0x00C000|0x001000\r
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize\r
\r
+0x00D000|0x001000\r
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize\r
+\r
+0x00E000|0x001000\r
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidSize\r
+\r
0x010000|0x010000\r
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize\r
\r
FV = DXEFV\r
\r
##########################################################################################\r
-# Set the SEV-ES specific work area PCDs\r
+# Set the SEV-ES specific work area PCDs (used for all forms of SEV since the\r
+# the SEV STATUS MSR is now saved in the work area)\r
#\r
SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase = $(MEMFD_BASE_ADDRESS) + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader\r
SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize = gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize - gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader\r
INF OvmfPkg/SmmAccess/SmmAccessPei.inf\r
!endif\r
INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf\r
+INF FILE_GUID = $(UP_CPU_PEI_GUID) UefiCpuPkg/CpuMpPei/CpuMpPei.inf\r
\r
-!if $(TPM_ENABLE) == TRUE\r
-INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf\r
-INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf\r
-INF SecurityPkg/Tcg/TcgPei/TcgPei.inf\r
-INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf\r
-!endif\r
+!include OvmfPkg/OvmfTpmPei.fdf.inc\r
\r
################################################################################\r
\r
APRIORI DXE {\r
INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf\r
INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf\r
+ # AmdSevDxe must be loaded before TdxDxe. Because in SEV guest AmdSevDxe\r
+ # driver performs a MemEncryptSevClearMmioPageEncMask() call against the\r
+ # PcdPciExpressBaseAddress range to mark it shared/unencrypted.\r
+ # Otherwise #VC handler terminates the guest for trying to do MMIO to an\r
+ # encrypted region (Since the range has not been marked shared/unencrypted).\r
INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf\r
+ INF OvmfPkg/TdxDxe/TdxDxe.inf\r
!if $(SMM_REQUIRE) == FALSE\r
INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf\r
!endif\r
INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf\r
INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf\r
INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf\r
-INF OvmfPkg/8259InterruptControllerDxe/8259.inf\r
INF UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf\r
+\r
INF UefiCpuPkg/CpuDxe/CpuDxe.inf\r
-INF OvmfPkg/8254TimerDxe/8254Timer.inf\r
+INF FILE_GUID = $(UP_CPU_DXE_GUID) UefiCpuPkg/CpuDxe/CpuDxe.inf\r
+\r
+!ifdef $(CSM_ENABLE)\r
+ INF OvmfPkg/8259InterruptControllerDxe/8259.inf\r
+ INF OvmfPkg/8254TimerDxe/8254Timer.inf\r
+!else\r
+ INF OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf\r
+!endif\r
INF OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf\r
INF OvmfPkg/PciHotPlugInitDxe/PciHotPlugInit.inf\r
INF MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridgeDxe.inf\r
INF MdeModulePkg/Application/UiApp/UiApp.inf\r
INF OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf\r
INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf\r
-INF MdeModulePkg/Universal/PrintDxe/PrintDxe.inf\r
INF MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf\r
INF MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf\r
INF MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf\r
INF OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf\r
\r
INF MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf\r
-INF OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpiPlatformDxe.inf\r
+INF OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf\r
INF MdeModulePkg/Universal/Acpi/S3SaveStateDxe/S3SaveStateDxe.inf\r
INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf\r
INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf\r
\r
INF MdeModulePkg/Logo/LogoDxe.inf\r
\r
+INF OvmfPkg/TdxDxe/TdxDxe.inf\r
+\r
#\r
# Network modules\r
#\r
#\r
# TPM support\r
#\r
-!if $(TPM_ENABLE) == TRUE\r
-INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf\r
-INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf\r
-!if $(TPM_CONFIG_ENABLE) == TRUE\r
-INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf\r
-!endif\r
-!endif\r
+!include OvmfPkg/OvmfTpmDxe.fdf.inc\r
\r
################################################################################\r
\r