OvmfPkg/PlatformInitLib: Reserve Sec Page Tables in TDVF

In the system boot phase, if OS postpone onlining some CPU
until later, the sec page tables could be overwritten.

So, TDVF needs to reserve the initial page tables that would be
used by APs on Mailbox wakeup.

Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Cc: Kirill A Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>

1 files changed, 12 insertions, 0 deletions

diff --git a/OvmfPkg/Library/PlatformInitLib/IntelTdx.c b/OvmfPkg/Library/PlatformInitLib/IntelTdx.c
index e561cee30b..12e4501c5b 100644
--- a/OvmfPkg/Library/PlatformInitLib/IntelTdx.c
+++ b/OvmfPkg/Library/PlatformInitLib/IntelTdx.c
@@ -154,6 +154,18 @@ PlatformTdxPublishRamRegions (
   TransferTdxHobList ();

 

   //

+  // Reserve the initial page tables built by the reset vector code.

+  //

+  // Since this memory range will be used by APs on Mailbox

+  // wakeup, it must be reserved as ACPI NVS.

+  //

+  BuildMemoryAllocationHob (

+    (EFI_PHYSICAL_ADDRESS)(UINTN)PcdGet32 (PcdOvmfSecPageTablesBase),

+    (UINT64)(UINTN)PcdGet32 (PcdOvmfSecPageTablesSize),

+    EfiACPIMemoryNVS

+    );

+

+  //

   // The memory region defined by PcdOvmfSecGhcbBackupBase is pre-allocated by

   // host VMM and used as the td mailbox at the beginning of system boot.

   //