expose
+  them to UefiCpuPkg modules. Set the MaxCpuCount field in PlatformInfoHob.
+**/
+VOID
+MaxCpuCountInitialization (
+  IN OUT EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
+  )
+{
+  RETURN_STATUS  PcdStatus;
+
+  PlatformMaxCpuCountInitialization (PlatformInfoHob);
+
+  PcdStatus = PcdSet32S (PcdCpuBootLogicalProcessorNumber, 
PlatformInfoHob->PcdCpuBootLogicalProcessorNumber);
+  ASSERT_RETURN_ERROR (PcdStatus);
+  PcdStatus = PcdSet32S (PcdCpuMaxLogicalProcessorNumber, 
PlatformInfoHob->PcdCpuMaxLogicalProcessorNumber);
+  ASSERT_RETURN_ERROR (PcdStatus);
+}
+
 /**
   Perform Platform PEI initialization.
 
-- 
2.29.2.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88113): https://edk2.groups.io/g/devel/message/88113
Mute This Topic: https://groups.io/mt/90079998/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V11 22/47] OvmfPkg/PlatformPei: Refactor AddressWidthInitialization

[Min Xu]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3863

>From this patch we start to restruct the functions which set PCDs into
two, one for PlatformInitLib, one for PlatformPei.

AddressWidthInitialization is the first one. It is splitted into two:
 - PlatformAddressWidthInitialization is for PlatformInitLib
 - AddressWidthInitialization is for PlatformPei. It calls
   PlatformAddressWidthInitialization then set PCDs.

Below functions are also refined for PlatformInitLib:
 - PlatformScanOrAdd64BitE820Ram
 - PlatformGetSystemMemorySizeAbove4gb
 - PlatformGetFirstNonAddress

All the SetPcd codes are removed from above functions.

Cc: Ard Biesheuvel 
Cc: Jordan Justen 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Cc: Sebastien Boeuf 
Acked-by: Gerd Hoffmann 
Signed-off-by: Min Xu 
---
 OvmfPkg/PlatformPei/MemDetect.c | 117 
 OvmfPkg/PlatformPei/Platform.c  |   6 +-
 2 files changed, 78 insertions(+), 45 deletions(-)

diff --git a/OvmfPkg/PlatformPei/MemDetect.c b/OvmfPkg/PlatformPei/MemDetect.c
index f3819b997b3b..5507d9585bab 100644
--- a/OvmfPkg/PlatformPei/MemDetect.c
+++ b/OvmfPkg/PlatformPei/MemDetect.c
@@ -189,7 +189,7 @@ QemuUc32BaseInitialization (
   Find the highest exclusive >=4GB RAM address, or produce memory resource
   descriptor HOBs for RAM entries that start at or above 4GB.
 
-  @param[out] MaxAddress  If MaxAddress is NULL, then ScanOrAdd64BitE820Ram()
+  @param[out] MaxAddress  If MaxAddress is NULL, then 
PlatformScanOrAdd64BitE820Ram()
   produces memory resource descriptor HOBs for RAM
   entries that start at or above 4GB.
 
@@ -210,7 +210,7 @@ QemuUc32BaseInitialization (
 **/
 STATIC
 EFI_STATUS
-ScanOrAdd64BitE820Ram (
+PlatformScanOrAdd64BitE820Ram (
   IN BOOLEAN  AddHighHob,
   OUT UINT64  *LowMemory OPTIONAL,
   OUT UINT64  *MaxAddress OPTIONAL
@@ -385,7 +385,7 @@ GetSystemMemorySizeBelow4gb (
 return (UINT32)GetHighestSystemMemoryAddressFromPvhMemmap (TRUE);
   }
 
-  Status = ScanOrAdd64BitE820Ram (FALSE, , NULL);
+  Status = PlatformScanOrAdd64BitE820Ram (FALSE, , NULL);
   if ((Status == EFI_SUCCESS) && (LowerMemorySize > 0)) {
 return (UINT32)LowerMemorySize;
   }
@@ -407,7 +407,7 @@ GetSystemMemorySizeBelow4gb (
 
 STATIC
 UINT64
-GetSystemMemorySizeAbove4gb (
+PlatformGetSystemMemorySizeAbove4gb (
   )
 {
   UINT32  Size;
@@ -434,7 +434,7 @@ GetSystemMemorySizeAbove4gb (
 **/
 STATIC
 UINT64
-GetFirstNonAddress (
+PlatformGetFirstNonAddress (
   IN OUT  EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
   )
 {
@@ -444,7 +444,6 @@ GetFirstNonAddress (
   FIRMWARE_CONFIG_ITEM  FwCfgItem;
   UINTN FwCfgSize;
   UINT64HotPlugMemoryEnd;
-  RETURN_STATUS PcdStatus;
 
   //
   // set FirstNonAddress to suppress incorrect compiler/analyzer warnings
@@ -458,9 +457,9 @@ GetFirstNonAddress (
   // Otherwise, get the flat size of the memory above 4GB from the CMOS (which
   // can only express a size smaller than 1TB), and add it to 4GB.
   //
-  Status = ScanOrAdd64BitE820Ram (FALSE, NULL, );
+  Status = PlatformScanOrAdd64BitE820Ram (FALSE, NULL, );
   if (EFI_ERROR (Status)) {
-FirstNonAddress = BASE_4GB + GetSystemMemorySizeAbove4gb ();
+FirstNonAddress = BASE_4GB + PlatformGetSystemMemorySizeAbove4gb ();
   }
 
   //
@@ -475,12 +474,6 @@ GetFirstNonAddress (
 
  #endif
 
-  //
-  // Otherwise, in order to calculate the highest address plus one, we must
-  // consider the 64-bit PCI host aperture too. Fetch the default size.
-  //
-  PlatformInfoHob->PcdPciMmio64Size = PcdGet64 (PcdPciMmio64Size);
-
   //
   // See if the user specified the number of megabytes for the 64-bit PCI host
   // aperture. Accept an aperture size up to 16TB.
@@ -522,8 +515,6 @@ GetFirstNonAddress (
 "%a: disabling 64-bit PCI host aperture\n",
 __FUNCTION__
 ));
-  PcdStatus = PcdSet64S (PcdPciMmio64Size, 0);
-  ASSERT_RETURN_ERROR (PcdStatus);
 }
 
 //
@@ -574,26 +565,6 @@ GetFirstNonAddress (
   //
   PlatformInfoHob->PcdPciMmio64Base = ALIGN_VALUE 
(PlatformInfoHob->PcdPciMmio64Base, GetPowerOfTwo64 
(PlatformInfoHob->PcdPciMmio64Size));
 
-  if (PlatformInfoHob->BootMode != BOOT_ON_S3_RESUME) {
-//
-// The core PciHostBridgeDxe driver will automatically add this range to
-// the GCD memory space map through our PciHostBridgeLib instance; here we
-// only need to set the PCDs.
-//
-PcdStatus = PcdSet64S (PcdPciMmio64Base, 
PlatformInfoHob->PcdPciMmio64Base);
-ASSERT_RETURN_ERROR (PcdStatus);
-PcdStatus = PcdSet64S (PcdPciMmio64Size, 
PlatformInfoHob->PcdPciMmio64Size);
-ASSERT_RETURN_ERROR (PcdStatus);
-
-DEBUG ((
-  DEBUG_INFO,
-  "%a: Pci64Base=0x%Lx Pci64Size=0x%Lx\n",
-  __FUNCTION__,
-  PlatformInfoHob->PcdPciMmio64Base,
-  PlatformInfoHob->PcdPciMmio64Size
-  ));
-  }
-
   //
   // The useful address 

[edk2-devel] [PATCH V11 20/47] OvmfPkg/PlatformPei: Refactor MiscInitialization

[Min Xu]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3863

In MiscInitialization Microvm looks a little weird. Other platforms
call PcdSet16S to set the PcdOvmfHostBridgePciDevId with the value same
as PlatformInfoHob->HostBridgeDevId. But Microvm doesn't follow this
way. In switch-case 0x is Microvm, but set with
MICROVM_PSEUDO_DEVICE_ID. So we have to add a new function
( MiscInitializationForMicrovm ) for Microvm and delete the code in
MiscInitialization.

Cc: Ard Biesheuvel 
Cc: Jordan Justen 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Cc: Sebastien Boeuf 
Acked-by: Gerd Hoffmann 
Signed-off-by: Min Xu 
---
 OvmfPkg/PlatformPei/Platform.c | 46 ++
 1 file changed, 36 insertions(+), 10 deletions(-)

diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
index 80eb4cc9adcd..af9e72cd7a98 100644
--- a/OvmfPkg/PlatformPei/Platform.c
+++ b/OvmfPkg/PlatformPei/Platform.c
@@ -304,6 +304,36 @@ MicrovmInitialization (
   *FdtHobData = (UINTN)NewBase;
 }
 
+VOID
+MiscInitializationForMicrovm (
+  IN EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
+  )
+{
+  RETURN_STATUS  PcdStatus;
+
+  ASSERT (PlatformInfoHob->HostBridgeDevId == 0x);
+
+  DEBUG ((DEBUG_INFO, "%a: microvm\n", __FUNCTION__));
+  //
+  // Disable A20 Mask
+  //
+  IoOr8 (0x92, BIT1);
+
+  //
+  // Build the CPU HOB with guest RAM size dependent address width and 16-bits
+  // of IO space. (Side note: unlike other HOBs, the CPU HOB is needed during
+  // S3 resume as well, so we build it unconditionally.)
+  //
+  BuildCpuHob (PlatformInfoHob->PhysMemAddressWidth, 16);
+
+  MicrovmInitialization ();
+  PcdStatus = PcdSet16S (
+PcdOvmfHostBridgePciDevId,
+MICROVM_PSEUDO_DEVICE_ID
+);
+  ASSERT_RETURN_ERROR (PcdStatus);
+}
+
 VOID
 MiscInitialization (
   IN EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
@@ -349,15 +379,6 @@ MiscInitialization (
   AcpiCtlReg = POWER_MGMT_REGISTER_Q35 (ICH9_ACPI_CNTL);
   AcpiEnBit  = ICH9_ACPI_CNTL_ACPI_EN;
   break;
-case 0x: /* microvm */
-  DEBUG ((DEBUG_INFO, "%a: microvm\n", __FUNCTION__));
-  MicrovmInitialization ();
-  PcdStatus = PcdSet16S (
-PcdOvmfHostBridgePciDevId,
-MICROVM_PSEUDO_DEVICE_ID
-);
-  ASSERT_RETURN_ERROR (PcdStatus);
-  return;
 case CLOUDHV_DEVICE_ID:
   DEBUG ((DEBUG_INFO, "%a: Cloud Hypervisor host bridge\n", __FUNCTION__));
   PcdStatus = PcdSet16S (
@@ -762,7 +783,12 @@ InitializePlatform (
 
   InstallClearCacheCallback ();
   AmdSevInitialize ();
-  MiscInitialization ();
+  if (mPlatformInfoHob.HostBridgeDevId == 0x) {
+MiscInitializationForMicrovm ();
+  } else {
+MiscInitialization ();
+  }
+
   InstallFeatureControlCallback ();
 
   return EFI_SUCCESS;
-- 
2.29.2.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88110): https://edk2.groups.io/g/devel/message/88110
Mute This Topic: https://groups.io/mt/90079994/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V11 21/47] OvmfPkg/PlatformPei: Refactor MiscInitialization for CloudHV

[Min Xu]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3863

Refactor MiscInitialization for CloudHV to set PCD as other platforms
do. Because in the following patch we will split the functions which
set PCDs into two, one for PlatformInitLib, one for PlatformPei.

Cc: Ard Biesheuvel 
Cc: Jordan Justen 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Cc: Sebastien Boeuf 
Acked-by: Gerd Hoffmann 
Signed-off-by: Min Xu 
---
 OvmfPkg/PlatformPei/Platform.c | 13 ++---
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
index af9e72cd7a98..3e0c56db57ed 100644
--- a/OvmfPkg/PlatformPei/Platform.c
+++ b/OvmfPkg/PlatformPei/Platform.c
@@ -380,13 +380,7 @@ MiscInitialization (
   AcpiEnBit  = ICH9_ACPI_CNTL_ACPI_EN;
   break;
 case CLOUDHV_DEVICE_ID:
-  DEBUG ((DEBUG_INFO, "%a: Cloud Hypervisor host bridge\n", __FUNCTION__));
-  PcdStatus = PcdSet16S (
-PcdOvmfHostBridgePciDevId,
-CLOUDHV_DEVICE_ID
-);
-  ASSERT_RETURN_ERROR (PcdStatus);
-  return;
+  break;
 default:
   DEBUG ((
 DEBUG_ERROR,
@@ -401,6 +395,11 @@ MiscInitialization (
   PcdStatus = PcdSet16S (PcdOvmfHostBridgePciDevId, 
PlatformInfoHob->HostBridgeDevId);
   ASSERT_RETURN_ERROR (PcdStatus);
 
+  if (PlatformInfoHob->HostBridgeDevId == CLOUDHV_DEVICE_ID) {
+DEBUG ((DEBUG_INFO, "%a: Cloud Hypervisor is done.\n", __FUNCTION__));
+return;
+  }
+
   //
   // If the appropriate IOspace enable bit is set, assume the ACPI PMBA has
   // been configured and skip the setup here. This matches the logic in
-- 
2.29.2.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88111): https://edk2.groups.io/g/devel/message/88111
Mute This Topic: https://groups.io/mt/90079995/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V11 19/47] OvmfPkg/PlatformPei: Move global variables to PlatformInfoHob

[Min Xu]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3863

The intention of PlatformInitLib is to extract the common function used
in OvmfPkg/PlatformPei. This lib will be used not only in PEI phase but
also in SEC phase. SEC phase cannot use global variables between
different functions. So PlatformInfoHob is created to hold the
informations shared between functions. For example, HostBridgeDevId
corespond to mHostBridgeDevId in PlatformPei.

In this patch we will first move below global variables to
PlatformInfoHob.
 - mBootMode
 - mS3Supported
 - mPhysMemAddressWidth
 - mMaxCpuCount
 - mHostBridgeDevId
 - mQ35SmramAtDefaultSmbase
 - mQemuUc32Base
 - mS3AcpiReservedMemorySize
 - mS3AcpiReservedMemoryBase

PlatformInfoHob also holds other information, for example,
PciIoBase / PciIoSize. This is because in SEC phase, PcdSetxxx
doesn't work. So we will restruct the functions which set PCDs
into two, one for PlatformInfoLib, one for PlatformPei.

So in this patch we first move global variables and PCDs to
PlatformInfoHob. All the changes are in OvmfPkg/PlatformPei.

