From fd306d1dbc36d10f744306e92366d73273c82c8f Mon Sep 17 00:00:00 2001 From: Min Xu Date: Wed, 8 Dec 2021 20:54:26 +0800 Subject: [PATCH] MdeModulePkg: Add PcdTdxSharedBitMask RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429 Guest Physical Address (GPA) space in Td guest is divided into private and shared sub-spaces, determined by the SHARED bit of GPA. This PCD holds the shared bit mask. Its default value is 0 and it will be set in PlatformPei driver if it is of Td guest. Cc: Jian J Wang Cc: Hao A Wu Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Gerd Hoffmann Acked-by: Gerd Hoffmann Reviewed-by: Jian J Wang Reviewed-by: Jiewen Yao Signed-off-by: Min Xu --- MdeModulePkg/MdeModulePkg.dec | 4 ++++ OvmfPkg/AmdSev/AmdSevX64.dsc | 3 +++ OvmfPkg/Bhyve/BhyveX64.dsc | 3 +++ OvmfPkg/CloudHv/CloudHvX64.dsc | 3 +++ OvmfPkg/Microvm/MicrovmX64.dsc | 3 +++ OvmfPkg/OvmfPkgIa32.dsc | 3 +++ OvmfPkg/OvmfPkgIa32X64.dsc | 1 + OvmfPkg/OvmfPkgX64.dsc | 3 +++ OvmfPkg/OvmfXen.dsc | 3 +++ 9 files changed, 26 insertions(+) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 40601c9583..cf79292ec8 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -2083,6 +2083,10 @@ # @Prompt Enable PCIe Resizable BAR Capability support. gEfiMdeModulePkgTokenSpaceGuid.PcdPcieResizableBarSupport|FALSE|BOOLEAN|0x10000024 + ## This PCD holds the shared bit mask for page table entries when Tdx is enabled. + # @Prompt The shared bit mask when Intel Tdx is enabled. + gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0|UINT64|0x10000025 + [PcdsPatchableInModule] ## Specify memory size with page number for PEI code when # Loading Module at Fixed Address feature is enabled. diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index c173a72134..dda98aa43b 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -558,6 +558,9 @@ # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + # Set Tdx shared bit mask + gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 + # Set SEV-ES defaults gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc index 656e407473..0daae82d67 100644 --- a/OvmfPkg/Bhyve/BhyveX64.dsc +++ b/OvmfPkg/Bhyve/BhyveX64.dsc @@ -550,6 +550,9 @@ # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + # Set Tdx shared bit mask + gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 + gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 # MdeModulePkg resolution sets up the system display resolution diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc index c307f1cc75..1732f281b4 100644 --- a/OvmfPkg/CloudHv/CloudHvX64.dsc +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc @@ -603,6 +603,9 @@ # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + # Set Tdx shared bit mask + gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 + # Set SEV-ES defaults gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc index 0eac0c02c6..cde90f5235 100644 --- a/OvmfPkg/Microvm/MicrovmX64.dsc +++ b/OvmfPkg/Microvm/MicrovmX64.dsc @@ -592,6 +592,9 @@ # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + # Set Tdx shared bit mask + gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 + # Set SEV-ES defaults gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 8f02dca638..01a26c234a 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -618,6 +618,9 @@ # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + # Set Tdx shared bit mask + gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 + # Set SEV-ES defaults gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 98a6748c62..bf08e893e0 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -631,6 +631,7 @@ # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 # Set SEV-ES defaults gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 2df5b29996..3092036bb7 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -642,6 +642,9 @@ # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + # Set Tdx shared bit mask + gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 + # Set SEV-ES defaults gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc index aa27e2256a..470c8cfe4d 100644 --- a/OvmfPkg/OvmfXen.dsc +++ b/OvmfPkg/OvmfXen.dsc @@ -495,6 +495,9 @@ # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + # Set Tdx shared bit mask + gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 + gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 ################################################################################ -- 2.39.2