summaryrefslogtreecommitdiffstats
path: root/OvmfPkg
diff options
context:
space:
mode:
authorCeping Sun <cepingx.sun@intel.com>2024-07-02 01:50:10 +0800
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>2024-07-11 03:24:26 +0000
commit071d2cfab8347e396c8b2709bfb588a18c497bbd (patch)
tree0f6043f664a17b53beb7dfba209c94b65f4d513d /OvmfPkg
parent0f45be16336035e69bb30761f8cd20ba3b0a3f39 (diff)
downloadedk2-071d2cfab8347e396c8b2709bfb588a18c497bbd.tar.gz
edk2-071d2cfab8347e396c8b2709bfb588a18c497bbd.tar.bz2
edk2-071d2cfab8347e396c8b2709bfb588a18c497bbd.zip
OvmfPkg/Sec: Skip setup MTRR early in TD-Guest
With the commit ce4c76e (“OvmfPkg/Sec: Setup MTRR early in the boot process.”), we find an unexpected #VE is triggered in TD-Guest. The background of importing the above commit is that: Before running lzma uncompress of the main firmware volume, if not correctly set MTRR, that would make the uncompress be extremely slow. Detailed discussion info can refer to below links: https://edk2.groups.io/g/devel/message/114202 https://edk2.groups.io/g/devel/message/114977 Refer to [intel-tdx-module-1.5-base-spec] Section 11.3 and section11.6.1, CR0.CD is enforced to 0 in TD-Guest. And refer to section 18.2.1.4, TDX module MTRR emulation enforces WB in VMM. Currently the initial MTRR are: - Td-Guest : MTRR disabled, Type is WB. - Non-Td-Guest : MTRR disabled, Type is UC. In DXE phase, OVMF/TDVF would check the MTRR Type for MMIO (in CpuSetMemoryAttributes -> MtrrGetMemoryAttribute -> MtrrGetMemoryAttributeworker: https://github.com/tianocore/edk2/blob/master/UefiCpuPkg/Library/MtrrLib/MtrrLib.c#L929 ). If MTRR is disabled, it always returns UC. Otherwise, it returns the actual value. If it checks that the type is not UC then the MTRR is programmed. It is required to disable cache by setting CR0.CD to 1. That will trigger an unexpected #VE in TD-Guest. Based on above analysis we propose to skip "Setup MTRR early" in TD-Guest because of: - TD-Guest doesn’t have the issue that lzma uncompress extremely slow. - This patch will trigger an unexpected #VE in TD-Guest. intel-tdx-module-1.5-base-spec: https://cdrdv2.intel.com/v1/dl/getContent/733575 Cc: Erdem Aktas <erdemaktas@google.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Diffstat (limited to 'OvmfPkg')
-rw-r--r--OvmfPkg/IntelTdx/Sec/SecMain.c12
-rw-r--r--OvmfPkg/Sec/SecMain.c15
2 files changed, 27 insertions, 0 deletions
diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.c b/OvmfPkg/IntelTdx/Sec/SecMain.c
index 95a31af029..7f2d28af95 100644
--- a/OvmfPkg/IntelTdx/Sec/SecMain.c
+++ b/OvmfPkg/IntelTdx/Sec/SecMain.c
@@ -68,6 +68,18 @@ SecMtrrSetup (
return;
}
+ if (CcProbe () == CcGuestTypeIntelTdx) {
+ //
+ // According to TDX Spec, the default MTRR type is enforced to WB
+ // and CR0.CD is enforced to 0.
+ // The TD guest has to disable MTRR otherwise it tries to
+ // program MTRRs to disable caching. CR0.CD=1 results in the
+ // unexpected #VE.
+ //
+ DEBUG ((DEBUG_INFO, "%a: Skip TD-Guest\n", __func__));
+ return;
+ }
+
DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE);
DefType.Bits.Type = MSR_IA32_MTRR_CACHE_WRITE_BACK;
DefType.Bits.E = 1; /* enable */
diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
index c1c08a947a..d13a948509 100644
--- a/OvmfPkg/Sec/SecMain.c
+++ b/OvmfPkg/Sec/SecMain.c
@@ -764,6 +764,21 @@ SecMtrrSetup (
return;
}
+ #if defined (TDX_GUEST_SUPPORTED)
+ if (CcProbe () == CcGuestTypeIntelTdx) {
+ //
+ // According to TDX Spec, the default MTRR type is enforced to WB
+ // and CR0.CD is enforced to 0.
+ // The TD guest has to disable MTRR otherwise it tries to
+ // program MTRRs to disable caching. CR0.CD=1 results in the
+ // unexpected #VE.
+ //
+ DEBUG ((DEBUG_INFO, "%a: Skip TD-Guest\n", __func__));
+ return;
+ }
+
+ #endif
+
DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE);
DefType.Bits.Type = MSR_IA32_MTRR_CACHE_WRITE_BACK;
DefType.Bits.E = 1; /* enable */