Cc: Ard Biesheuvel 
Cc: Jordan Justen 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Cc: Sebastien Boeuf 
Acked-by: Gerd Hoffmann 
Signed-off-by: Min Xu 
---
 OvmfPkg/PlatformPei/AmdSev.c  |   8 +-
 OvmfPkg/PlatformPei/Fv.c  |   4 +-
 OvmfPkg/PlatformPei/MemDetect.c   | 210 +++---
 OvmfPkg/PlatformPei/MemTypeInfo.c |   2 +-
 OvmfPkg/PlatformPei/Platform.c| 109 
 OvmfPkg/PlatformPei/Platform.h|  45 ---
 6 files changed, 196 insertions(+), 182 deletions(-)

diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index fb7e21ec140f..385562b44c4e 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -228,7 +228,7 @@ AmdSevEsInitialize (
   //   Since the pages must survive across the UEFI to OS transition
   //   make them reserved.
   //
-  GhcbPageCount = mMaxCpuCount * 2;
+  GhcbPageCount = mPlatformInfoHob.PcdCpuMaxLogicalProcessorNumber * 2;
   GhcbBase  = AllocateReservedPages (GhcbPageCount);
   ASSERT (GhcbBase != NULL);
 
@@ -266,7 +266,7 @@ AmdSevEsInitialize (
   // Allocate #VC recursion backup pages. The number of backup pages needed is
   // one less than the maximum VC count.
   //
-  GhcbBackupPageCount = mMaxCpuCount * (VMGEXIT_MAXIMUM_VC_COUNT - 1);
+  GhcbBackupPageCount = mPlatformInfoHob.PcdCpuMaxLogicalProcessorNumber * 
(VMGEXIT_MAXIMUM_VC_COUNT - 1);
   GhcbBackupBase  = AllocatePages (GhcbBackupPageCount);
   ASSERT (GhcbBackupBase != NULL);
 
@@ -367,7 +367,7 @@ AmdSevInitialize (
   // until after re-encryption, in order to prevent an information leak to the
   // hypervisor.
   //
-  if (FeaturePcdGet (PcdSmmSmramRequire) && (mBootMode != BOOT_ON_S3_RESUME)) {
+  if (mPlatformInfoHob.SmmSmramRequire && (mPlatformInfoHob.BootMode != 
BOOT_ON_S3_RESUME)) {
 RETURN_STATUS  LocateMapStatus;
 UINTN  MapPagesBase;
 UINTN  MapPagesCount;
@@ -378,7 +378,7 @@ AmdSevInitialize (
 );
 ASSERT_RETURN_ERROR (LocateMapStatus);
 
-if (mQ35SmramAtDefaultSmbase) {
+if (mPlatformInfoHob.Q35SmramAtDefaultSmbase) {
   //
   // The initial SMRAM Save State Map has been covered as part of a larger
   // reserved memory allocation in InitializeRamRegions().
diff --git a/OvmfPkg/PlatformPei/Fv.c b/OvmfPkg/PlatformPei/Fv.c
index 8cd8cacc5913..e40c5922206b 100644
--- a/OvmfPkg/PlatformPei/Fv.c
+++ b/OvmfPkg/PlatformPei/Fv.c
@@ -37,7 +37,7 @@ PeiFvInitialization (
   BuildMemoryAllocationHob (
 PcdGet32 (PcdOvmfPeiMemFvBase),
 PcdGet32 (PcdOvmfPeiMemFvSize),
-mS3Supported ? EfiACPIMemoryNVS : EfiBootServicesData
+mPlatformInfoHob.S3Supported ? EfiACPIMemoryNVS : EfiBootServicesData
 );
 
   //
@@ -45,7 +45,7 @@ PeiFvInitialization (
   //
   BuildFvHob (PcdGet32 (PcdOvmfDxeMemFvBase), PcdGet32 (PcdOvmfDxeMemFvSize));
 
-  SecureS3Needed = mS3Supported && FeaturePcdGet (PcdSmmSmramRequire);
+  SecureS3Needed = mPlatformInfoHob.S3Supported && 
mPlatformInfoHob.SmmSmramRequire;
 
   //
   // Create a memory allocation HOB for the DXE FV.
diff --git a/OvmfPkg/PlatformPei/MemDetect.c b/OvmfPkg/PlatformPei/MemDetect.c
index e5e105f377dd..f3819b997b3b 100644
--- a/OvmfPkg/PlatformPei/MemDetect.c
+++ b/OvmfPkg/PlatformPei/MemDetect.c
@@ -37,21 +37,9 @@ Module Name:
 #include 
 #include 
 #include 
-#include 
 
 #include "Platform.h"
 
-UINT8  mPhysMemAddressWidth;
-
-STATIC UINT32  mS3AcpiReservedMemoryBase;
-STATIC UINT32  mS3AcpiReservedMemorySize;
-
-STATIC UINT16  mQ35TsegMbytes;
-
-BOOLEAN  mQ35SmramAtDefaultSmbase;
-
-UINT32  mQemuUc32Base;
-
 VOID
 Q35TsegMbytesInitialization (
   VOID
@@ -60,7 +48,7 @@ Q35TsegMbytesInitialization (
   UINT16 ExtendedTsegMbytes;
   RETURN_STATUS  PcdStatus;
 
-  ASSERT (mHostBridgeDevId == INTEL_Q35_MCH_DEVICE_ID);
+  ASSERT 

[edk2-devel] [PATCH V11 18/47] OvmfPkg/PlatformInitLib: Add hob functions

[Min Xu]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3863

In this patch of PlatformInitLib, below hob functions are introduced:
 - PlatformAddIoMemoryBaseSizeHob
 - PlatformAddIoMemoryRangeHob
 - PlatformAddMemoryBaseSizeHob
 - PlatformAddMemoryRangeHob
 - PlatformAddReservedMemoryBaseSizeHob

They correspond the below functions in OvmfPkg/PlatformPei:
 - AddIoMemoryBaseSizeHob
 - AddIoMemoryRangeHob
 - AddMemoryBaseSizeHob
 - AddMemoryRangeHob
 - AddReservedMemoryBaseSizeHob

After above hob functions are introduced in PlatformInitLib,
OvmfPkg/PlatformPei is refactored with this library.

Cc: Ard Biesheuvel 
Cc: Jordan Justen 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Acked-by: Gerd Hoffmann 
Signed-off-by: Min Xu 
---
 OvmfPkg/Include/Library/PlatformInitLib.h |  36 ++
 OvmfPkg/Library/PlatformInitLib/Platform.c| 106 ++
 .../PlatformInitLib/PlatformInitLib.inf   |   2 +
 OvmfPkg/PlatformPei/MemDetect.c   |  20 ++--
 OvmfPkg/PlatformPei/Platform.c| 101 ++---
 OvmfPkg/PlatformPei/Platform.h|  31 -
 6 files changed, 165 insertions(+), 131 deletions(-)
 create mode 100644 OvmfPkg/Library/PlatformInitLib/Platform.c

diff --git a/OvmfPkg/Include/Library/PlatformInitLib.h 
b/OvmfPkg/Include/Library/PlatformInitLib.h
index 2ebac5ccb013..9b99d4c1f514 100644
--- a/OvmfPkg/Include/Library/PlatformInitLib.h
+++ b/OvmfPkg/Include/Library/PlatformInitLib.h
@@ -96,4 +96,40 @@ PlatformDebugDumpCmos (
   VOID
   );
 
+VOID
+EFIAPI
+PlatformAddIoMemoryBaseSizeHob (
+  IN EFI_PHYSICAL_ADDRESS  MemoryBase,
+  IN UINT64MemorySize
+  );
+
+VOID
+EFIAPI
+PlatformAddIoMemoryRangeHob (
+  IN EFI_PHYSICAL_ADDRESS  MemoryBase,
+  IN EFI_PHYSICAL_ADDRESS  MemoryLimit
+  );
+
+VOID
+EFIAPI
+PlatformAddMemoryBaseSizeHob (
+  IN EFI_PHYSICAL_ADDRESS  MemoryBase,
+  IN UINT64MemorySize
+  );
+
+VOID
+EFIAPI
+PlatformAddMemoryRangeHob (
+  IN EFI_PHYSICAL_ADDRESS  MemoryBase,
+  IN EFI_PHYSICAL_ADDRESS  MemoryLimit
+  );
+
+VOID
+EFIAPI
+PlatformAddReservedMemoryBaseSizeHob (
+  IN EFI_PHYSICAL_ADDRESS  MemoryBase,
+  IN UINT64MemorySize,
+  IN BOOLEAN   Cacheable
+  );
+
 #endif // PLATFORM_INIT_LIB_H_
diff --git a/OvmfPkg/Library/PlatformInitLib/Platform.c 
b/OvmfPkg/Library/PlatformInitLib/Platform.c
new file mode 100644
index ..e41f230ff563
--- /dev/null
+++ b/OvmfPkg/Library/PlatformInitLib/Platform.c
@@ -0,0 +1,106 @@
+/**@file
+
+  Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.
+  Copyright (c) 2011, Andrei Warkentin 
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+//
+// The package level header files this module uses
+//
+#include 
+
+//
+// The Library classes this module consumes
+//
+#include 
+#include 
+#include 
+#include 
+#include 
+
+VOID
+EFIAPI
+PlatformAddIoMemoryBaseSizeHob (
+  IN EFI_PHYSICAL_ADDRESS  MemoryBase,
+  IN UINT64MemorySize
+  )
+{
+  BuildResourceDescriptorHob (
+EFI_RESOURCE_MEMORY_MAPPED_IO,
+EFI_RESOURCE_ATTRIBUTE_PRESENT |
+EFI_RESOURCE_ATTRIBUTE_INITIALIZED |
+EFI_RESOURCE_ATTRIBUTE_UNCACHEABLE |
+EFI_RESOURCE_ATTRIBUTE_TESTED,
+MemoryBase,
+MemorySize
+);
+}
+
+VOID
+EFIAPI
+PlatformAddReservedMemoryBaseSizeHob (
+  IN EFI_PHYSICAL_ADDRESS  MemoryBase,
+  IN UINT64MemorySize,
+  IN BOOLEAN   Cacheable
+  )
+{
+  BuildResourceDescriptorHob (
+EFI_RESOURCE_MEMORY_RESERVED,
+EFI_RESOURCE_ATTRIBUTE_PRESENT |
+EFI_RESOURCE_ATTRIBUTE_INITIALIZED |
+EFI_RESOURCE_ATTRIBUTE_UNCACHEABLE |
+(Cacheable ?
+ EFI_RESOURCE_ATTRIBUTE_WRITE_COMBINEABLE |
+ EFI_RESOURCE_ATTRIBUTE_WRITE_THROUGH_CACHEABLE |
+ EFI_RESOURCE_ATTRIBUTE_WRITE_BACK_CACHEABLE :
+ 0
+) |
+EFI_RESOURCE_ATTRIBUTE_TESTED,
+MemoryBase,
+MemorySize
+);
+}
+
+VOID
+EFIAPI
+PlatformAddIoMemoryRangeHob (
+  IN EFI_PHYSICAL_ADDRESS  MemoryBase,
+  IN EFI_PHYSICAL_ADDRESS  MemoryLimit
+  )
+{
+  PlatformAddIoMemoryBaseSizeHob (MemoryBase, (UINT64)(MemoryLimit - 
MemoryBase));
+}
+
+VOID
+EFIAPI
+PlatformAddMemoryBaseSizeHob (
+  IN EFI_PHYSICAL_ADDRESS  MemoryBase,
+  IN UINT64MemorySize
+  )
+{
+  BuildResourceDescriptorHob (
+EFI_RESOURCE_SYSTEM_MEMORY,
+EFI_RESOURCE_ATTRIBUTE_PRESENT |
+EFI_RESOURCE_ATTRIBUTE_INITIALIZED |
+EFI_RESOURCE_ATTRIBUTE_UNCACHEABLE |
+EFI_RESOURCE_ATTRIBUTE_WRITE_COMBINEABLE |
+EFI_RESOURCE_ATTRIBUTE_WRITE_THROUGH_CACHEABLE |
+EFI_RESOURCE_ATTRIBUTE_WRITE_BACK_CACHEABLE |
+EFI_RESOURCE_ATTRIBUTE_TESTED,
+MemoryBase,
+MemorySize
+);
+}
+
+VOID
+EFIAPI
+PlatformAddMemoryRangeHob (
+  IN EFI_PHYSICAL_ADDRESS  MemoryBase,
+  IN EFI_PHYSICAL_ADDRESS  MemoryLimit
+  )
+{
+  PlatformAddMemoryBaseSizeHob (MemoryBase, (UINT64)(MemoryLimit - 
MemoryBase));
+}
diff --git 

[edk2-devel] [PATCH V11 17/47] OvmfPkg: Create initial version of PlatformInitLib

[Min Xu]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3863

There are 3 variants of PlatformPei in OvmfPkg:
 - OvmfPkg/PlatformPei
 - OvmfPkg/XenPlatformPei
 - OvmfPkg/Bhyve/PlatformPei/PlatformPei.inf
These PlatformPeis can share many common codes, such as
Cmos / Hob / Memory / Platform related functions. This commit
(and its following several patches) are to create a PlatformInitLib
which wraps the common code called in above PlatformPeis.

In this initial version of PlatformInitLib, below Cmos related functions
are introduced:
 - PlatformCmosRead8
 - PlatformCmosWrite8
 - PlatformDebugDumpCmos

They correspond to the functions in OvmfPkg/PlatformPei:
 - CmosRead8
 - CmosWrite8
 - DebugDumpCmos

Considering this PlatformInitLib will be used in SEC phase, global
variables and dynamic PCDs are avoided. We use PlatformInfoHob
to exchange information between functions.

EFI_HOB_PLATFORM_INFO is the data struct which contains the platform
information, such as HostBridgeDevId, BootMode, S3Supported,
SmmSmramRequire, etc.

After PlatformInitLib is created, OvmfPkg/PlatformPei is refactored
with this library.

Cc: Ard Biesheuvel 
Cc: Jordan Justen 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Acked-by: Gerd Hoffmann 
Signed-off-by: Min Xu 
---
 OvmfPkg/AmdSev/AmdSevX64.dsc  |  1 +
 OvmfPkg/CloudHv/CloudHvX64.dsc|  1 +
 OvmfPkg/Include/Library/PlatformInitLib.h | 99 +++
 .../PlatformInitLib}/Cmos.c   | 32 +-
 .../PlatformInitLib/PlatformInitLib.inf   | 36 +++
 OvmfPkg/Microvm/MicrovmX64.dsc|  1 +
 OvmfPkg/OvmfPkg.dec   |  4 +
 OvmfPkg/OvmfPkgIa32.dsc   |  1 +
 OvmfPkg/OvmfPkgIa32X64.dsc|  1 +
 OvmfPkg/OvmfPkgX64.dsc|  1 +
 OvmfPkg/PlatformPei/Cmos.h| 48 -
 OvmfPkg/PlatformPei/MemDetect.c   |  8 +-
 OvmfPkg/PlatformPei/Platform.c| 29 +-
 OvmfPkg/PlatformPei/PlatformPei.inf   |  3 +-
 14 files changed, 183 insertions(+), 82 deletions(-)
 create mode 100644 OvmfPkg/Include/Library/PlatformInitLib.h
 rename OvmfPkg/{PlatformPei => Library/PlatformInitLib}/Cmos.c (61%)
 create mode 100644 OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
 delete mode 100644 OvmfPkg/PlatformPei/Cmos.h

diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index fd56176796d5..785049c88962 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -280,6 +280,7 @@
 !include OvmfPkg/OvmfTpmLibsPeim.dsc.inc
 
   MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
+  PlatformInitLib|OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
 
 [LibraryClasses.common.DXE_CORE]
   HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf
diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc
index b4d855d80f56..b8a82380202c 100644
--- a/OvmfPkg/CloudHv/CloudHvX64.dsc
+++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
@@ -307,6 +307,7 @@
 !include OvmfPkg/OvmfTpmLibsPeim.dsc.inc
 
   MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
+  PlatformInitLib|OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
 
 [LibraryClasses.common.DXE_CORE]
   HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf
diff --git a/OvmfPkg/Include/Library/PlatformInitLib.h 
b/OvmfPkg/Include/Library/PlatformInitLib.h
new file mode 100644
index ..2ebac5ccb013
--- /dev/null
+++ b/OvmfPkg/Include/Library/PlatformInitLib.h
@@ -0,0 +1,99 @@
+/** @file
+  PlatformInitLib header file.
+
+  Copyright (c) 2021, Intel Corporation. All rights reserved.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef PLATFORM_INIT_LIB_H_
+#define PLATFORM_INIT_LIB_H_
+
+#include 
+
+#pragma pack(1)
+typedef struct {
+  EFI_HOB_GUID_TYPEGuidHeader;
+  UINT16   HostBridgeDevId;
+
+  UINT64   PcdConfidentialComputingGuestAttr;
+  BOOLEAN  SevEsIsEnabled;
+
+  UINT32   BootMode;
+  BOOLEAN  S3Supported;
+
+  BOOLEAN  SmmSmramRequire;
+  BOOLEAN  Q35SmramAtDefaultSmbase;
+  UINT16   Q35TsegMbytes;
+
+  UINT64   FirstNonAddress;
+  UINT8PhysMemAddressWidth;
+  UINT32   Uc32Base;
+  UINT32   Uc32Size;
+
+  BOOLEAN  PcdSetNxForStack;
+  UINT64   PcdTdxSharedBitMask;
+
+  UINT64   PcdPciMmio64Base;
+  UINT64   PcdPciMmio64Size;
+  UINT32   PcdPciMmio32Base;
+  UINT32   PcdPciMmio32Size;
+  UINT64   PcdPciIoBase;
+  UINT64   PcdPciIoSize;
+
+  UINT64   PcdEmuVariableNvStoreReserved;
+  UINT32   PcdCpuBootLogicalProcessorNumber;
+  UINT32   PcdCpuMaxLogicalProcessorNumber;
+  UINT32   

[edk2-devel] [PATCH V11 15/47] OvmfPkg: Add IntelTdx.h in OvmfPkg/Include/IndustryStandard

[Min Xu]

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

IntelTdx.h defines the defition used by TDX in OvmfPkg:
 - Mailbox related defitions,such as the data structure, command code,
   AP relocation defitions.

