On 4/18/22 23:47, Yao, Jiewen wrote:
Can SEV clear the C-bit in SEC phase?
Not really. IIRC, even if cleared in the SEC phase, the DXE phase replaces
the page tables and it has to be cleared again.
Thanks,
Tom
I think that is right way to ensure PCI Express can always be accessed by
anyone.
-----Original Message-----
From: Xu, Min M <min.m...@intel.com>
Sent: Tuesday, April 19, 2022 12:39 PM
To: Yao, Jiewen <jiewen....@intel.com>; devel@edk2.groups.io
Cc: Brijesh Singh <brijesh.si...@amd.com>; Aktas, Erdem
<erdemak...@google.com>; James Bottomley <j...@linux.ibm.com>; Tom
Lendacky <thomas.lenda...@amd.com>
Subject: RE: [edk2-devel] [PATCH] OvmfPkg: Set PciLib for TdxDxe driver
In AmdSevDxe's entry point it clears the C-bit from PcdPciExpressBaseAddress
and other memory spaces if needed. Please see
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fblob%2Fmaster%2FOvmfPkg%2FAmdSevDxe%2FAmdSev&data=04%7C01%7Cthomas.lendacky%40amd.com%7Cc39c49fd4e944900bdb708da21bfac91%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637859404370071519%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=9sxJnGXyaiHTdIzS%2BTzziBnwTAsKvSLFRMmHT4HGe60%3D&reserved=0
Dxe.c#L81-L95. After that OVMF can use PCI express.
This broken is caused by the call sequence of TdxDxe driver and AmdSevDxe
driver. Currently TdxDxe driver is loaded before AmdSevDxe, so in SEV-ES guest
the C-bit of PcdPciExpressBaseAddress hasn't been cleared. In this situation the
access to PciExpressBaseAddress trigger exceptions (lib constructor in TdxDxe).
There are 2 options to fix this issue.
1. Adjust the load sequence of AmdSevDxe and TdxDxe (Load AmdSevDxe before
TdxDxe)
2. Make TdxDxe to import BasePciLibCf8.inf instead of DxePciLibI440FxQ35.inf
(just like AmdSevDxe)
Tom and I tested above 2 options in SEV and TDX and all work.
-----Original Message-----
From: Yao, Jiewen <jiewen....@intel.com>
Sent: Tuesday, April 19, 2022 12:16 PM
To: Xu, Min M <min.m...@intel.com>; devel@edk2.groups.io
Cc: Brijesh Singh <brijesh.si...@amd.com>; Aktas, Erdem
<erdemak...@google.com>; James Bottomley <j...@linux.ibm.com>; Tom
Lendacky <thomas.lenda...@amd.com>
Subject: RE: [edk2-devel] [PATCH] OvmfPkg: Set PciLib for TdxDxe driver
Do you mean, with SEV introduced, OVMF cannot use PCI express any more?
Thank you
Yao Jiewen
-----Original Message-----
From: Xu, Min M <min.m...@intel.com>
Sent: Tuesday, April 19, 2022 11:05 AM
To: Yao, Jiewen <jiewen....@intel.com>; devel@edk2.groups.io
Cc: Brijesh Singh <brijesh.si...@amd.com>; Aktas, Erdem
<erdemak...@google.com>; James Bottomley <j...@linux.ibm.com>; Tom
Lendacky <thomas.lenda...@amd.com>
Subject: RE: [edk2-devel] [PATCH] OvmfPkg: Set PciLib for TdxDxe
driver
On April 19, 2022 10:54 AM, Yao Jiewen wrote:
Why does TdxDxe call TdxMailbox in an SEV platform?
Or why does TdxMailbox call SynchronizationLib in an SEV platform?
TdxDxe will not call TdxMailbox/SynchronizationLib in SEV platform.
The problem is in the lib constructor. When TdxDxe driver is loaded,
before its entry point is called, the lib constructors will be called even in a
SEV platform.
There are many places we can do CcProbe to stop action. Why we need
do it in DSC?
So we cannot stop the lib constructor with CcProbe in this case.
Thanks
Min
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#89076): https://edk2.groups.io/g/devel/message/89076
Mute This Topic: https://groups.io/mt/90554139/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
