OvmfPkg: Update PlatformPei to support Tdx guest

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

OvmfPkg/PlatformPei is updated to support Tdx guest. There are below
major changes.
 - Set Tdx related PCDs
 - Publish Tdx RamRegions

In this patch there is another new function BuildPlatformInfoHob ().
This function builds EFI_HOB_PLATFORM_INFO which contains the
HostBridgeDevId. The hob is built in both Td guest and Non-Td guest.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index f3d06411b51b227ff010c1b5c49e409c99805f38..746050d64ba789b29e078ac0966e1efb338ff454 100644 (file)
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -133,6 +133,7 @@
   gGrubFileGuid                         = {0xb5ae312c, 0xbc8a, 0x43b1, {0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}}\r
   gConfidentialComputingSecretGuid      = {0xadf956ad, 0xe98c, 0x484c, {0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}}\r
   gConfidentialComputingSevSnpBlobGuid  = {0x067b1f5f, 0xcf26, 0x44c5, {0x85, 0x54, 0x93, 0xd7, 0x77, 0x91, 0x2d, 0x42}}\r
+  gUefiOvmfPkgPlatformInfoGuid          = {0xdec9b486, 0x1f16, 0x47c7, {0x8f, 0x68, 0xdf, 0x1a, 0x41, 0x88, 0x8b, 0xa5}}\r
 \r
 [Ppis]\r
   # PPI whose presence in the PPI database signals that the TPM base address\r

diff --git a/OvmfPkg/PlatformPei/FeatureControl.c b/OvmfPkg/PlatformPei/FeatureControl.c
index 9af58c2655f88abcf0dfb222f49d7b830c16e03d..5864ee0c214d3223c6e74c8ba6063b5f465c595e 100644 (file)
--- a/OvmfPkg/PlatformPei/FeatureControl.c
+++ b/OvmfPkg/PlatformPei/FeatureControl.c
@@ -12,6 +12,7 @@
 #include <Library/QemuFwCfgLib.h>\r
 #include <Ppi/MpServices.h>\r
 #include <Register/ArchitecturalMsr.h>\r
+#include <IndustryStandard/Tdx.h>\r
 \r
 #include "Platform.h"\r
 \r
@@ -37,7 +38,11 @@ WriteFeatureControl (
   IN OUT VOID  *WorkSpace\r
   )\r
 {\r
-  AsmWriteMsr64 (MSR_IA32_FEATURE_CONTROL, mFeatureControlValue);\r
+  if (TdIsEnabled ()) {\r
+    TdVmCall (TDVMCALL_WRMSR, (UINT64)MSR_IA32_FEATURE_CONTROL, mFeatureControlValue, 0, 0, 0);\r
+  } else {\r
+    AsmWriteMsr64 (MSR_IA32_FEATURE_CONTROL, mFeatureControlValue);\r
+  }\r
 }\r
 \r
 /**\r

diff --git a/OvmfPkg/PlatformPei/IntelTdx.c b/OvmfPkg/PlatformPei/IntelTdx.c
new file mode 100644 (file)
index 0000000..3c1ddbf
--- /dev/null
+++ b/OvmfPkg/PlatformPei/IntelTdx.c
@@ -0,0 +1,51 @@
+/** @file\r
+  Initialize Intel TDX support.\r
+\r
+  Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>\r
+\r
+  SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#include <PiPei.h>\r
+#include <Library/BaseLib.h>\r
+#include <Library/DebugLib.h>\r
+#include <Library/HobLib.h>\r
+#include <Library/BaseMemoryLib.h>\r
+#include <Library/MemoryAllocationLib.h>\r
+#include <IndustryStandard/Tdx.h>\r
+#include <IndustryStandard/QemuFwCfg.h>\r
+#include <Library/QemuFwCfgLib.h>\r
+#include <Library/PeiServicesLib.h>\r
+#include <Library/TdxLib.h>\r
+#include <Library/PlatformInitLib.h>\r
+#include <WorkArea.h>\r
+#include <ConfidentialComputingGuestAttr.h>\r
+#include "Platform.h"\r
+\r
+/**\r
+  This Function checks if TDX is available, if present then it sets\r
+  the dynamic PCDs for Tdx guest.\r
+  **/\r
+VOID\r
+IntelTdxInitialize (\r
+  VOID\r
+  )\r
+{\r
+ #ifdef MDE_CPU_X64\r
+  RETURN_STATUS  PcdStatus;\r
+\r
+  if (!TdIsEnabled ()) {\r
+    return;\r
+  }\r
+\r
+  PcdStatus = PcdSet64S (PcdConfidentialComputingGuestAttr, CCAttrIntelTdx);\r
+  ASSERT_RETURN_ERROR (PcdStatus);\r
+\r
+  PcdStatus = PcdSet64S (PcdTdxSharedBitMask, TdSharedPageMask ());\r
+  ASSERT_RETURN_ERROR (PcdStatus);\r
+\r
+  PcdStatus = PcdSetBoolS (PcdSetNxForStack, TRUE);\r
+  ASSERT_RETURN_ERROR (PcdStatus);\r
+ #endif\r
+}\r