See Table 5.44 Multiprocessor Wakeup Mailbox Structure in below link.
https://uefi.org/specs/ACPI/6.4/05_ACPI_Software_Programming_Model/
ACPI_Software_Programming_Model.html#multiprocessor-wakeup-structure

Cc: Ard Biesheuvel 
Cc: Jordan Justen 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Acked-by: Gerd Hoffmann 
Signed-off-by: Min Xu 
---
 OvmfPkg/Include/IndustryStandard/IntelTdx.h | 67 +
 1 file changed, 67 insertions(+)
 create mode 100644 OvmfPkg/Include/IndustryStandard/IntelTdx.h

diff --git a/OvmfPkg/Include/IndustryStandard/IntelTdx.h 
b/OvmfPkg/Include/IndustryStandard/IntelTdx.h
new file mode 100644
index ..cc849be2fb59
--- /dev/null
+++ b/OvmfPkg/Include/IndustryStandard/IntelTdx.h
@@ -0,0 +1,67 @@
+/** @file
+  Defines the defitions used by TDX in OvmfPkg.
+
+  Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef OVMF_INTEL_TDX_H_
+#define OVMF_INTEL_TDX_H_
+
+#include 
+#include 
+#include 
+#include 
+
+#define MP_CPU_PROTECTED_MODE_MAILBOX_APICID_INVALID0x
+#define MP_CPU_PROTECTED_MODE_MAILBOX_APICID_BROADCAST  0xFFFE
+
+typedef enum {
+  MpProtectedModeWakeupCommandNoop= 0,
+  MpProtectedModeWakeupCommandWakeup  = 1,
+  MpProtectedModeWakeupCommandSleep   = 2,
+  MpProtectedModeWakeupCommandAcceptPages = 3,
+} MP_CPU_PROTECTED_MODE_WAKEUP_CMD;
+
+#pragma pack(1)
+
+//
+// Describes the CPU MAILBOX control structure use to
+// wakeup cpus spinning in long mode
+//
+typedef struct {
+  UINT16Command;
+  UINT16Resv;
+  UINT32ApicId;
+  UINT64WakeUpVector;
+  UINT8 ResvForOs[2032];
+  //
+  // Arguments available for wakeup code
+  //
+  UINT64WakeUpArgs1;
+  UINT64WakeUpArgs2;
+  UINT64WakeUpArgs3;
+  UINT64WakeUpArgs4;
+  UINT8 Pad1[0xe0];
+  UINT64NumCpusArriving;
+  UINT8 Pad2[0xf8];
+  UINT64NumCpusExiting;
+  UINT32Tallies[256];
+  UINT8 Errors[256];
+  UINT8 Pad3[0xf8];
+} MP_WAKEUP_MAILBOX;
+
+//
+// AP relocation code information including code address and size,
+// this structure will be shared be C code and assembly code.
+// It is natural aligned by design.
+//
+typedef struct {
+  UINT8*RelocateApLoopFuncAddress;
+  UINTNRelocateApLoopFuncSize;
+} MP_RELOCATION_MAP;
+
+#pragma pack()
+
+#endif
-- 
2.29.2.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88105): https://edk2.groups.io/g/devel/message/88105
Mute This Topic: https://groups.io/mt/90079989/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V11 16/47] OvmfPkg: Add TdxMailboxLib

[Min Xu]

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

In Tdx BSP may issues commands to APs for some task, for example, to
accept pages paralelly. BSP also need to wait until all the APs have
done the task. TdxMailboxLib wraps these common funtions for BSP.

Cc: Ard Biesheuvel 
Cc: Jordan Justen 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Acked-by: Gerd Hoffmann 
Signed-off-by: Min Xu 
---
 OvmfPkg/Include/Library/TdxMailboxLib.h   |  76 ++
 OvmfPkg/Library/TdxMailboxLib/TdxMailbox.c| 141 ++
 .../Library/TdxMailboxLib/TdxMailboxLib.inf   |  52 +++
 .../Library/TdxMailboxLib/TdxMailboxNull.c|  85 +++
 OvmfPkg/OvmfPkg.dec   |   4 +
 5 files changed, 358 insertions(+)
 create mode 100644 OvmfPkg/Include/Library/TdxMailboxLib.h
 create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailbox.c
 create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf
 create mode 100644 OvmfPkg/Library/TdxMailboxLib/TdxMailboxNull.c

diff --git a/OvmfPkg/Include/Library/TdxMailboxLib.h 
b/OvmfPkg/Include/Library/TdxMailboxLib.h
new file mode 100644
index ..166cab43bc02
--- /dev/null
+++ b/OvmfPkg/Include/Library/TdxMailboxLib.h
@@ -0,0 +1,76 @@
+/** @file
+
+  Copyright (c) 2021, Intel Corporation. All rights reserved.
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef TDX_MAILBOX_LIB_H_
+#define TDX_MAILBOX_LIB_H_
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+/**
+  This function will be called by BSP to get the CPU number.
+
+  @retval   CPU number
+**/
+UINT32
+EFIAPI
+GetCpusNum (
+  VOID
+  );
+
+/**
+  Get the address of Td mailbox.
+**/
+volatile VOID *
+EFIAPI
+GetTdxMailBox (
+  VOID
+  );
+
+/**
+  This function will be called by BSP to wakeup APs the are spinning on mailbox
+  in protected mode
+
+  @param[in] Command  Command to send APs
+  @param[in] WakeupVector If used, address for APs to start executing
+  @param[in] WakeArgsXArgs to pass to APs for excuting commands
+**/
+VOID
+EFIAPI
+MpSendWakeupCommand (
+  IN UINT16  Command,
+  IN UINT64  WakeupVector,
+  IN UINT64  WakeupArgs1,
+  IN UINT64  WakeupArgs2,
+  IN UINT64  WakeupArgs3,
+  IN UINT64  WakeupArgs4
+  );
+
+/**
+  BSP wait until all the APs arriving. It means the task triggered by BSP is 
started.
+**/
+VOID
+EFIAPI
+MpSerializeStart (
+  VOID
+  );
+
+/**
+  BSP wait until all the APs arriving. It means the task triggered by BSP is 
ended.
+**/
+VOID
+EFIAPI
+MpSerializeEnd (
+  VOID
+  );
+
+#endif
diff --git a/OvmfPkg/Library/TdxMailboxLib/TdxMailbox.c 
b/OvmfPkg/Library/TdxMailboxLib/TdxMailbox.c
new file mode 100644
index ..74cb55611fe3
--- /dev/null
+++ b/OvmfPkg/Library/TdxMailboxLib/TdxMailbox.c
@@ -0,0 +1,141 @@
+/** @file
+
+  Copyright (c) 2008, Intel Corporation. All rights reserved.
+  (C) Copyright 2016 Hewlett Packard Enterprise Development LP
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+volatile VOID  *mMailBox  = NULL;
+UINT32 mNumOfCpus = 0;
+
+/**
+  This function will be called by BSP to get the CPU number.
+
+  @retval   CPU number
+**/
+UINT32
+EFIAPI
+GetCpusNum (
+  VOID
+  )
+{
+  if (mNumOfCpus == 0) {
+mNumOfCpus = TdVCpuNum ();
+  }
+
+  return mNumOfCpus;
+}
+
+/**
+  Get the address of Td mailbox.
+**/
+volatile VOID *
+EFIAPI
+GetTdxMailBox (
+  VOID
+  )
+{
+  if (mMailBox == NULL) {
+mMailBox = (VOID *)(UINTN)PcdGet32 (PcdOvmfSecGhcbBackupBase);
+  }
+
+  return mMailBox;
+}
+
+/**
+  This function will be called by BSP to wakeup APs the are spinning on mailbox
+  in protected mode
+
+  @param[in] Command  Command to send APs
+  @param[in] WakeupVector If used, address for APs to start executing
+  @param[in] WakeArgsXArgs to pass to APs for excuting commands
+**/
+VOID
+EFIAPI
+MpSendWakeupCommand (
+  IN UINT16  Command,
+  IN UINT64  WakeupVector,
+  IN UINT64  WakeupArgs1,
+  IN UINT64  WakeupArgs2,
+  IN UINT64  WakeupArgs3,
+  IN UINT64  WakeupArgs4
+  )
+{
+  volatile MP_WAKEUP_MAILBOX  *MailBox;
+
+  MailBox   = (volatile MP_WAKEUP_MAILBOX *)GetTdxMailBox ();
+  MailBox->ApicId   = MP_CPU_PROTECTED_MODE_MAILBOX_APICID_INVALID;
+  MailBox->WakeUpVector = 0;
+  MailBox->Command  = MpProtectedModeWakeupCommandNoop;
+  MailBox->ApicId   = MP_CPU_PROTECTED_MODE_MAILBOX_APICID_BROADCAST;
+  MailBox->WakeUpVector = WakeupVector;
+  MailBox->WakeUpArgs1  = WakeupArgs1;
+  MailBox->WakeUpArgs2  = WakeupArgs2;
+  MailBox->WakeUpArgs3  = WakeupArgs3;
+  MailBox->WakeUpArgs4  = WakeupArgs4;
+  AsmCpuid (0x01, NULL, NULL, NULL, NULL);
+  MailBox->Command = Command;
+  AsmCpuid (0x01, NULL, NULL, NULL, NULL);
+  return;
+}
+
+/**
+  BSP wait until all the APs arriving. It means the task triggered by BSP 

[edk2-devel] [PATCH V11 14/47] UefiCpuPkg: Enable Tdx support in MpInitLib

[Min Xu]

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

In TDVF BSP and APs are simplified. BSP is the vCPU-0, while the others
are treated as APs.

So MP intialization is rather simple. The processor info is retrieved by
TDCALL, ApWorker is not supported, BSP is always the working processor,
while the APs are just in a wait-for-precedure state.

Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Eric Dong 
Cc: Ray Ni 
Cc: Rahul Kumar 
Cc: Gerd Hoffmann 
Acked-by: Gerd Hoffmann 
Signed-off-by: Min Xu 
---
 UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf |   3 +
 UefiCpuPkg/Library/MpInitLib/MpIntelTdx.h |  71 +++
 UefiCpuPkg/Library/MpInitLib/MpLib.c  |  63 +-
 UefiCpuPkg/Library/MpInitLib/MpLibTdx.c   | 116 ++
 UefiCpuPkg/Library/MpInitLib/MpLibTdxNull.c   |  73 +++
 UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf |   3 +
 6 files changed, 324 insertions(+), 5 deletions(-)
 create mode 100644 UefiCpuPkg/Library/MpInitLib/MpIntelTdx.h
 create mode 100644 UefiCpuPkg/Library/MpInitLib/MpLibTdx.c
 create mode 100644 UefiCpuPkg/Library/MpInitLib/MpLibTdxNull.c

diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf 
b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
index e1cd0b350008..159b4d16ed0e 100644
--- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
+++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
@@ -24,10 +24,12 @@
 [Sources.IA32]
   Ia32/AmdSev.c
   Ia32/MpFuncs.nasm
+  MpLibTdxNull.c
 
 [Sources.X64]
   X64/AmdSev.c
   X64/MpFuncs.nasm
+  MpLibTdx.c
 
 [Sources.common]
   AmdSev.c
@@ -36,6 +38,7 @@
   MpLib.c
   MpLib.h
   Microcode.c
+  MpIntelTdx.h
 
 [Packages]
   MdePkg/MdePkg.dec
diff --git a/UefiCpuPkg/Library/MpInitLib/MpIntelTdx.h 
b/UefiCpuPkg/Library/MpInitLib/MpIntelTdx.h
new file mode 100644
index ..b2136f466ce6
--- /dev/null
+++ b/UefiCpuPkg/Library/MpInitLib/MpIntelTdx.h
@@ -0,0 +1,71 @@
+/** @file
+  Intel Tdx header file.
+
+  Copyright (c) 2021, Intel Corporation. All rights reserved.
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef MP_INTEL_TDX_H_
+#define MP_INTEL_TDX_H_
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+/**
+  Gets detailed MP-related information on the requested processor at the
+  instant this call is made. This service may only be called from the BSP.
+
+  @param[in]  ProcessorNumber   The handle number of processor.
+  @param[out] ProcessorInfoBuffer   A pointer to the buffer where information 
for
+the requested processor is deposited.
+  @param[out]  HealthDataReturn processor health data.
+
+  @retval EFI_SUCCESS Processor information was returned.
+  @retval EFI_DEVICE_ERRORThe calling processor is an AP.
+  @retval EFI_INVALID_PARAMETER   ProcessorInfoBuffer is NULL.
+  @retval EFI_NOT_FOUND   The processor with the handle specified by
+  ProcessorNumber does not exist in the 
platform.
+  @retval EFI_NOT_READY   MP Initialize Library is not initialized.
+
+**/
+EFI_STATUS
+EFIAPI
+TdxMpInitLibGetProcessorInfo (
+  IN  UINTN  ProcessorNumber,
+  OUT EFI_PROCESSOR_INFORMATION  *ProcessorInfoBuffer,
+  OUT EFI_HEALTH_FLAGS   *HealthData  OPTIONAL
+  );
+
+/**
+  Retrieves the number of logical processor in the platform and the number of
+  those logical processors that are enabled on this boot. This service may only
+  be called from the BSP.
+
+  @param[out] NumberOfProcessors  Pointer to the total number of 
logical
+  processors in the system, including 
the BSP
+  and disabled APs.
+  @param[out] NumberOfEnabledProcessors   Pointer to the number of enabled 
logical
+  processors that exist in system, 
including
+  the BSP.
+
+  @retval EFI_SUCCESS The number of logical processors and enabled
+  logical processors was retrieved.
+  @retval EFI_DEVICE_ERRORThe calling processor is an AP.
+  @retval EFI_INVALID_PARAMETER   NumberOfProcessors is NULL and 
NumberOfEnabledProcessors
+  is NULL.
+  @retval EFI_NOT_READY   MP Initialize Library is not initialized.
+
+**/
+EFI_STATUS
+EFIAPI
+TdxMpInitLibGetNumberOfProcessors (
+  OUT UINTN *NumberOfProcessors, OPTIONAL
+  OUT UINTN *NumberOfEnabledProcessors OPTIONAL
+  );
+
+#endif
diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c 
b/UefiCpuPkg/Library/MpInitLib/MpLib.c
index 4a73787ee43a..91c7afaeb2ad 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
@@ -9,9 +9,11 @@
 **/
 
 #include "MpLib.h"
+#include "MpIntelTdx.h"
 #include 
 #include 
 #include 
+#include 
 
 EFI_GUID  mCpuInitMpLibHobGuid = 

[edk2-devel] [PATCH V11 13/47] MdePkg: Add macro to check SEV / TDX guest

[Min Xu]

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

Add macros CC_GUEST_IS_SEV / CC_GUEST_IS_TDX to check SEV / TDX guest.

