diff options
author | Ceping Sun <cepingx.sun@intel.com> | 2024-07-02 01:50:10 +0800 |
---|---|---|
committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2024-07-11 03:24:26 +0000 |
commit | 071d2cfab8347e396c8b2709bfb588a18c497bbd (patch) | |
tree | 0f6043f664a17b53beb7dfba209c94b65f4d513d /OvmfPkg/License.txt | |
parent | 0f45be16336035e69bb30761f8cd20ba3b0a3f39 (diff) | |
download | edk2-071d2cfab8347e396c8b2709bfb588a18c497bbd.tar.gz edk2-071d2cfab8347e396c8b2709bfb588a18c497bbd.tar.bz2 edk2-071d2cfab8347e396c8b2709bfb588a18c497bbd.zip |
OvmfPkg/Sec: Skip setup MTRR early in TD-Guest
With the commit ce4c76e (“OvmfPkg/Sec: Setup MTRR early
in the boot process.”), we find an unexpected #VE is triggered
in TD-Guest.
The background of importing the above commit is that:
Before running lzma uncompress of the main firmware volume,
if not correctly set MTRR, that would make the uncompress be
extremely slow.
Detailed discussion info can refer to below links:
https://edk2.groups.io/g/devel/message/114202
https://edk2.groups.io/g/devel/message/114977
Refer to [intel-tdx-module-1.5-base-spec] Section 11.3 and
section11.6.1, CR0.CD is enforced to 0 in TD-Guest.
And refer to section 18.2.1.4, TDX module MTRR emulation
enforces WB in VMM.
Currently the initial MTRR are:
- Td-Guest : MTRR disabled, Type is WB.
- Non-Td-Guest : MTRR disabled, Type is UC.
In DXE phase, OVMF/TDVF would check the MTRR Type for MMIO
(in CpuSetMemoryAttributes -> MtrrGetMemoryAttribute ->
MtrrGetMemoryAttributeworker:
https://github.com/tianocore/edk2/blob/master/UefiCpuPkg/Library/MtrrLib/MtrrLib.c#L929
).
If MTRR is disabled, it always returns UC. Otherwise, it returns
the actual value.
If it checks that the type is not UC then the MTRR is programmed.
It is required to disable cache by setting CR0.CD to 1. That will trigger
an unexpected #VE in TD-Guest.
Based on above analysis we propose to skip "Setup MTRR early" in
TD-Guest because of:
- TD-Guest doesn’t have the issue that lzma uncompress extremely slow.
- This patch will trigger an unexpected #VE in TD-Guest.
intel-tdx-module-1.5-base-spec:
https://cdrdv2.intel.com/v1/dl/getContent/733575
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Diffstat (limited to 'OvmfPkg/License.txt')
0 files changed, 0 insertions, 0 deletions