diff --git a/OvmfPkg/PlatformPei/MemDetect.c b/OvmfPkg/PlatformPei/MemDetect.c
index 61d7d3059f7bd1b38155fb9bd4847594843f4f40..2e47b132299042024809b1a1db7a5ba29156a616 100644 (file)
--- a/OvmfPkg/PlatformPei/MemDetect.c
+++ b/OvmfPkg/PlatformPei/MemDetect.c
@@ -37,7 +37,6 @@ Module Name:
 \r
 #include <Library/QemuFwCfgLib.h>\r
 #include <Library/QemuFwCfgSimpleParserLib.h>\r
-\r
 #include "Platform.h"\r
 \r
 VOID\r
@@ -231,7 +230,12 @@ GetPeiMemoryCap (
     PdpEntries  = 1 << (mPlatformInfoHob.PhysMemAddressWidth - 30);\r
     ASSERT (PdpEntries <= 0x200);\r
   } else {\r
-    Pml4Entries = 1 << (mPlatformInfoHob.PhysMemAddressWidth - 39);\r
+    if (mPlatformInfoHob.PhysMemAddressWidth > 48) {\r
+      Pml4Entries = 0x200;\r
+    } else {\r
+      Pml4Entries = 1 << (mPlatformInfoHob.PhysMemAddressWidth - 39);\r
+    }\r
+\r
     ASSERT (Pml4Entries <= 0x200);\r
     PdpEntries = 512;\r
   }\r
@@ -354,6 +358,11 @@ InitializeRamRegions (
   IN EFI_HOB_PLATFORM_INFO  *PlatformInfoHob\r
   )\r
 {\r
+  if (TdIsEnabled ()) {\r
+    PlatformTdxPublishRamRegions ();\r
+    return;\r
+  }\r
+\r
   PlatformQemuInitializeRam (PlatformInfoHob);\r
 \r
   SevInitializeRam ();\r

diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
index f05aec599fcbd820d63f0c4c99649447cafd0294..f006755d5fdb2f6364711bf40b5e2bb12a70c62b 100644 (file)
--- a/OvmfPkg/PlatformPei/Platform.c
+++ b/OvmfPkg/PlatformPei/Platform.c
@@ -310,6 +310,17 @@ MaxCpuCountInitialization (
   ASSERT_RETURN_ERROR (PcdStatus);\r
 }\r
 \r
+/**\r
+ * @brief Builds PlatformInfo Hob\r
+ */\r
+VOID\r
+BuildPlatformInfoHob (\r
+  VOID\r
+  )\r
+{\r
+  BuildGuidDataHob (&gUefiOvmfPkgPlatformInfoGuid, &mPlatformInfoHob, sizeof (EFI_HOB_PLATFORM_INFO));\r
+}\r
+\r
 /**\r
   Perform Platform PEI initialization.\r
 \r
@@ -386,7 +397,9 @@ InitializePlatform (
     MiscInitialization (&mPlatformInfoHob);\r
   }\r
 \r
+  IntelTdxInitialize ();\r
   InstallFeatureControlCallback ();\r
+  BuildPlatformInfoHob ();\r
 \r
   return EFI_SUCCESS;\r
 }\r

diff --git a/OvmfPkg/PlatformPei/Platform.h b/OvmfPkg/PlatformPei/Platform.h
index 3d148893401a2a8c1dee4d84c775eb797c0141f4..29b51b2debd8b5def3601a7659b42691e86a5610 100644 (file)
--- a/OvmfPkg/PlatformPei/Platform.h
+++ b/OvmfPkg/PlatformPei/Platform.h
@@ -11,6 +11,7 @@
 \r
 #include <IndustryStandard/E820.h>\r
 #include <Library/PlatformInitLib.h>\r
+#include <IndustryStandard/IntelTdx.h>\r
 \r
 extern EFI_HOB_PLATFORM_INFO  mPlatformInfoHob;\r
 \r
@@ -84,6 +85,24 @@ AmdSevInitialize (
   VOID\r
   );\r
 \r
+/**\r
+  This Function checks if TDX is available, if present then it sets\r
+  the dynamic PCDs for Tdx guest. It also builds Guid hob which contains\r
+  the Host Bridge DevId.\r
+  **/\r
+VOID\r
+IntelTdxInitialize (\r
+  VOID\r
+  );\r
+\r
+/**\r
+ * @brief Builds PlatformInfo Hob\r
+ */\r
+VOID\r
+BuildPlatformInfoHob (\r
+  VOID\r
+  );\r
+\r
 VOID\r
 SevInitializeRam (\r
   VOID\r

diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
index f6bfc09c2dd5023670b19db5581024698c6e1258..00372fa0ebb5def61873b9c088550a5a8de72f1c 100644 (file)
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -31,6 +31,7 @@
   MemTypeInfo.c\r
   Platform.c\r
   Platform.h\r
+  IntelTdx.c\r
 \r
 [Packages]\r
   EmbeddedPkg/EmbeddedPkg.dec\r
@@ -43,6 +44,7 @@
 [Guids]\r
   gEfiMemoryTypeInformationGuid\r
   gFdtHobGuid\r
+  gUefiOvmfPkgPlatformInfoGuid\r
 \r
 [LibraryClasses]\r
   BaseLib\r
@@ -111,6 +113,7 @@
   gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled\r
   gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr\r
   gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures\r
+  gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask\r
 \r
 [FixedPcd]\r
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase\r