Cc: Michael Roth 
Cc: Ray Ni 
Cc: Rahul Kumar 
Cc: Eric Dong 
Cc: James Bottomley 
Cc: Min Xu 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Jordan Justen 
Cc: Ard Biesheuvel 
Cc: Erdem Aktas 
Cc: Gerd Hoffmann 
Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 
Acked-by: Gerd Hoffmann 
Reviewed-by: Liming Gao 
Signed-off-by: Min Xu 
---
 MdePkg/Include/ConfidentialComputingGuestAttr.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/MdePkg/Include/ConfidentialComputingGuestAttr.h 
b/MdePkg/Include/ConfidentialComputingGuestAttr.h
index 6a1301801519..dd2541c6dcdf 100644
--- a/MdePkg/Include/ConfidentialComputingGuestAttr.h
+++ b/MdePkg/Include/ConfidentialComputingGuestAttr.h
@@ -22,4 +22,7 @@ typedef enum {
   CCAttrIntelTdx = 0x200,
 } CONFIDENTIAL_COMPUTING_GUEST_ATTR;
 
+#define CC_GUEST_IS_TDX(x)  ((x) == CCAttrIntelTdx)
+#define CC_GUEST_IS_SEV(x)  ((x) == CCAttrAmdSev || (x) == CCAttrAmdSevEs || 
(x) == CCAttrAmdSevSnp)
+
 #endif
-- 
2.29.2.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88103): https://edk2.groups.io/g/devel/message/88103
Mute This Topic: https://groups.io/mt/90079987/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V11 12/47] UefiCpuPkg: Support TDX in BaseXApicX2ApicLib

[Min Xu]

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

MSR is accessed in BaseXApicX2ApicLib. In TDX some MSRs are accessed
directly from/to CPU. Some should be accessed via explicit requests
from the host VMM using TDCALL(TDG.VP.VMCALL). This is done by the
help of TdxLib.

Please refer to [TDX] Section 18.1
TDX: https://software.intel.com/content/dam/develop/external/us/en/
documents/tdx-module-1.0-public-spec-v0.931.pdf

Cc: Eric Dong 
Cc: Ray Ni 
Cc: Rahul Kumar 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Acked-by: Gerd Hoffmann 
Reviewed-by: Ray Ni 
Signed-off-by: Min Xu 
---
 .../BaseXApicX2ApicLib/BaseXApicX2ApicLib.c   | 160 +-
 1 file changed, 152 insertions(+), 8 deletions(-)

diff --git a/UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.c 
b/UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.c
index aaa42ff8450b..2d17177df12b 100644
--- a/UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.c
+++ b/UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.c
@@ -23,11 +23,155 @@
 #include 
 #include 
 #include 
+#include 
 
 //
 // Library internal functions
 //
 
+/**
+  Some MSRs in TDX are accessed via TdCall.
+  Some are directly read/write from/to CPU.
+
+  @param  MsrIndex  Index of the MSR
+  @retval TRUE  MSR accessed via TdCall.
+  @retval FALSE MSR accessed not via TdCall.
+
+**/
+BOOLEAN
+AccessMsrTdxCall (
+  IN UINT32  MsrIndex
+  )
+{
+  if (!TdIsEnabled ()) {
+return FALSE;
+  }
+
+  switch (MsrIndex) {
+case MSR_IA32_X2APIC_TPR:
+case MSR_IA32_X2APIC_PPR:
+case MSR_IA32_X2APIC_EOI:
+case MSR_IA32_X2APIC_ISR0:
+case MSR_IA32_X2APIC_ISR1:
+case MSR_IA32_X2APIC_ISR2:
+case MSR_IA32_X2APIC_ISR3:
+case MSR_IA32_X2APIC_ISR4:
+case MSR_IA32_X2APIC_ISR5:
+case MSR_IA32_X2APIC_ISR6:
+case MSR_IA32_X2APIC_ISR7:
+case MSR_IA32_X2APIC_TMR0:
+case MSR_IA32_X2APIC_TMR1:
+case MSR_IA32_X2APIC_TMR2:
+case MSR_IA32_X2APIC_TMR3:
+case MSR_IA32_X2APIC_TMR4:
+case MSR_IA32_X2APIC_TMR5:
+case MSR_IA32_X2APIC_TMR6:
+case MSR_IA32_X2APIC_TMR7:
+case MSR_IA32_X2APIC_IRR0:
+case MSR_IA32_X2APIC_IRR1:
+case MSR_IA32_X2APIC_IRR2:
+case MSR_IA32_X2APIC_IRR3:
+case MSR_IA32_X2APIC_IRR4:
+case MSR_IA32_X2APIC_IRR5:
+case MSR_IA32_X2APIC_IRR6:
+case MSR_IA32_X2APIC_IRR7:
+  return FALSE;
+default:
+  break;
+  }
+
+  return TRUE;
+}
+
+/**
+  Read MSR value.
+
+  @param  MsrIndex  Index of the MSR to read
+  @retval 64-bitValue of MSR.
+
+**/
+UINT64
+LocalApicReadMsrReg64 (
+  IN UINT32  MsrIndex
+  )
+{
+  UINT64  Val;
+  UINT64  Status;
+
+  if (AccessMsrTdxCall (MsrIndex)) {
+Status = TdVmCall (TDVMCALL_RDMSR, (UINT64)MsrIndex, 0, 0, 0, );
+if (Status != 0) {
+  TdVmCall (TDVMCALL_HALT, 0, 0, 0, 0, 0);
+}
+  } else {
+Val = AsmReadMsr64 (MsrIndex);
+  }
+
+  return Val;
+}
+
+/**
+  Write to MSR.
+
+  @param  MsrIndex  Index of the MSR to write to
+  @param  Value Value to be written to the MSR
+
+  @return Value
+
+**/
+UINT64
+LocalApicWriteMsrReg64 (
+  IN UINT32  MsrIndex,
+  IN UINT64  Value
+  )
+{
+  UINT64  Status;
+
+  if (AccessMsrTdxCall (MsrIndex)) {
+Status = TdVmCall (TDVMCALL_WRMSR, (UINT64)MsrIndex, Value, 0, 0, 0);
+if (Status != 0) {
+  TdVmCall (TDVMCALL_HALT, 0, 0, 0, 0, 0);
+}
+  } else {
+AsmWriteMsr64 (MsrIndex, Value);
+  }
+
+  return Value;
+}
+
+/**
+  Read MSR value.
+
+  @param  MsrIndex  Index of the MSR to read
+  @retval 32-bitValue of MSR.
+
+**/
+UINT32
+LocalApicReadMsrReg32 (
+  IN UINT32  MsrIndex
+  )
+{
+  return (UINT32)LocalApicReadMsrReg64 (MsrIndex);
+}
+
+/**
+  Write to MSR.
+
+  @param  MsrIndex  Index of the MSR to write to
+  @param  Value Value to be written to the MSR
+
+  @return Value
+
+**/
+UINT32
+LocalApicWriteMsrReg32 (
+  IN UINT32  MsrIndex,
+  IN UINT32  Value
+  )
+{
+  return (UINT32)LocalApicWriteMsrReg64 (MsrIndex, Value);
+}
+
 /**
   Determine if the CPU supports the Local APIC Base Address MSR.
 
@@ -78,7 +222,7 @@ GetLocalApicBaseAddress (
 return PcdGet32 (PcdCpuLocalApicBaseAddress);
   }
 
-  ApicBaseMsr.Uint64 = AsmReadMsr64 (MSR_IA32_APIC_BASE);
+  ApicBaseMsr.Uint64 = LocalApicReadMsrReg64 (MSR_IA32_APIC_BASE);
 
   return (UINTN)(LShiftU64 ((UINT64)ApicBaseMsr.Bits.ApicBaseHi, 32)) +
  (((UINTN)ApicBaseMsr.Bits.ApicBase) << 12);
@@ -109,12 +253,12 @@ SetLocalApicBaseAddress (
 return;
   }
 
-  ApicBaseMsr.Uint64 = AsmReadMsr64 (MSR_IA32_APIC_BASE);
+  ApicBaseMsr.Uint64 = LocalApicReadMsrReg64 (MSR_IA32_APIC_BASE);
 
   ApicBaseMsr.Bits.ApicBase   = (UINT32)(BaseAddress >> 12);
   ApicBaseMsr.Bits.ApicBaseHi = (UINT32)(RShiftU64 ((UINT64)BaseAddress, 32));
 
-  AsmWriteMsr64 (MSR_IA32_APIC_BASE, ApicBaseMsr.Uint64);
+  LocalApicWriteMsrReg64 (MSR_IA32_APIC_BASE, ApicBaseMsr.Uint64);
 }
 
 /**
@@ -154,7 +298,7 @@ ReadLocalApicReg (

[edk2-devel] [PATCH V11 11/47] MdePkg: Support IoRead/IoWrite for Tdx guest in BaseIoLibIntrinsic

[Min Xu]

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

This commit supports IoRead/IoWrite for SEV/TDX/Legacy guest in one
binary. It checks the guest type in runtime and then call corresponding
functions.

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Acked-by: Gerd Hoffmann 
Reviewed-by: Liming Gao 
Signed-off-by: Min Xu 
---
 MdePkg/Library/BaseIoLibIntrinsic/IoLibGcc.c | 51 --
 MdePkg/Library/BaseIoLibIntrinsic/IoLibMsc.c | 73 +++-
 2 files changed, 99 insertions(+), 25 deletions(-)

diff --git a/MdePkg/Library/BaseIoLibIntrinsic/IoLibGcc.c 
b/MdePkg/Library/BaseIoLibIntrinsic/IoLibGcc.c
index 5c791289c469..05a739085967 100644
--- a/MdePkg/Library/BaseIoLibIntrinsic/IoLibGcc.c
+++ b/MdePkg/Library/BaseIoLibIntrinsic/IoLibGcc.c
@@ -16,6 +16,7 @@
 **/
 
 #include "BaseIoLibIntrinsicInternal.h"
+#include "IoLibTdx.h"
 
 /**
   Reads an 8-bit I/O port.
@@ -24,7 +25,9 @@
   This function must guarantee that all I/O read and write operations are
   serialized.
 
-  If 8-bit I/O port operations are not supported, then ASSERT().
+  If 8-bit I/O port operations are not supported, then ASSERT()
+
+  For Td guest TDVMCALL_IO is invoked to read I/O port.
 
   @param  Port  The I/O port to read.
 
@@ -42,7 +45,11 @@ IoRead8 (
 
   Flag = FilterBeforeIoRead (FilterWidth8, Port, );
   if (Flag) {
-__asm__ __volatile__ ("inb %w1,%b0" : "=a" (Data) : "d" ((UINT16)Port));
+if (IsTdxGuest ()) {
+  Data = TdIoRead8 (Port);
+} else {
+  __asm__ __volatile__ ("inb %w1,%b0" : "=a" (Data) : "d" ((UINT16)Port));
+}
   }
 
   FilterAfterIoRead (FilterWidth8, Port, );
@@ -59,6 +66,8 @@ IoRead8 (
 
   If 8-bit I/O port operations are not supported, then ASSERT().
 
+  For Td guest TDVMCALL_IO is invoked to write I/O port.
+
   @param  Port  The I/O port to write.
   @param  Value The value to write to the I/O port.
 
@@ -76,7 +85,11 @@ IoWrite8 (
 
   Flag = FilterBeforeIoWrite (FilterWidth8, Port, );
   if (Flag) {
-__asm__ __volatile__ ("outb %b0,%w1" : : "a" (Value), "d" ((UINT16)Port));
+if (IsTdxGuest ()) {
+  TdIoWrite8 (Port, Value);
+} else {
+  __asm__ __volatile__ ("outb %b0,%w1" : : "a" (Value), "d" 
((UINT16)Port));
+}
   }
 
   FilterAfterIoWrite (FilterWidth8, Port, );
@@ -94,6 +107,8 @@ IoWrite8 (
   If 16-bit I/O port operations are not supported, then ASSERT().
   If Port is not aligned on a 16-bit boundary, then ASSERT().
 
+  For Td guest TDVMCALL_IO is invoked to read I/O port.
+
   @param  Port  The I/O port to read.
 
   @return The value read.
@@ -112,7 +127,11 @@ IoRead16 (
 
   Flag = FilterBeforeIoRead (FilterWidth16, Port, );
   if (Flag) {
-__asm__ __volatile__ ("inw %w1,%w0" : "=a" (Data) : "d" ((UINT16)Port));
+if (IsTdxGuest ()) {
+  Data = TdIoRead16 (Port);
+} else {
+  __asm__ __volatile__ ("inw %w1,%w0" : "=a" (Data) : "d" ((UINT16)Port));
+}
   }
 
   FilterAfterIoRead (FilterWidth16, Port, );
@@ -130,6 +149,8 @@ IoRead16 (
   If 16-bit I/O port operations are not supported, then ASSERT().
   If Port is not aligned on a 16-bit boundary, then ASSERT().
 
+  For Td guest TDVMCALL_IO is invoked to write I/O port.
+
   @param  Port  The I/O port to write.
   @param  Value The value to write to the I/O port.
 
@@ -149,7 +170,11 @@ IoWrite16 (
 
   Flag = FilterBeforeIoWrite (FilterWidth16, Port, );
   if (Flag) {
-__asm__ __volatile__ ("outw %w0,%w1" : : "a" (Value), "d" ((UINT16)Port));
+if (IsTdxGuest ()) {
+  TdIoWrite16 (Port, Value);
+} else {
+  __asm__ __volatile__ ("outw %w0,%w1" : : "a" (Value), "d" 
((UINT16)Port));
+}
   }
 
   FilterAfterIoWrite (FilterWidth16, Port, );
@@ -167,6 +192,8 @@ IoWrite16 (
   If 32-bit I/O port operations are not supported, then ASSERT().
   If Port is not aligned on a 32-bit boundary, then ASSERT().
 
+  For Td guest TDVMCALL_IO is invoked to read I/O port.
+
   @param  Port  The I/O port to read.
 
   @return The value read.
@@ -185,7 +212,11 @@ IoRead32 (
 
   Flag = FilterBeforeIoRead (FilterWidth32, Port, );
   if (Flag) {
-__asm__ __volatile__ ("inl %w1,%0" : "=a" (Data) : "d" ((UINT16)Port));
+if (IsTdxGuest ()) {
+  Data = TdIoRead32 (Port);
+} else {
+  __asm__ __volatile__ ("inl %w1,%0" : "=a" (Data) : "d" ((UINT16)Port));
+}
   }
 
   FilterAfterIoRead (FilterWidth32, Port, );
@@ -203,6 +234,8 @@ IoRead32 (
   If 32-bit I/O port operations are not supported, then ASSERT().
   If Port is not aligned on a 32-bit boundary, then ASSERT().
 
+  For Td guest TDVMCALL_IO is invoked to write I/O port.
+
   @param  Port  The I/O port to write.
   @param  Value The value to write to the I/O port.
 
@@ -222,7 +255,11 @@ IoWrite32 (
 
   Flag = FilterBeforeIoWrite (FilterWidth32, Port, );
   if (Flag) {
-__asm__ __volatile__ ("outl %0,%w1" : : "a" (Value), "d" ((UINT16)Port));
+if 

[edk2-devel] [PATCH V11 10/47] MdePkg: Support IoFifo for Tdx guest in BaseIoLibIntrinsic

[Min Xu]

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

Previously IoFifo functions are in X64/IoFifoSev.nasm which supports
both SEV guest and Legacy guest. IoLibFifo.c is introduced to support
SEV/TDX/Legacy guest in one binary. It checks the guest type in runtime
and call corresponding functions then.

