From cf17156d7d3dc89c8798d600b24110052d6c12fe Mon Sep 17 00:00:00 2001 From: Min Xu Date: Thu, 20 Jan 2022 11:04:17 +0800 Subject: OvmfPkg: Update PlatformPei to support Tdx guest RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429 OvmfPkg/PlatformPei is updated to support Tdx guest. There are below major changes. - Set Tdx related PCDs - Publish Tdx RamRegions In this patch there is another new function BuildPlatformInfoHob (). This function builds EFI_HOB_PLATFORM_INFO which contains the HostBridgeDevId. The hob is built in both Td guest and Non-Td guest. Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Gerd Hoffmann Acked-by: Gerd Hoffmann Reviewed-by: Jiewen Yao Signed-off-by: Min Xu --- OvmfPkg/PlatformPei/FeatureControl.c | 7 ++++- OvmfPkg/PlatformPei/IntelTdx.c | 51 ++++++++++++++++++++++++++++++++++++ OvmfPkg/PlatformPei/MemDetect.c | 13 +++++++-- OvmfPkg/PlatformPei/Platform.c | 13 +++++++++ OvmfPkg/PlatformPei/Platform.h | 19 ++++++++++++++ OvmfPkg/PlatformPei/PlatformPei.inf | 3 +++ 6 files changed, 103 insertions(+), 3 deletions(-) create mode 100644 OvmfPkg/PlatformPei/IntelTdx.c (limited to 'OvmfPkg/PlatformPei') diff --git a/OvmfPkg/PlatformPei/FeatureControl.c b/OvmfPkg/PlatformPei/FeatureControl.c index 9af58c2..5864ee0 100644 --- a/OvmfPkg/PlatformPei/FeatureControl.c +++ b/OvmfPkg/PlatformPei/FeatureControl.c @@ -12,6 +12,7 @@ #include #include #include +#include #include "Platform.h" @@ -37,7 +38,11 @@ WriteFeatureControl ( IN OUT VOID *WorkSpace ) { - AsmWriteMsr64 (MSR_IA32_FEATURE_CONTROL, mFeatureControlValue); + if (TdIsEnabled ()) { + TdVmCall (TDVMCALL_WRMSR, (UINT64)MSR_IA32_FEATURE_CONTROL, mFeatureControlValue, 0, 0, 0); + } else { + AsmWriteMsr64 (MSR_IA32_FEATURE_CONTROL, mFeatureControlValue); + } } /** diff --git a/OvmfPkg/PlatformPei/IntelTdx.c b/OvmfPkg/PlatformPei/IntelTdx.c new file mode 100644 index 0000000..3c1ddbf --- /dev/null +++ b/OvmfPkg/PlatformPei/IntelTdx.c @@ -0,0 +1,51 @@ +/** @file + Initialize Intel TDX support. + + Copyright (c) 2021, Intel Corporation. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "Platform.h" + +/** + This Function checks if TDX is available, if present then it sets + the dynamic PCDs for Tdx guest. + **/ +VOID +IntelTdxInitialize ( + VOID + ) +{ + #ifdef MDE_CPU_X64 + RETURN_STATUS PcdStatus; + + if (!TdIsEnabled ()) { + return; + } + + PcdStatus = PcdSet64S (PcdConfidentialComputingGuestAttr, CCAttrIntelTdx); + ASSERT_RETURN_ERROR (PcdStatus); + + PcdStatus = PcdSet64S (PcdTdxSharedBitMask, TdSharedPageMask ()); + ASSERT_RETURN_ERROR (PcdStatus); + + PcdStatus = PcdSetBoolS (PcdSetNxForStack, TRUE); + ASSERT_RETURN_ERROR (PcdStatus); + #endif +} diff --git a/OvmfPkg/PlatformPei/MemDetect.c b/OvmfPkg/PlatformPei/MemDetect.c index 61d7d30..2e47b13 100644 --- a/OvmfPkg/PlatformPei/MemDetect.c +++ b/OvmfPkg/PlatformPei/MemDetect.c @@ -37,7 +37,6 @@ Module Name: #include #include - #include "Platform.h" VOID @@ -231,7 +230,12 @@ GetPeiMemoryCap ( PdpEntries = 1 << (mPlatformInfoHob.PhysMemAddressWidth - 30); ASSERT (PdpEntries <= 0x200); } else { - Pml4Entries = 1 << (mPlatformInfoHob.PhysMemAddressWidth - 39); + if (mPlatformInfoHob.PhysMemAddressWidth > 48) { + Pml4Entries = 0x200; + } else { + Pml4Entries = 1 << (mPlatformInfoHob.PhysMemAddressWidth - 39); + } + ASSERT (Pml4Entries <= 0x200); PdpEntries = 512; } @@ -354,6 +358,11 @@ InitializeRamRegions ( IN EFI_HOB_PLATFORM_INFO *PlatformInfoHob ) { + if (TdIsEnabled ()) { + PlatformTdxPublishRamRegions (); + return; + } + PlatformQemuInitializeRam (PlatformInfoHob); SevInitializeRam (); diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c index f05aec5..f006755 100644 --- a/OvmfPkg/PlatformPei/Platform.c +++ b/OvmfPkg/PlatformPei/Platform.c @@ -311,6 +311,17 @@ MaxCpuCountInitialization ( } /** + * @brief Builds PlatformInfo Hob + */ +VOID +BuildPlatformInfoHob ( + VOID + ) +{ + BuildGuidDataHob (&gUefiOvmfPkgPlatformInfoGuid, &mPlatformInfoHob, sizeof (EFI_HOB_PLATFORM_INFO)); +} + +/** Perform Platform PEI initialization. @param FileHandle Handle of the file being invoked. @@ -386,7 +397,9 @@ InitializePlatform ( MiscInitialization (&mPlatformInfoHob); } + IntelTdxInitialize (); InstallFeatureControlCallback (); + BuildPlatformInfoHob (); return EFI_SUCCESS; } diff --git a/OvmfPkg/PlatformPei/Platform.h b/OvmfPkg/PlatformPei/Platform.h index 3d14889..29b51b2 100644 --- a/OvmfPkg/PlatformPei/Platform.h +++ b/OvmfPkg/PlatformPei/Platform.h @@ -11,6 +11,7 @@ #include #include +#include extern EFI_HOB_PLATFORM_INFO mPlatformInfoHob; @@ -84,6 +85,24 @@ AmdSevInitialize ( VOID ); +/** + This Function checks if TDX is available, if present then it sets + the dynamic PCDs for Tdx guest. It also builds Guid hob which contains + the Host Bridge DevId. + **/ +VOID +IntelTdxInitialize ( + VOID + ); + +/** + * @brief Builds PlatformInfo Hob + */ +VOID +BuildPlatformInfoHob ( + VOID + ); + VOID SevInitializeRam ( VOID diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf index f6bfc09..00372fa 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -31,6 +31,7 @@ MemTypeInfo.c Platform.c Platform.h + IntelTdx.c [Packages] EmbeddedPkg/EmbeddedPkg.dec @@ -43,6 +44,7 @@ [Guids] gEfiMemoryTypeInformationGuid gFdtHobGuid + gUefiOvmfPkgPlatformInfoGuid [LibraryClasses] BaseLib @@ -111,6 +113,7 @@ gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures + gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask [FixedPcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase -- cgit v1.1