]> git.proxmox.com Git - mirror_edk2.git/blobdiff - OvmfPkg/OvmfPkgX64.fdf
projects / mirror_edk2.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
OvmfPkg: Make an Ia32/X64 hybrid build work with SEV
[mirror_edk2.git] / OvmfPkg / OvmfPkgX64.fdf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index b6cc3cabdd692363ec07ea60f0c160da07090bc1..438806fba8f1acb30f8698171636e68785ec338f 100644 (file)
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -88,6 +88,12 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvm
 0x00C000|0x001000\r
 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize\r
 \r
+0x00D000|0x001000\r
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize\r
+\r
+0x00E000|0x001000\r
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidSize\r
+\r
 0x010000|0x010000\r
 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize\r
 \r
@@ -100,7 +106,8 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvm
 FV = DXEFV\r
 \r
 ##########################################################################################\r
-# Set the SEV-ES specific work area PCDs\r
+# Set the SEV-ES specific work area PCDs (used for all forms of SEV since the\r
+# the SEV STATUS MSR is now saved in the work area)\r
 #\r
 SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase = $(MEMFD_BASE_ADDRESS) +  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader\r
 SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize = gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize - gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader\r
@@ -179,14 +186,9 @@ INF  MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
 INF  OvmfPkg/SmmAccess/SmmAccessPei.inf\r
 !endif\r
 INF  UefiCpuPkg/CpuMpPei/CpuMpPei.inf\r
+INF  FILE_GUID = $(UP_CPU_PEI_GUID) UefiCpuPkg/CpuMpPei/CpuMpPei.inf\r
 \r
-!if $(TPM_ENABLE) == TRUE\r
-INF  OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf\r
-INF  OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf\r
-INF  SecurityPkg/Tcg/TcgPei/TcgPei.inf\r
-INF  SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf\r
-INF  SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf\r
-!endif\r
+!include OvmfPkg/OvmfTpmPei.fdf.inc\r
 \r
 ################################################################################\r
 \r
@@ -214,7 +216,13 @@ READ_LOCK_STATUS   = TRUE
 APRIORI DXE {\r
   INF  MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf\r
   INF  MdeModulePkg/Universal/PCD/Dxe/Pcd.inf\r
+  # AmdSevDxe must be loaded before TdxDxe. Because in SEV guest AmdSevDxe\r
+  # driver performs a MemEncryptSevClearMmioPageEncMask() call against the\r
+  # PcdPciExpressBaseAddress range to mark it shared/unencrypted.\r
+  # Otherwise #VC handler terminates the guest for trying to do MMIO to an\r
+  # encrypted region (Since the range has not been marked shared/unencrypted).\r
   INF  OvmfPkg/AmdSevDxe/AmdSevDxe.inf\r
+  INF  OvmfPkg/TdxDxe/TdxDxe.inf\r
 !if $(SMM_REQUIRE) == FALSE\r
   INF  OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf\r
 !endif\r
@@ -232,10 +240,17 @@ INF  MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
 INF  MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf\r
 INF  MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf\r
 INF  MdeModulePkg/Universal/EbcDxe/EbcDxe.inf\r
-INF  OvmfPkg/8259InterruptControllerDxe/8259.inf\r
 INF  UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf\r
+\r
 INF  UefiCpuPkg/CpuDxe/CpuDxe.inf\r
-INF  OvmfPkg/8254TimerDxe/8254Timer.inf\r
+INF  FILE_GUID = $(UP_CPU_DXE_GUID) UefiCpuPkg/CpuDxe/CpuDxe.inf\r
+\r
+!ifdef $(CSM_ENABLE)\r
+  INF  OvmfPkg/8259InterruptControllerDxe/8259.inf\r
+  INF  OvmfPkg/8254TimerDxe/8254Timer.inf\r
+!else\r
+  INF  OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf\r
+!endif\r
 INF  OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf\r
 INF  OvmfPkg/PciHotPlugInitDxe/PciHotPlugInit.inf\r
 INF  MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridgeDxe.inf\r
@@ -275,7 +290,6 @@ INF  MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
 INF  MdeModulePkg/Application/UiApp/UiApp.inf\r
 INF  OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf\r
 INF  MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf\r
-INF  MdeModulePkg/Universal/PrintDxe/PrintDxe.inf\r
 INF  MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf\r
 INF  MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf\r
 INF  MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf\r
@@ -301,7 +315,7 @@ INF  MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf
 INF  OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf\r
 \r
 INF  MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf\r
-INF  OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpiPlatformDxe.inf\r
+INF  OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf\r
 INF  MdeModulePkg/Universal/Acpi/S3SaveStateDxe/S3SaveStateDxe.inf\r
 INF  MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf\r
 INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf\r
@@ -319,6 +333,8 @@ INF  ShellPkg/Application/Shell/Shell.inf
 \r
 INF MdeModulePkg/Logo/LogoDxe.inf\r
 \r
+INF OvmfPkg/TdxDxe/TdxDxe.inf\r
+\r
 #\r
 # Network modules\r
 #\r
@@ -387,14 +403,7 @@ INF  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
 #\r
 # TPM support\r
 #\r
-!if $(TPM_ENABLE) == TRUE\r
-INF  SecurityPkg/Tcg/TcgDxe/TcgDxe.inf\r
-INF  SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf\r
-INF  SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf\r
-!if $(TPM_CONFIG_ENABLE) == TRUE\r
-INF  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf\r
-!endif\r
-!endif\r
+!include OvmfPkg/OvmfTpmDxe.fdf.inc\r
 \r
 ################################################################################\r
 \r
EFI Development Kit II mirror for PVE