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Acked-by: Gerd Hoffmann 
Reviewed-by: Liming Gao 
Signed-off-by: Min Xu 
---
 .../BaseIoLibIntrinsicSev.inf |   2 +
 MdePkg/Library/BaseIoLibIntrinsic/IoLibFifo.c | 217 ++
 MdePkg/Library/BaseIoLibIntrinsic/IoLibSev.h  | 166 ++
 .../BaseIoLibIntrinsic/X64/IoFifoSev.nasm |  34 +--
 4 files changed, 402 insertions(+), 17 deletions(-)
 create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibFifo.c
 create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibSev.h

diff --git a/MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf 
b/MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
index a74e54bee8b5..7fe1c60f046e 100644
--- a/MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
+++ b/MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
@@ -31,6 +31,7 @@
   BaseIoLibIntrinsicInternal.h
   IoHighLevel.c
   IoLibTdx.h
+  IoLibSev.h
 
 [Sources.IA32]
   IoLibGcc.c| GCC
@@ -44,6 +45,7 @@
   IoLibMsc.c| MSFT
   IoLib.c
   IoLibInternalTdx.c
+  IoLibFifo.c
   X64/IoFifoSev.nasm
 
 [Packages]
diff --git a/MdePkg/Library/BaseIoLibIntrinsic/IoLibFifo.c 
b/MdePkg/Library/BaseIoLibIntrinsic/IoLibFifo.c
new file mode 100644
index ..9a94bc6a054c
--- /dev/null
+++ b/MdePkg/Library/BaseIoLibIntrinsic/IoLibFifo.c
@@ -0,0 +1,217 @@
+/** @file
+  IoFifo read/write routines.
+
+  Copyright (c) 2021, Intel Corporation. All rights reserved.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "BaseIoLibIntrinsicInternal.h"
+#include "IoLibSev.h"
+#include "IoLibTdx.h"
+#include 
+#include 
+
+/**
+  Reads an 8-bit I/O port fifo into a block of memory.
+
+  Reads the 8-bit I/O fifo port specified by Port.
+  The port is read Count times, and the read data is
+  stored in the provided Buffer.
+
+  This function must guarantee that all I/O read and write operations are
+  serialized.
+
+  If 8-bit I/O port operations are not supported, then ASSERT().
+
+  In TDX a serial of TdIoRead8 is invoked to read the I/O port fifo.
+
+  @param  PortThe I/O port to read.
+  @param  Count   The number of times to read I/O port.
+  @param  Buffer  The buffer to store the read data into.
+
+**/
+VOID
+EFIAPI
+IoReadFifo8 (
+  IN  UINTN  Port,
+  IN  UINTN  Count,
+  OUT VOID   *Buffer
+  )
+{
+  if (IsTdxGuest ()) {
+TdIoReadFifo8 (Port, Count, Buffer);
+  } else {
+SevIoReadFifo8 (Port, Count, Buffer);
+  }
+}
+
+/**
+  Writes a block of memory into an 8-bit I/O port fifo.
+
+  Writes the 8-bit I/O fifo port specified by Port.
+  The port is written Count times, and the write data is
+  retrieved from the provided Buffer.
+
+  This function must guarantee that all I/O write and write operations are
+  serialized.
+
+  If 8-bit I/O port operations are not supported, then ASSERT().
+
+  In TDX a serial of TdIoWrite8 is invoked to write data to the I/O port.
+
+  @param  PortThe I/O port to write.
+  @param  Count   The number of times to write I/O port.
+  @param  Buffer  The buffer to retrieve the write data from.
+
+**/
+VOID
+EFIAPI
+IoWriteFifo8 (
+  IN  UINTN  Port,
+  IN  UINTN  Count,
+  IN  VOID   *Buffer
+  )
+{
+  if (IsTdxGuest ()) {
+TdIoWriteFifo8 (Port, Count, Buffer);
+  } else {
+SevIoWriteFifo8 (Port, Count, Buffer);
+  }
+}
+
+/**
+  Reads a 16-bit I/O port fifo into a block of memory.
+
+  Reads the 16-bit I/O fifo port specified by Port.
+  The port is read Count times, and the read data is
+  stored in the provided Buffer.
+
+  This function must guarantee that all I/O read and write operations are
+  serialized.
+
+  If 16-bit I/O port operations are not supported, then ASSERT().
+
+  In TDX a serial of TdIoRead16 is invoked to read data from the I/O port.
+
+  @param  PortThe I/O port to read.
+  @param  Count   The number of times to read I/O port.
+  @param  Buffer  The buffer to store the read data into.
+
+**/
+VOID
+EFIAPI
+IoReadFifo16 (
+  IN  UINTN  Port,
+  IN  UINTN  Count,
+  OUT VOID   *Buffer
+  )
+{
+  if (IsTdxGuest ()) {
+TdIoReadFifo16 (Port, Count, Buffer);
+  } else {
+SevIoReadFifo16 (Port, Count, Buffer);
+  }
+}
+
+/**
+  Writes a block of memory into a 16-bit I/O port fifo.
+
+  Writes the 16-bit I/O fifo port specified by Port.
+  The port is written Count times, and the write data is
+  retrieved from the provided Buffer.
+
+  This function must guarantee that all I/O write and write operations are
+  serialized.
+
+  If 16-bit I/O port operations are 

[edk2-devel] [PATCH V11 09/47] MdePkg: Support mmio for Tdx guest in BaseIoLibIntrinsic

[Min Xu]

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

TDVF access MMIO with TDG.VP.VMCALL to invoke VMM provided emulation
functions. If the access to MMIO fails, it fall backs to the direct
access.

BaseIoLibIntrinsic.inf is the IoLib used by other packages. It will
not support I/O in Td guest. But some files are shared between
BaseIoLibIntrinsic and BaseIoLibIntrinsicSev (IoLib.c is the example). So
IoLibInternalTdxNull.c (which holds the null stub of the Td I/O routines)
is included in BaseIoLibIntrinsic.inf. BaseIoLibIntrinsic.inf doesn't
import TdxLib so that the Pkgs which include BaseIoLibIntrinsic.inf
need not include TdxLib.

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Acked-by: Gerd Hoffmann 
Reviewed-by: Liming Gao 
Signed-off-by: Min Xu 
---
 .../BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf |  2 +
 .../BaseIoLibIntrinsicSev.inf |  3 +
 MdePkg/Library/BaseIoLibIntrinsic/IoLib.c | 81 +--
 3 files changed, 78 insertions(+), 8 deletions(-)

diff --git a/MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf 
b/MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf
index 97eeada0656e..27b15d9ae256 100644
--- a/MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf
+++ b/MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf
@@ -34,6 +34,8 @@
   IoLibMmioBuffer.c
   BaseIoLibIntrinsicInternal.h
   IoHighLevel.c
+  IoLibInternalTdxNull.c
+  IoLibTdx.h
 
 [Sources.IA32]
   IoLibGcc.c| GCC
diff --git a/MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf 
b/MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
index 336d79736d9a..a74e54bee8b5 100644
--- a/MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
+++ b/MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
@@ -30,17 +30,20 @@
   IoLibMmioBuffer.c
   BaseIoLibIntrinsicInternal.h
   IoHighLevel.c
+  IoLibTdx.h
 
 [Sources.IA32]
   IoLibGcc.c| GCC
   IoLibMsc.c| MSFT
   IoLib.c
+  IoLibInternalTdxNull.c
   Ia32/IoFifoSev.nasm
 
 [Sources.X64]
   IoLibGcc.c| GCC
   IoLibMsc.c| MSFT
   IoLib.c
+  IoLibInternalTdx.c
   X64/IoFifoSev.nasm
 
 [Packages]
diff --git a/MdePkg/Library/BaseIoLibIntrinsic/IoLib.c 
b/MdePkg/Library/BaseIoLibIntrinsic/IoLib.c
index 9d42e21a691c..5bd02b56a1fa 100644
--- a/MdePkg/Library/BaseIoLibIntrinsic/IoLib.c
+++ b/MdePkg/Library/BaseIoLibIntrinsic/IoLib.c
@@ -7,6 +7,7 @@
 **/
 
 #include "BaseIoLibIntrinsicInternal.h"
+#include "IoLibTdx.h"
 
 /**
   Reads a 64-bit I/O port.
@@ -69,6 +70,8 @@ IoWrite64 (
 
   If 8-bit MMIO register operations are not supported, then ASSERT().
 
+  For Td guest TDVMCALL_MMIO is invoked to read MMIO registers.
+
   @param  Address The MMIO register to read.
 
   @return The value read.
@@ -86,7 +89,13 @@ MmioRead8 (
   Flag = FilterBeforeMmIoRead (FilterWidth8, Address, );
   if (Flag) {
 MemoryFence ();
-Value = *(volatile UINT8 *)Address;
+
+if (IsTdxGuest ()) {
+  Value = TdMmioRead8 (Address);
+} else {
+  Value = *(volatile UINT8 *)Address;
+}
+
 MemoryFence ();
   }
 
@@ -104,6 +113,8 @@ MmioRead8 (
 
   If 8-bit MMIO register operations are not supported, then ASSERT().
 
+  For Td guest TDVMCALL_MMIO is invoked to write MMIO registers.
+
   @param  Address The MMIO register to write.
   @param  Value   The value to write to the MMIO register.
 
@@ -122,7 +133,13 @@ MmioWrite8 (
   Flag = FilterBeforeMmIoWrite (FilterWidth8, Address, );
   if (Flag) {
 MemoryFence ();
-*(volatile UINT8 *)Address = Value;
+
+if (IsTdxGuest ()) {
+  TdMmioWrite8 (Address, Value);
+} else {
+  *(volatile UINT8 *)Address = Value;
+}
+
 MemoryFence ();
   }
 
@@ -141,6 +158,8 @@ MmioWrite8 (
   If 16-bit MMIO register operations are not supported, then ASSERT().
   If Address is not aligned on a 16-bit boundary, then ASSERT().
 
+  For Td guest TDVMCALL_MMIO is invoked to read MMIO registers.
+
   @param  Address The MMIO register to read.
 
   @return The value read.
@@ -159,7 +178,13 @@ MmioRead16 (
   Flag = FilterBeforeMmIoRead (FilterWidth16, Address, );
   if (Flag) {
 MemoryFence ();
-Value = *(volatile UINT16 *)Address;
+
+if (IsTdxGuest ()) {
+  Value = TdMmioRead16 (Address);
+} else {
+  Value = *(volatile UINT16 *)Address;
+}
+
 MemoryFence ();
   }
 
@@ -178,6 +203,8 @@ MmioRead16 (
   If 16-bit MMIO register operations are not supported, then ASSERT().
   If Address is not aligned on a 16-bit boundary, then ASSERT().
 
+  For Td guest TDVMCALL_MMIO is invoked to write MMIO registers.
+
   @param  Address The MMIO register to write.
   @param  Value   The value to write to the MMIO register.
 
@@ -198,7 +225,13 @@ MmioWrite16 (
   Flag = FilterBeforeMmIoWrite (FilterWidth16, Address, );
   if (Flag) {
 MemoryFence ();
-*(volatile UINT16 *)Address = Value;
+
+if (IsTdxGuest ()) 

[edk2-devel] [PATCH V11 06/47] OvmfPkg: Extend VmgExitLib to handle #VE exception

[Min Xu]

RFC： https://bugzilla.tianocore.org/show_bug.cgi?id=3429

The base VmgExitLib library provides a default limited interface to
handle #VE exception. To provide full support, the OVMF version of
VmgExitLib is extended to provide full support of #VE handler.

Cc: Ard Biesheuvel 
Cc: Jiewen Yao 
Cc: Jordan Justen 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Acked-by: Gerd Hoffmann 
Signed-off-by: Min Xu 
---
 OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf  |   3 +-
 OvmfPkg/Library/VmgExitLib/VmTdExitHandler.h  |  32 +
 .../Library/VmgExitLib/VmTdExitVeHandler.c| 559 ++
 OvmfPkg/Library/VmgExitLib/VmgExitLib.inf |   2 +
 .../Library/VmgExitLib/X64/TdVmcallCpuid.nasm | 146 +
 5 files changed, 741 insertions(+), 1 deletion(-)
 create mode 100644 OvmfPkg/Library/VmgExitLib/VmTdExitHandler.h
 create mode 100644 OvmfPkg/Library/VmgExitLib/VmTdExitVeHandler.c
 create mode 100644 OvmfPkg/Library/VmgExitLib/X64/TdVmcallCpuid.nasm

diff --git a/OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf 
b/OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf
index 78207fa0f9c9..f9bd4974f6dc 100644
--- a/OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf
+++ b/OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf
@@ -25,6 +25,8 @@
   VmgExitVcHandler.c
   VmgExitVcHandler.h
   SecVmgExitVcHandler.c
+  VmTdExitVeHandler.c
+  X64/TdVmcallCpuid.nasm
 
 [Packages]
   MdePkg/MdePkg.dec
@@ -44,4 +46,3 @@
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidSize
-
diff --git a/OvmfPkg/Library/VmgExitLib/VmTdExitHandler.h 
b/OvmfPkg/Library/VmgExitLib/VmTdExitHandler.h
new file mode 100644
index ..7eacd0872f46
--- /dev/null
+++ b/OvmfPkg/Library/VmgExitLib/VmTdExitHandler.h
@@ -0,0 +1,32 @@
+/** @file
+
+  Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef VMTD_EXIT_HANDLER_H_
+#define VMTD_EXIT_HANDLER_H_
+
+#include 
+#include 
+
+/**
+  This function enable the TD guest to request the VMM to emulate CPUID
+  operation, especially for non-architectural, CPUID leaves.
+
+  @param[in]  EaxMain leaf of the CPUID
+  @param[in]  EcxSub-leaf of the CPUID
+  @param[out] ResultsReturned result of CPUID operation
+
+  @return EFI_SUCCESS
+**/
+EFI_STATUS
+EFIAPI
+TdVmCallCpuid (
+  IN UINT64  Eax,
+  IN UINT64  Ecx,
+  OUT VOID   *Results
+  );
+
+#endif
diff --git a/OvmfPkg/Library/VmgExitLib/VmTdExitVeHandler.c 
b/OvmfPkg/Library/VmgExitLib/VmTdExitVeHandler.c
new file mode 100644
index ..b73e877c093b
--- /dev/null
+++ b/OvmfPkg/Library/VmgExitLib/VmTdExitVeHandler.c
@@ -0,0 +1,559 @@
+/** @file
+
+  Copyright (c) 2021, Intel Corporation. All rights reserved.
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include 
+#include 
+#include "VmTdExitHandler.h"
+#include 
+#include 
+#include 
+#include 
+
+typedef union {
+  struct {
+UINT32Eax;
+UINT32Edx;
+  } Regs;
+  UINT64Val;
+} MSR_DATA;
+
+typedef union {
+  UINT8Val;
+  struct {
+UINT8B : 1;
+UINT8X : 1;
+UINT8R : 1;
+UINT8W : 1;
+  } Bits;
+} REX;
+
+typedef union {
+  UINT8Val;
+  struct {
+UINT8Rm  : 3;
+UINT8Reg : 3;
+UINT8Mod : 2;
+  } Bits;
+} MODRM;
+
+typedef struct {
+  UINT64Regs[4];
+} CPUID_DATA;
+
+/**
+  Handle an CPUID event.
+
+  Use the TDVMCALL instruction to handle cpuid #ve
+
+  @param[in, out] Regs x64 processor context
+  @param[in]  Veinfo   VE Info
+
+  @retval 0Event handled successfully
+  @return  New exception value to propagate
+**/
+STATIC
+UINT64
+EFIAPI
+CpuIdExit (
+  IN EFI_SYSTEM_CONTEXT_X64 *Regs,
+  IN TDCALL_VEINFO_RETURN_DATA  *Veinfo
+  )
+{
+  CPUID_DATA  CpuIdData;
+  UINT64  Status;
+
+  Status = TdVmCallCpuid (Regs->Rax, Regs->Rcx, );
+
+  if (Status == 0) {
+Regs->Rax = CpuIdData.Regs[0];
+Regs->Rbx = CpuIdData.Regs[1];
+Regs->Rcx = CpuIdData.Regs[2];
+Regs->Rdx = CpuIdData.Regs[3];
+  }
+
+  return Status;
+}
+
+/**
+  Handle an IO event.
+
+  Use the TDVMCALL instruction to handle either an IO read or an IO write.
+
+  @param[in, out] Regs x64 processor context
+  @param[in]  Veinfo   VE Info
+
+  @retval 0Event handled successfully
+  @return  New exception value to propagate
+**/
+STATIC
+UINT64
+EFIAPI
+IoExit (
+  IN OUT EFI_SYSTEM_CONTEXT_X64  *Regs,
+  IN TDCALL_VEINFO_RETURN_DATA   *Veinfo
+  )
+{
+  BOOLEAN  Write;
+  UINTNSize;
+  UINTNPort;
+  UINT64   Val;
+  UINT64   RepCnt;
+  UINT64   Status;
+
+  Val   = 0;
+  Write = Veinfo->ExitQualification.Io.Direction ? FALSE : TRUE;
+  Size  = Veinfo->ExitQualification.Io.Size + 1;
+  Port  = Veinfo->ExitQualification.Io.Port;
+
+  if 

[edk2-devel] [PATCH V11 07/47] UefiCpuPkg/CpuExceptionHandler: Add base support for the #VE exception

[Min Xu]

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

Add base support to handle #VE exceptions. Update the common exception
handlers to invoke the VmTdExitHandleVe () function of the VmgExitLib
library when a #VE is encountered. A non-zero return code will propagate
to the targeted exception handler.

Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Eric Dong 
Cc: Ray Ni 
Cc: Rahul Kumar 
Cc: Gerd Hoffmann 
Acked-by: Gerd Hoffmann 
Reviewed-by: Ray Ni 
Signed-off-by: Min Xu 
---
 .../PeiDxeSmmCpuException.c   | 53 -
 .../SecPeiCpuException.c  | 57 +--
 2 files changed, 79 insertions(+), 31 deletions(-)

diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiDxeSmmCpuException.c 
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiDxeSmmCpuException.c
index 762ea2460f91..f47a80dcab8f 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiDxeSmmCpuException.c
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiDxeSmmCpuException.c
@@ -24,25 +24,48 @@ CommonExceptionHandlerWorker (
   IN EXCEPTION_HANDLER_DATA  *ExceptionHandlerData
   )
 {
+  EFI_STATUS Status;
   EXCEPTION_HANDLER_CONTEXT  *ExceptionHandlerContext;
   RESERVED_VECTORS_DATA  *ReservedVectors;
   EFI_CPU_INTERRUPT_HANDLER  *ExternalInterruptHandler;
 
-  if (ExceptionType == VC_EXCEPTION) {
-EFI_STATUS  Status;
-//
-// #VC needs to be handled immediately upon enabling exception handling
-// and therefore can't use the RegisterCpuInterruptHandler() interface.
-//
-// Handle the #VC:
-//   On EFI_SUCCESS - Exception has been handled, return
-//   On other   - ExceptionType contains (possibly new) exception
-//value
-//
-Status = VmgExitHandleVc (, SystemContext);
-if (!EFI_ERROR (Status)) {
-  return;
-}
+  switch (ExceptionType) {
+case VC_EXCEPTION:
+  //
+  // #VC needs to be handled immediately upon enabling exception handling
+  // and therefore can't use the RegisterCpuInterruptHandler() interface.
+  //
+  // Handle the #VC:
+  //   On EFI_SUCCESS - Exception has been handled, return
+  //   On other   - ExceptionType contains (possibly new) exception
+  //value
+  //
+  Status = VmgExitHandleVc (, SystemContext);
+  if (!EFI_ERROR (Status)) {
+return;
+  }
+
+  break;
+
+case VE_EXCEPTION:
+  //
+  // #VE needs to be handled immediately upon enabling exception handling
+  // and therefore can't use the RegisterCpuInterruptHandler() interface.
+  //
+  // Handle the #VE:
+  //   On EFI_SUCCESS - Exception has been handled, return
+  //   On other   - ExceptionType contains (possibly new) exception
+  //value
+  //
+  Status = VmTdExitHandleVe (, SystemContext);
+  if (!EFI_ERROR (Status)) {
+return;
+  }
+
+  break;
+
+default:
+  break;
   }
 
   ExceptionHandlerContext  = (EXCEPTION_HANDLER_CONTEXT 
*)(UINTN)(SystemContext.SystemContextIa32);
diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuException.c 
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuException.c
index c614d5b0b6f1..6e5216380da8 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuException.c
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuException.c
@@ -25,22 +25,47 @@ CommonExceptionHandler (
   IN EFI_SYSTEM_CONTEXT  SystemContext
   )
 {
-  if (ExceptionType == VC_EXCEPTION) {
-EFI_STATUS  Status;
-//
-// #VC needs to be handled immediately upon enabling exception handling
-// and therefore can't use the RegisterCpuInterruptHandler() interface
-// (which isn't supported under Sec and Pei anyway).
-//
-// Handle the #VC:
-//   On EFI_SUCCESS - Exception has been handled, return
-//   On other   - ExceptionType contains (possibly new) exception
-//value
-//
-Status = VmgExitHandleVc (, SystemContext);
-if (!EFI_ERROR (Status)) {
-  return;
-}
+  EFI_STATUS  Status;
+
+  switch (ExceptionType) {
+case VC_EXCEPTION:
+  //
+  // #VC needs to be handled immediately upon enabling exception handling
+  // and therefore can't use the RegisterCpuInterruptHandler() interface
+  // (which isn't supported under Sec and Pei anyway).
+  //
+  // Handle the #VC:
+  //   On EFI_SUCCESS - Exception has been handled, return
+  //   On other   - ExceptionType contains (possibly new) exception
+  //value
+  //
+  Status = VmgExitHandleVc (, SystemContext);
+  if (!EFI_ERROR (Status)) {
+return;
+  }
+
+  break;
+
+case VE_EXCEPTION:
+  //
+  // #VE needs to be handled immediately upon enabling exception handling
+  // and therefore can't use the 

[edk2-devel] [PATCH V11 08/47] MdePkg: Add helper functions for Tdx guest in BaseIoLibIntrinsic

[Min Xu]

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

Intel TDX architecture does not prescribe a specific software convention
to perform I/O from the guest TD. Guest TD providers have many choices to
provide I/O to the guest. The common I/O models are emulated devices,
para-virtualized devices, SRIOV devices and Direct Device assignments.

TDVF chooses para-virtualized I/O (Choice-A) which use the TDG.VP.VMCALL
function to invoke the funtions provided by the host VMM to perform I/O.
Another choice (Choice-B) is the emulation performed by the #VE handler.

There are 2 benefits of para-virtualized I/O:
1. Performance.
   VMEXIT/VMENTRY is skipped so that the performance is better than #VE
   handler.
2. De-couple with #VE handler.
   Choice-B depends on the #VE handler which means I/O is not available
   until #VE handler is installed. For example, in PEI phase #VE handler
   is installed in CpuMpPei, while communication with Qemu (via I/O port)
   happen earlier than it.

IoLibInternalTdx.c provides the helper functions for Tdx guest.
IoLibInternalTdxNull.c provides the null version of the helper functions.
It is included in the Non-X64 IoLib so that the build will not be broken.

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Reviewed-by: Liming Gao 
Signed-off-by: Min Xu 
---
 .../BaseIoLibIntrinsicSev.inf |   2 +
 .../BaseIoLibIntrinsic/IoLibInternalTdx.c | 674 ++
 .../BaseIoLibIntrinsic/IoLibInternalTdxNull.c | 497 +
 MdePkg/Library/BaseIoLibIntrinsic/IoLibTdx.h  | 410 +++
 4 files changed, 1583 insertions(+)
 create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibInternalTdx.c
 create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibInternalTdxNull.c
 create mode 100644 MdePkg/Library/BaseIoLibIntrinsic/IoLibTdx.h

diff --git a/MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf 
b/MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
index 34f9d1d1062f..336d79736d9a 100644
--- a/MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
+++ b/MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
@@ -51,3 +51,5 @@
   BaseLib
   RegisterFilterLib
 
+[LibraryClasses.X64]
+  TdxLib
diff --git a/MdePkg/Library/BaseIoLibIntrinsic/IoLibInternalTdx.c 
b/MdePkg/Library/BaseIoLibIntrinsic/IoLibInternalTdx.c
new file mode 100644
index ..1e539dbfbbad
--- /dev/null
+++ b/MdePkg/Library/BaseIoLibIntrinsic/IoLibInternalTdx.c
@@ -0,0 +1,674 @@
+/** @file
+  TDX I/O Library routines.
+
+  Copyright (c) 2020-2021, Intel Corporation. All rights reserved.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+#include "BaseIoLibIntrinsicInternal.h"
+#include 
+#include 
+#include 
+#include 
+#include "IoLibTdx.h"
+
+// Size of TDVMCALL Access, including IO and MMIO
+#define TDVMCALL_ACCESS_SIZE_1  1
+#define TDVMCALL_ACCESS_SIZE_2  2
+#define TDVMCALL_ACCESS_SIZE_4  4
+#define TDVMCALL_ACCESS_SIZE_8  8
+
+// Direction of TDVMCALL Access, including IO and MMIO
+#define TDVMCALL_ACCESS_READ   0
+#define TDVMCALL_ACCESS_WRITE  1
+
+BOOLEAN  mTdxEnabled = FALSE;
+BOOLEAN  mTdxProbed  = FALSE;
+
+/**
+  Check if it is Tdx guest.
+
+  @return TRUEIt is Tdx guest
+  @return FALSE   It is not Tdx guest
+
+**/
+BOOLEAN
+EFIAPI
+IsTdxGuest (
+  VOID
+  )
+{
+  if (mTdxProbed) {
+return mTdxEnabled;
+  }
+
+  mTdxEnabled = TdIsEnabled ();
+  mTdxProbed  = TRUE;
+
+  return mTdxEnabled;
+}
+
+/**
+  Reads an 8-bit I/O port.
+
+  TDVMCALL_IO is invoked to read I/O port.
+
+  @param  Port  The I/O port to read.
+
+  @return The value read.
+
+**/
+UINT8
+EFIAPI
+TdIoRead8 (
+  IN  UINTN  Port
+  )
+{
+  UINT64  Status;
+  UINT64  Val;
+
+  Status = TdVmCall (TDVMCALL_IO, TDVMCALL_ACCESS_SIZE_1, 
TDVMCALL_ACCESS_READ, Port, 0, );
+  if (Status != 0) {
+TdVmCall (TDVMCALL_HALT, 0, 0, 0, 0, 0);
+  }
+
+  return (UINT8)Val;
+}
+
+/**
+  Reads a 16-bit I/O port.
+
+  TDVMCALL_IO is invoked to write I/O port.
+
+  @param  Port  The I/O port to read.
+
+  @return The value read.
+
+**/
+UINT16
+EFIAPI
+TdIoRead16 (
+  IN  UINTN  Port
+  )
+{
+  UINT64  Status;
+  UINT64  Val;
+
+  ASSERT ((Port & 1) == 0);
+
+  Status = TdVmCall (TDVMCALL_IO, TDVMCALL_ACCESS_SIZE_2, 
TDVMCALL_ACCESS_READ, Port, 0, );
+  if (Status != 0) {
+TdVmCall (TDVMCALL_HALT, 0, 0, 0, 0, 0);
+  }
+
+  return (UINT16)Val;
+}
+
+/**
+  Reads a 32-bit I/O port.
+
+  TDVMCALL_IO is invoked to read I/O port.
+
+  @param  Port  The I/O port to read.
+
+  @return The value read.
+
+**/
+UINT32
+EFIAPI
+TdIoRead32 (
+  IN  UINTN  Port
+  )
+{
+  UINT64  Status;
+  UINT64  Val;
+
+  ASSERT ((Port & 3) == 0);
+
+  Status = TdVmCall (TDVMCALL_IO, TDVMCALL_ACCESS_SIZE_4, 
TDVMCALL_ACCESS_READ, Port, 0, );
+  if (Status != 0) {
+TdVmCall (TDVMCALL_HALT, 0, 0, 0, 0, 0);
+  }
+
+  return (UINT32)Val;
+}
+
+/**
+  Writes an 8-bit I/O port.
+
+  TDVMCALL_IO 

[edk2-devel] [PATCH V11 05/47] UefiCpuPkg: Extend VmgExitLibNull to handle #VE exception

[Min Xu]

RFC： https://bugzilla.tianocore.org/show_bug.cgi?id=3429

VmgExitLib performs the necessary processing to handle a #VC exception.
VmgExitLibNull is a NULL instance of VmgExitLib which provides a
default limited interface. In this commit VmgExitLibNull is extended to
handle a #VE exception with a default limited interface. A full feature
version of #VE handler will be created later.

Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Eric Dong 
Cc: Ray Ni 
Cc: Rahul Kumar 
Cc: Gerd Hoffmann 
Acked-by: Gerd Hoffmann 
Reviewed-by: Ray Ni 
Signed-off-by: Min Xu 
---
 UefiCpuPkg/Include/Library/VmgExitLib.h   | 28 ++
 .../Library/VmgExitLibNull/VmTdExitNull.c | 38 +++
 .../Library/VmgExitLibNull/VmgExitLibNull.inf |  1 +
 3 files changed, 67 insertions(+)
 create mode 100644 UefiCpuPkg/Library/VmgExitLibNull/VmTdExitNull.c

diff --git a/UefiCpuPkg/Include/Library/VmgExitLib.h 
b/UefiCpuPkg/Include/Library/VmgExitLib.h
index ebda1c3d907c..f9f911099a7b 100644
--- a/UefiCpuPkg/Include/Library/VmgExitLib.h
+++ b/UefiCpuPkg/Include/Library/VmgExitLib.h
@@ -15,6 +15,8 @@
 #include 
 #include 
 
+#define VE_EXCEPTION  20
+
 /**
   Perform VMGEXIT.
 
@@ -142,4 +144,30 @@ VmgExitHandleVc (
   IN OUT EFI_SYSTEM_CONTEXT  SystemContext
   );
 
+/**
+  Handle a #VE exception.
+
+  Performs the necessary processing to handle a #VE exception.
+
+  The base library function returns an error equal to VE_EXCEPTION,
+  to be propagated to the standard exception handling stack.
+
+  @param[in, out]  ExceptionType  Pointer to an EFI_EXCEPTION_TYPE to be set
+  as value to use on error.
+  @param[in, out]  SystemContext  Pointer to EFI_SYSTEM_CONTEXT
+
+  @retval  EFI_SUCCESSException handled
+  @retval  EFI_UNSUPPORTED#VE not supported, (new) exception value to
+  propagate provided
+  @retval  EFI_PROTOCOL_ERROR #VE handling failed, (new) exception value to
+  propagate provided
+
+**/
+EFI_STATUS
+EFIAPI
+VmTdExitHandleVe (
+  IN OUT EFI_EXCEPTION_TYPE  *ExceptionType,
+  IN OUT EFI_SYSTEM_CONTEXT  SystemContext
+  );
+
 #endif
diff --git a/UefiCpuPkg/Library/VmgExitLibNull/VmTdExitNull.c 
b/UefiCpuPkg/Library/VmgExitLibNull/VmTdExitNull.c
new file mode 100644
index ..6a4e8087cb89
--- /dev/null
+++ b/UefiCpuPkg/Library/VmgExitLibNull/VmTdExitNull.c
@@ -0,0 +1,38 @@
+/** @file
+
+  Copyright (c) 2021, Intel Corporation. All rights reserved.
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+#include 
+#include 
+#include 
+
+/**
+  Handle a #VE exception.
+
+  Performs the necessary processing to handle a #VE exception.
+
+  @param[in, out]  ExceptionType  Pointer to an EFI_EXCEPTION_TYPE to be set
+  as value to use on error.
+  @param[in, out]  SystemContext  Pointer to EFI_SYSTEM_CONTEXT
+
+  @retval  EFI_SUCCESSException handled
+  @retval  EFI_UNSUPPORTED#VE not supported, (new) exception value to
+  propagate provided
+  @retval  EFI_PROTOCOL_ERROR #VE handling failed, (new) exception value to
+  propagate provided
+
+**/
+EFI_STATUS
+EFIAPI
+VmTdExitHandleVe (
+  IN OUT EFI_EXCEPTION_TYPE  *ExceptionType,
+  IN OUT EFI_SYSTEM_CONTEXT  SystemContext
+  )
+{
+  *ExceptionType = VE_EXCEPTION;
+
+  return EFI_UNSUPPORTED;
+}
diff --git a/UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf 
b/UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf
index d8770a21c355..4aab601939ff 100644
--- a/UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf
+++ b/UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf
@@ -17,6 +17,7 @@
 
 [Sources.common]
   VmgExitLibNull.c
+  VmTdExitNull.c
 
 [Packages]
   MdePkg/MdePkg.dec
-- 
2.29.2.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88095): https://edk2.groups.io/g/devel/message/88095
Mute This Topic: https://groups.io/mt/90079977/21656
Mute #ve:https://edk2.groups.io/g/devel/mutehashtag/ve
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V11 04/47] MdePkg: Add TdxLib to wrap Tdx operations

[Min Xu]

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

TdxLib is created with functions to perform the related Tdx operation.
This includes functions for:
 - TdAcceptPages   : Accept pending private pages and initialize the pages
 to all-0 using the TD ephemeral private key.
 - TdExtendRtmr: Extend measurement to one of the RTMR registers.
 - TdSharedPageMask: Get the Td guest shared page mask which indicates it
 is a Shared or Private page.
 - TdMaxVCpuNum: Get the maximum number of virtual CPUs.
 - TdVCpuNum   : Get the number of virtual CPUs.

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Acked-by: Gerd Hoffmann 
Reviewed-by: Liming Gao 
Signed-off-by: Min Xu 
---
 MdePkg/Include/Library/TdxLib.h |  92 ++
 MdePkg/Library/TdxLib/AcceptPages.c | 181 
 MdePkg/Library/TdxLib/Rtmr.c|  84 +
 MdePkg/Library/TdxLib/TdInfo.c  | 115 ++
 MdePkg/Library/TdxLib/TdxLib.inf|  37 ++
 MdePkg/Library/TdxLib/TdxLibNull.c  | 106 
 MdePkg/MdePkg.dec   |   3 +
 MdePkg/MdePkg.dsc   |   1 +
 8 files changed, 619 insertions(+)
 create mode 100644 MdePkg/Include/Library/TdxLib.h
 create mode 100644 MdePkg/Library/TdxLib/AcceptPages.c
 create mode 100644 MdePkg/Library/TdxLib/Rtmr.c
 create mode 100644 MdePkg/Library/TdxLib/TdInfo.c
 create mode 100644 MdePkg/Library/TdxLib/TdxLib.inf
 create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.c

diff --git a/MdePkg/Include/Library/TdxLib.h b/MdePkg/Include/Library/TdxLib.h
new file mode 100644
index ..55f0436cca1f
--- /dev/null
+++ b/MdePkg/Include/Library/TdxLib.h
@@ -0,0 +1,92 @@
+/** @file
+  TdxLib definitions
+
+  Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef TDX_LIB_H_
+#define TDX_LIB_H_
+
+/**
+  This function accepts a pending private page, and initialize the page to
+  all-0 using the TD ephemeral private key.
+
+  @param[in]  StartAddress Guest physical address of the private page
+   to accept. [63:52] and [11:0] must be 0.
+  @param[in]  NumberOfPagesNumber of the pages to be accepted.
+  @param[in]  PageSize GPA page size. Accept 2M/4K page size.
+
+  @return EFI_SUCCESS
+**/
+EFI_STATUS
+EFIAPI
+TdAcceptPages (
+  IN UINT64  StartAddress,
+  IN UINT64  NumberOfPages,
+  IN UINT32  PageSize
+  );
+
+/**
+  This function extends one of the RTMR measurement register
+  in TDCS with the provided extension data in memory.
+  RTMR extending supports SHA384 which length is 48 bytes.
+
+  @param[in]  Data  Point to the data to be extended
+  @param[in]  DataLen   Length of the data. Must be 48
+  @param[in]  Index RTMR index
+
+  @return EFI_SUCCESS
+  @return EFI_INVALID_PARAMETER
+  @return EFI_DEVICE_ERROR
+
+**/
+EFI_STATUS
+EFIAPI
+TdExtendRtmr (
+  IN  UINT32  *Data,
+  IN  UINT32  DataLen,
+  IN  UINT8   Index
+  );
+
+/**
+  This function gets the Td guest shared page mask.
+
+  The guest indicates if a page is shared using the Guest Physical Address
+  (GPA) Shared (S) bit. If the GPA Width(GPAW) is 48, the S-bit is bit-47.
+  If the GPAW is 52, the S-bit is bit-51.
+
+  @return Shared page bit mask
+**/
+UINT64
+EFIAPI
+TdSharedPageMask (
+  VOID
+  );
+
+/**
+  This function gets the maximum number of Virtual CPUs that are usable for
+  Td Guest.
+
+  @return maximum Virtual CPUs number
+**/
+UINT32
+EFIAPI
+TdMaxVCpuNum (
+  VOID
+  );
+
+/**
+  This function gets the number of Virtual CPUs that are usable for Td
+  Guest.
+
+  @return Virtual CPUs number
+**/
+UINT32
+EFIAPI
+TdVCpuNum (
+  VOID
+  );
+
+#endif
diff --git a/MdePkg/Library/TdxLib/AcceptPages.c 
b/MdePkg/Library/TdxLib/AcceptPages.c
new file mode 100644
index ..3a2182e95f47
--- /dev/null
+++ b/MdePkg/Library/TdxLib/AcceptPages.c
@@ -0,0 +1,181 @@
+/** @file
+
+  Unaccepted memory is a special type of private memory. In Td guest
+  TDCALL [TDG.MEM.PAGE.ACCEPT] is invoked to accept the unaccepted
+  memory before use it.
+
+  Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+UINT64  mNumberOfDuplicatedAcceptedPages;
+
+#define TDX_ACCEPTPAGE_MAX_RETRIED  3
+
+// PageSize is mapped to PageLevel like below:
+// 4KB - 0, 2MB - 1
+UINT32  mTdxAcceptPageLevelMap[2] = {
+  SIZE_4KB,
+  SIZE_2MB
+};
+
+#define INVALID_ACCEPT_PAGELEVEL  ARRAY_SIZE(mTdxAcceptPageLevelMap)
+
+/**
+  This function gets the PageLevel according to the input page size.
+
+  @param[in]  PageSizePage size
+
+  @return UINT32  The mapped page level
+**/
+UINT32
+GetGpaPageLevel (
+  UINT32  PageSize
+  )
+{
+  

[edk2-devel] [PATCH V11 03/47] MdePkg: Introduce basic Tdx functions in BaseLib

[Min Xu]

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

Introduce basic Tdx functions in BaseLib:
 - TdCall ()
 - TdVmCall ()
 - TdIsEnabled ()

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Acked-by: Gerd Hoffmann 
Reviewed-by: Liming Gao 
Signed-off-by: Min Xu 
---
 MdePkg/Include/Library/BaseLib.h |  66 +++
 MdePkg/Library/BaseLib/BaseLib.inf   |   4 +
 MdePkg/Library/BaseLib/IntelTdxNull.c|  83 +
 MdePkg/Library/BaseLib/X64/TdCall.nasm   |  85 +
 MdePkg/Library/BaseLib/X64/TdProbe.c |  63 ++
 MdePkg/Library/BaseLib/X64/TdVmcall.nasm | 145 +++
 6 files changed, 446 insertions(+)
 create mode 100644 MdePkg/Library/BaseLib/IntelTdxNull.c
 create mode 100644 MdePkg/Library/BaseLib/X64/TdCall.nasm
 create mode 100644 MdePkg/Library/BaseLib/X64/TdProbe.c
 create mode 100644 MdePkg/Library/BaseLib/X64/TdVmcall.nasm

diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/BaseLib.h
index 6aa0d972186e..9d58a7c4ad13 100644
--- a/MdePkg/Include/Library/BaseLib.h
+++ b/MdePkg/Include/Library/BaseLib.h
@@ -4759,6 +4759,72 @@ SpeculationBarrier (
   VOID
   );
 
+#if defined (MDE_CPU_X64) || defined (MDE_CPU_IA32)
+
+/**
+  The TDCALL instruction causes a VM exit to the Intel TDX module.  It is
+  used to call guest-side Intel TDX functions, either local or a TD exit
+  to the host VMM, as selected by Leaf.
+
+  @param[in]  LeafLeaf number of TDCALL instruction
+  @param[in]  Arg1Arg1
+  @param[in]  Arg2Arg2
+  @param[in]  Arg3Arg3
+  @param[in,out]  Results  Returned result of the Leaf function
+
+  @return 0   A successful call
+  @return Other   See individual leaf functions
+**/
+UINTN
+EFIAPI
+TdCall (
+  IN UINT64Leaf,
+  IN UINT64Arg1,
+  IN UINT64Arg2,
+  IN UINT64Arg3,
+  IN OUT VOID  *Results
+  );
+
+/**
+  TDVMALL is a leaf function 0 for TDCALL. It helps invoke services from the
+  host VMM to pass/receive information.
+
+  @param[in] LeafNumber of sub-functions
+  @param[in] Arg1Arg1
+  @param[in] Arg2Arg2
+  @param[in] Arg3Arg3
+  @param[in] Arg4Arg4
+  @param[in,out] Results Returned result of the sub-function
+
+  @return 0   A successful call
+  @return Other   See individual sub-functions
+
+**/
+UINTN
+EFIAPI
+TdVmCall (
+  IN UINT64Leaf,
+  IN UINT64Arg1,
+  IN UINT64Arg2,
+  IN UINT64Arg3,
+  IN UINT64Arg4,
+  IN OUT VOID  *Results
+  );
+
+/**
+  Probe if TD is enabled.
+
+  @return TRUETD is enabled.
+  @return FALSE   TD is not enabled.
+**/
+BOOLEAN
+EFIAPI
+TdIsEnabled (
+  VOID
+  );
+
+#endif
+
 #if defined (MDE_CPU_X64)
 //
 // The page size for the PVALIDATE instruction
diff --git a/MdePkg/Library/BaseLib/BaseLib.inf 
b/MdePkg/Library/BaseLib/BaseLib.inf
index cebda3b210c1..16b7ac391705 100644
--- a/MdePkg/Library/BaseLib/BaseLib.inf
+++ b/MdePkg/Library/BaseLib/BaseLib.inf
@@ -210,6 +210,7 @@
   X86RdRand.c
   X86PatchInstruction.c
   X86SpeculationBarrier.c
+  IntelTdxNull.c
 
 [Sources.X64]
   X64/Thunk16.nasm
@@ -293,6 +294,9 @@
   X64/ReadCr0.nasm| MSFT
   X64/ReadEflags.nasm| MSFT
 
+  X64/TdCall.nasm
+  X64/TdVmcall.nasm
+  X64/TdProbe.c
 
   X64/Non-existing.c
   Math64.c
diff --git a/MdePkg/Library/BaseLib/IntelTdxNull.c 
b/MdePkg/Library/BaseLib/IntelTdxNull.c
new file mode 100644
index ..ec95470bd43e
--- /dev/null
+++ b/MdePkg/Library/BaseLib/IntelTdxNull.c
@@ -0,0 +1,83 @@
+/** @file
+
+  Null stub of TdxLib
+
+  Copyright (c) 2021, Intel Corporation. All rights reserved.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include 
+#include 
+
+/**
+  The TDCALL instruction causes a VM exit to the Intel TDX module.  It is
+  used to call guest-side Intel TDX functions, either local or a TD exit
+  to the host VMM, as selected by Leaf.
+  Leaf functions are described at 
+
+  @param[in]  LeafLeaf number of TDCALL instruction
+  @param[in]  Arg1Arg1
+  @param[in]  Arg2Arg2
+  @param[in]  Arg3Arg3
+  @param[in,out]  Results  Returned result of the Leaf function
+
+  @return EFI_SUCCESS
+  @return Other   See individual leaf functions
+**/
+UINTN
+EFIAPI
+TdCall (
+  IN UINT64Leaf,
+  IN UINT64Arg1,
+  IN UINT64Arg2,
+  IN UINT64Arg3,
+  IN OUT VOID  *Results
+  )
+{
+  return EFI_UNSUPPORTED;
+}
+
+/**
+  TDVMALL is a leaf function 0 for TDCALL. It helps invoke services from the
+  host VMM to pass/receive information.
+
+  @param[in] LeafNumber of sub-functions
+  @param[in] Arg1Arg1
+  @param[in] Arg2Arg2
+  @param[in] Arg3Arg3
+  

[edk2-devel] [PATCH V11 02/47] MdePkg: Update Cpuid.h for Tdx

[Min Xu]

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

Guest software can be designed to run either as a TD, as a legacy virtual
machine, or directly on the CPU, based on enumeration of its run-time
environment. [TDX-Module] Chap 10.2 defines the flow and the new CPUID
leaf 0x21.

[TDX-Module] Architecture Specification: Intel(R) Trust Domain Extensions
Module, Chap 10.2, 344425-003US, August 2021
https://www.intel.com/content/dam/develop/external/us/en/documents/
tdx-module-1.0-public-spec-v0.931.pdf

Cc: Ray Ni 
Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 
Cc: Brijesh Singh 
Cc: Erdem Aktas 
Cc: James Bottomley 
Cc: Jiewen Yao 
Cc: Tom Lendacky 
Cc: Gerd Hoffmann 
Reviewed-by: Liming Gao 
Acked-by: Gerd Hoffmann 
Signed-off-by: Min Xu 
---
 MdePkg/Include/Register/Intel/Cpuid.h | 35 +--
 1 file changed, 33 insertions(+), 2 deletions(-)

diff --git a/MdePkg/Include/Register/Intel/Cpuid.h 
b/MdePkg/Include/Register/Intel/Cpuid.h
index bd6349d7940d..350bf60252e1 100644
--- a/MdePkg/Include/Register/Intel/Cpuid.h
+++ b/MdePkg/Include/Register/Intel/Cpuid.h
@@ -12,6 +12,8 @@
   @par Specification Reference:
   Intel(R) 64 and IA-32 Architectures Software Developer's Manual, Volume 2A,
   November 2018, CPUID instruction.
+  Architecture Specification: Intel(R) Trust Domain Extensions Module, Chap 
10.2
+  344425-003US, August 2021
 
 **/
 
@@ -321,9 +323,9 @@ typedef union {
 ///
 UINT32RDRAND  : 1;
 ///
-/// [Bit 31] Always returns 0.
+/// [Bit 31] A value of 1 indicates that processor is in Para-Virtualized.
 ///
-UINT32NotUsed : 1;
+UINT32ParaVirtualized : 1;
   } Bits;
   ///
   /// All bit fields as a 32-bit value
@@ -3689,6 +3691,35 @@ typedef union {
 /// @}
 ///
 
+/**
+  CPUID Guest TD Run Time Environment Enumeration Leaf
+
+  @note
+  Guest software can be designed to run either as a TD, as a legacy virtual 
machine,
+  or directly on the CPU, based on enumeration of its run-time environment.
+  CPUID leaf 21H emulation is done by the Intel TDX module. Sub-leaf 0 returns 
the values
+  shown below. Other sub-leaves return 0 in EAX/EBX/ECX/EDX.
+EAX: 0x
+EBX: 0x65746E49 "Inte"
+ECX: 0x20202020 ""
+EDX: 0x5844546C "lTDX"
+
+  @param   EAX  CPUID_GUESTTD_RUNTIME_ENVIRONMENT(0x21)
+  @param   ECX  Level number
+
+**/
+#define CPUID_GUESTTD_RUNTIME_ENVIRONMENT  0x21
+
+///
+/// @{ CPUID Guest TD signature values returned by Intel processors
+///
+#define CPUID_GUESTTD_SIGNATURE_GENUINE_INTEL_EBX  SIGNATURE_32 ('I', 'n', 
't', 'e')
+#define CPUID_GUESTTD_SIGNATURE_GENUINE_INTEL_ECX  SIGNATURE_32 (' ', ' ', ' 
', ' ')
+#define CPUID_GUESTTD_SIGNATURE_GENUINE_INTEL_EDX  SIGNATURE_32 ('l', 'T', 
'D', 'X')
+///
+/// @}
+///
+
 /**
   CPUID Extended Function
 
-- 
2.29.2.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88092): https://edk2.groups.io/g/devel/message/88092
Mute This Topic: https://groups.io/mt/90079971/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH V11 00/47] Enable Intel TDX in OvmfPkg (Config-A)

[Min Xu]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3249

Intel's Trust Domain Extensions (Intel TDX) refers to an Intel technology
that extends Virtual Machines Extensions (VMX) and Multi-Key Total Memory
Encryption (MKTME) with a new kind of virutal machines guest called a 
Trust Domain (TD). A TD is desinged to run in a CPU mode that protects the
confidentiality of TD memory contents and the TD's CPU state from other
software, including the hosting Virtual-Machine Monitor (VMM), unless
explicitly shared by the TD itself.

There are 2 configurations for TDVF to upstream. See below link for
the definitions of the 2 configurations.
https://edk2.groups.io/g/devel/message/76367

This patch-set is to enable Config-A in OvmfPkg.
 - Merge the *basic* TDVF feature to existing OvmfX64Pkg.dsc. (Align
   with existing SEV)
 - Threat model: VMM is NOT out of TCB. (We don’t make things worse.)
 - The OvmfX64Pkg.dsc includes SEV/TDX/normal OVMF basic boot capability.
   The final binary can run on SEV/TDX/normal OVMF
 - No changes to existing OvmfPkgX64 image layout.
 - No need to add additional security features if they do not exist today
 - No need to remove features if they exist today.
 - RTMR is not supported
 - PEI phase is NOT skipped in either Td or Non-Td

Patch 01 - 33 are changes in SEC phase. Also some libraries in these
patches are workable in SEC/PEI/DXE.

Patch 16 - 29 extract the common codes from OvmfPkg/PlatformPei to a new
PlatformInitLib. After that OvmfPkg/PlatformPei is refactored with this
lib. These 14 patches are currently reviewed in another separate
patch-set. https://edk2.groups.io/g/devel/message/87327

Patch 34 - 39 are changes in PEI phase.

Patch 40 - 44 are changes in DXE phase.

Patch 45 - 47 are for local Apic timer DXE driver.

[TDX]: https://software.intel.com/content/dam/develop/external/us/en/
documents/tdx-whitepaper-final9-17.pdf

[TDX-Module]: https://software.intel.com/content/dam/develop/external/
us/en/documents/tdx-module-1.0-public-spec-v0.931.pdf

[TDVF]: https://software.intel.com/content/dam/develop/external/us/en/
documents/tdx-virtual-firmware-design-guide-rev-1.pdf

[GCHI]: https://software.intel.com/content/dam/develop/external/us/en/
documents/intel-tdx-guest-hypervisor-communication-interface-1.0-344426-002.pdf

Code is at https://github.com/mxu9/edk2/tree/tdvf_wave2.v11

v11 changes:
 - Update MpInitlib based on the review comments. Please see
   https://edk2.groups.io/g/devel/message/88089
 - Update the code base to 3ef2071927fa.

v10 changes:
 - Update MpInitLib based on the review comments. Please see the
   discussion: https://edk2.groups.io/g/devel/message/87902
 - Update the code base to ec0b54849b23.

v9 changes:
 - Move the definition of EFI_RESOURCE_MEMORY_UNACCEPTED from MdePkg
   to OvmfPkg as in internal implementation. Because it has not been
   added in PI spec. After the definition is added in PI spec, it can
   be moved to MdePkg.
 - Add definition of new CPUID leaf 0x21 in
   MdePkg/Include/Register/Intel/Cpuid.h.
 - Use switch-case to hanle VC/VE handling together in
   CpuExceptionHandlerLib.
 - Refactor changes for Tdx guest in MpInitLib.
 - Refine the comments in BaseLib and PlatformInitLib.
 - Other minor updates and changes.

v8 changes:
 - Based on the comments of PlatformInitLib and OvmfPkg/PlatformPei,
   a separte patch-set is created for the changes. It is now under review
   https://edk2.groups.io/g/devel/message/87327
 - Based on the comments, TdCall/TdVmCall/TdIsEnabled is wrapped with
   MDE_CPU_IA32 and MDE_CPU_X64.
 - EFI_RESOURCE_ATTRIBUTE_ENCRYPTED is removed based on the TDVF Spec
   update. Instead EFI_RESOURCE_MEMORY_UNACCEPTED is added to indicate
   the memory which to be accepted in TDVF. The corresponding logic
   of AcceptMemory is updated as well. Please see Patch 31.
 - PcdIa32EferChangeAllowed is deleted. Because for Td guest
   IA32_EFER.NXE is set by default. So we only need check whether it has
   been set before it is to be set again. See Patch 35.
 - Based on comments PcdTdxSharedBitMask is defined in
   [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
 - Delete un-necessary header files in TdxLib.h.
 - Other minor updates and changes.

v7 changes:
 - Based on the comments from last review, 8 PlatformInitLib patches
   are squashed into 4 patches (#17-#20). These 4 patches are not
   related to Tdx guest. Tdx related codes of PlatformInitLib is
   in #21.
 - gUefiOvmfPkgTdxPlatformGuid is renamed as gUefiOvmfPkgPlatformInfoGuid.
   Because this GUID is used not only by Tdx guest, but also by
   Legacy guest.
 - PlatformInitLibNull is deleted.
 - In PlatformPei Pml4Entries is cap at 512 entries when
   mPhysMemAddressWidth > 48.

v7 not-addressed comments
 - Comments in MpInitLib have not been addressed yet. It will be
   addressed in the following version.
 - Thanks much for your understanding.

v6 changes:
 - PlatformInitLib and OvmfPkg/PlatformPei refactoring are covered in
   patch from 

[edk2-devel] [PATCH V11 01/47] MdePkg: Add Tdx.h

[Min Xu]

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

Tdx.h includes the Intel Trust Domain Extension definitions.

Detailed information can be found in below document:
https://software.intel.com/content/dam/develop/external/us/en/
documents/tdx-module-1eas-v0.85.039.pdf

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 
Cc: Gerd Hoffmann 
Cc: Jiewen Yao 
Acked-by: Gerd Hoffmann 
Reviewed-by: Liming Gao 
Signed-off-by: Min Xu 
---
 MdePkg/Include/IndustryStandard/Tdx.h | 203 ++
 1 file changed, 203 insertions(+)
 create mode 100644 MdePkg/Include/IndustryStandard/Tdx.h

diff --git a/MdePkg/Include/IndustryStandard/Tdx.h 
b/MdePkg/Include/IndustryStandard/Tdx.h
new file mode 100644
index ..81df1361842b
--- /dev/null
+++ b/MdePkg/Include/IndustryStandard/Tdx.h
@@ -0,0 +1,203 @@
+/** @file
+  Intel Trust Domain Extension definitions
+  Detailed information is in below document:
+  https://software.intel.com/content/dam/develop/external/us/en/documents
+  /tdx-module-1eas-v0.85.039.pdf
+
+  Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef MDE_PKG_TDX_H_
+#define MDE_PKG_TDX_H_
+
+#define EXIT_REASON_EXTERNAL_INTERRUPT  1
+#define EXIT_REASON_TRIPLE_FAULT2
+
+#define EXIT_REASON_PENDING_INTERRUPT7
+#define EXIT_REASON_NMI_WINDOW   8
+#define EXIT_REASON_TASK_SWITCH  9
+#define EXIT_REASON_CPUID10
+#define EXIT_REASON_HLT  12
+#define EXIT_REASON_INVD 13
+#define EXIT_REASON_INVLPG   14
+#define EXIT_REASON_RDPMC15
+#define EXIT_REASON_RDTSC16
+#define EXIT_REASON_VMCALL   18
+#define EXIT_REASON_VMCLEAR  19
+#define EXIT_REASON_VMLAUNCH 20
+#define EXIT_REASON_VMPTRLD  21
+#define EXIT_REASON_VMPTRST  22
+#define EXIT_REASON_VMREAD   23
+#define EXIT_REASON_VMRESUME 24
+#define EXIT_REASON_VMWRITE  25
+#define EXIT_REASON_VMOFF26
+#define EXIT_REASON_VMON 27
+#define EXIT_REASON_CR_ACCESS28
+#define EXIT_REASON_DR_ACCESS29
+#define EXIT_REASON_IO_INSTRUCTION   30
+#define EXIT_REASON_MSR_READ 31
+#define EXIT_REASON_MSR_WRITE32
+#define EXIT_REASON_INVALID_STATE33
+#define EXIT_REASON_MSR_LOAD_FAIL34
+#define EXIT_REASON_MWAIT_INSTRUCTION36
+#define EXIT_REASON_MONITOR_TRAP_FLAG37
+#define EXIT_REASON_MONITOR_INSTRUCTION  39
+#define EXIT_REASON_PAUSE_INSTRUCTION40
+#define EXIT_REASON_MCE_DURING_VMENTRY   41
+#define EXIT_REASON_TPR_BELOW_THRESHOLD  43
+#define EXIT_REASON_APIC_ACCESS  44
+#define EXIT_REASON_EOI_INDUCED  45
+#define EXIT_REASON_GDTR_IDTR46
+#define EXIT_REASON_LDTR_TR  47
+#define EXIT_REASON_EPT_VIOLATION48
+#define EXIT_REASON_EPT_MISCONFIG49
+#define EXIT_REASON_INVEPT   50
+#define EXIT_REASON_RDTSCP   51
+#define EXIT_REASON_PREEMPTION_TIMER 52
+#define EXIT_REASON_INVVPID  53
+#define EXIT_REASON_WBINVD   54
+#define EXIT_REASON_XSETBV   55
+#define EXIT_REASON_APIC_WRITE   56
+#define EXIT_REASON_RDRAND   57
+#define EXIT_REASON_INVPCID  58
+#define EXIT_REASON_VMFUNC   59
+#define EXIT_REASON_ENCLS60
+#define EXIT_REASON_RDSEED   61
+#define EXIT_REASON_PML_FULL 62
+#define EXIT_REASON_XSAVES   63
+#define EXIT_REASON_XRSTORS  64
+
+// TDCALL API Function Completion Status Codes
+#define TDX_EXIT_REASON_SUCCESS0x
+#define TDX_EXIT_REASON_PAGE_ALREADY_ACCEPTED  0x0B0A
+#define TDX_EXIT_REASON_PAGE_SIZE_MISMATCH 0xCB0B
+#define TDX_EXIT_REASON_OPERAND_INVALID0xC100
+#define TDX_EXIT_REASON_OPERAND_BUSY   0x8200
+
+// TDCALL [TDG.MEM.PAGE.ACCEPT] page size
+#define TDCALL_ACCEPT_PAGE_SIZE_4K  0
+#define TDCALL_ACCEPT_PAGE_SIZE_2M  1
+#define TDCALL_ACCEPT_PAGE_SIZE_1G  2
+
+#define TDCALL_TDVMCALL  0
+#define TDCALL_TDINFO1
+#define TDCALL_TDEXTENDRTMR  2
+#define TDCALL_TDGETVEINFO   3
+#define TDCALL_TDREPORT  4
+#define TDCALL_TDSETCPUIDVE  5
+#define TDCALL_TDACCEPTPAGE  6
+
+#define TDVMCALL_CPUID0xa
+#define TDVMCALL_HALT 0xc
+#define TDVMCALL_IO   0x0001e
+#define TDVMCALL_RDMSR0x0001f
+#define TDVMCALL_WRMSR0x00020
+#define TDVMCALL_MMIO 0x00030
+#define TDVMCALL_PCONFIG  0x00041
+
+#define TDVMCALL_GET_TDVMCALL_INFO   0x1
+#define TDVMCALL_MAPGPA  0x10001
+#define TDVMCALL_GET_QUOTE   0x10002
+#define TDVMCALL_REPORT_FATAL_ERR0x10003
+#define TDVMCALL_SETUP_EVENT_NOTIFY  0x10004
+
+#pragma pack(1)
+typedef struct {
+  UINT64

Re: [edk2-devel] [PATCH V10 14/47] UefiCpuPkg: Enable Tdx support in MpInitLib

[Min Xu]

On March 28, 2022 9:20 AM, Ni Ray wrote:
> All look good! 3 minor comments:
> 1. DxeMpLib.c may not need to include MpIntelTdx.h 2. You may use "ASSERT
> (!ExcludeBsp)" in below code. Otherwise, it may confuse reader that when
> ExcludeBsp is TRUE, SUCCESS is returned when ProcessorCount is 1 which is not
> right.
> 
>   if (CC_GUEST_IS_TDX (PcdGet64 (PcdConfidentialComputingGuestAttr))) {
> if (!ExcludeBsp) {
>   //
>   // Start BSP.
>   //
>   Procedure (ProcedureArgument);
> }
> 
> return EFI_SUCCESS;
>   }
> 
> 3. TdxMpInitLibGetProcessorInfo may not need to call
> GetProcessorLocationByApicId. You can directly set Package/Core/Thread to 0.
> 
Thanks Ray for the comments. They'll be updated in the next version.

Min


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88089): https://edk2.groups.io/g/devel/message/88089
Mute This Topic: https://groups.io/mt/89989222/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v1 27/28] OvmfPkg: Add ProtectedVariable reference

[Boeuf, Sebastien]

Acked-by: Sebastien Boeuf 

On Fri, 2022-03-25 at 16:28 -0700, Judah Vang wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594
> 
> Add reference for ProtectedVariableLib.
> 
> Cc: Jian J Wang 
> Cc: Sebastien Boeuf 
> Cc: Nishant C Mistry 
> Signed-off-by: Judah Vang 
> ---
>  OvmfPkg/CloudHv/CloudHvX64.dsc | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc
> b/OvmfPkg/CloudHv/CloudHvX64.dsc
> index b4d855d80f56..bd9822b8a447 100644
> --- a/OvmfPkg/CloudHv/CloudHvX64.dsc
> +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
> @@ -179,6 +179,7 @@ [LibraryClasses]
>    VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf
>    LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf
>   
> MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSe
> vLib.inf
> + 
> ProtectedVariableLib|MdeModulePkg/Library/ProtectedVariableLibNull/Pr
> otectedVariableLibNull.inf
>  !if $(SMM_REQUIRE) == FALSE
>    LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
>  !endif

-
Intel Corporation SAS (French simplified joint stock company)
Registered headquarters: "Les Montalets"- 2, rue de Paris, 
92196 Meudon Cedex, France
Registration Number:  302 456 199 R.C.S. NANTERRE
Capital: 4,572,000 Euros

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88088): https://edk2.groups.io/g/devel/message/88088
Mute This Topic: https://groups.io/mt/90035402/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-