diff options
Diffstat (limited to 'OvmfPkg/IntelTdx')
| -rw-r--r-- | OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 | ||||
| -rw-r--r-- | OvmfPkg/IntelTdx/IntelTdxX64.fdf | 2 | ||||
| -rw-r--r-- | OvmfPkg/IntelTdx/README.md | 4 | ||||
| -rw-r--r-- | OvmfPkg/IntelTdx/Sec/SecMain.c | 44 |
4 files changed, 48 insertions, 4 deletions
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc index 0931ce061a..fc1332598e 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -635,7 +635,6 @@ OvmfPkg/Virtio10Dxe/Virtio10.inf
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
!if $(PVSCSI_ENABLE) == TRUE
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
!endif
@@ -718,6 +717,7 @@ MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
!include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf index ce5d542048..88d0f75ae2 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf +++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf @@ -285,7 +285,6 @@ READ_LOCK_STATUS = TRUE #
INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
!if $(PVSCSI_ENABLE) == TRUE
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
!endif
@@ -326,6 +325,7 @@ INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf INF OvmfPkg/PlatformDxe/Platform.inf
!include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
################################################################################
diff --git a/OvmfPkg/IntelTdx/README.md b/OvmfPkg/IntelTdx/README.md index c168167c12..6e13c1748e 100644 --- a/OvmfPkg/IntelTdx/README.md +++ b/OvmfPkg/IntelTdx/README.md @@ -61,8 +61,8 @@ Build cd /path/to/edk2
source edksetup.sh
-## without CC_MEASUREMENT enabled
-build -p OvmfPkg/OvmfPkgX64.dsc -a X64 -t GCC5 -b RELEASE
+## CC_MEASUREMENT disabled
+build -p OvmfPkg/OvmfPkgX64.dsc -a X64 -t GCC5 -D CC_MEASUREMENT_ENABLE=FALSE -b RELEASE
## CC_MEASUREMENT enabled
build -p OvmfPkg/OvmfPkgX64.dsc -a X64 -t GCC5 -D CC_MEASUREMENT_ENABLE=TRUE -b RELEASE
diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.c b/OvmfPkg/IntelTdx/Sec/SecMain.c index 4e750755bf..7f2d28af95 100644 --- a/OvmfPkg/IntelTdx/Sec/SecMain.c +++ b/OvmfPkg/IntelTdx/Sec/SecMain.c @@ -26,6 +26,8 @@ #include <Library/TdxHelperLib.h>
#include <Library/CcProbeLib.h>
#include <Library/PeilessStartupLib.h>
+#include <Register/Intel/ArchitecturalMsr.h>
+#include <Register/Intel/Cpuid.h>
#define SEC_IDT_ENTRY_COUNT 34
@@ -47,6 +49,43 @@ IA32_IDT_GATE_DESCRIPTOR mIdtEntryTemplate = { }
};
+//
+// Enable MTRR early, set default type to write back.
+// Needed to make sure caching is enabled,
+// without this lzma decompress can be very slow.
+//
+STATIC
+VOID
+SecMtrrSetup (
+ VOID
+ )
+{
+ CPUID_VERSION_INFO_EDX Edx;
+ MSR_IA32_MTRR_DEF_TYPE_REGISTER DefType;
+
+ AsmCpuid (CPUID_VERSION_INFO, NULL, NULL, NULL, &Edx.Uint32);
+ if (!Edx.Bits.MTRR) {
+ return;
+ }
+
+ if (CcProbe () == CcGuestTypeIntelTdx) {
+ //
+ // According to TDX Spec, the default MTRR type is enforced to WB
+ // and CR0.CD is enforced to 0.
+ // The TD guest has to disable MTRR otherwise it tries to
+ // program MTRRs to disable caching. CR0.CD=1 results in the
+ // unexpected #VE.
+ //
+ DEBUG ((DEBUG_INFO, "%a: Skip TD-Guest\n", __func__));
+ return;
+ }
+
+ DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE);
+ DefType.Bits.Type = MSR_IA32_MTRR_CACHE_WRITE_BACK;
+ DefType.Bits.E = 1; /* enable */
+ AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64);
+}
+
VOID
EFIAPI
SecCoreStartupWithStack (
@@ -203,6 +242,11 @@ SecCoreStartupWithStack ( InitializeApicTimer (0, MAX_UINT32, TRUE, 5);
DisableApicTimerInterrupt ();
+ //
+ // Initialize MTRR
+ //
+ SecMtrrSetup ();
+
PeilessStartup (&SecCoreData);
ASSERT (FALSE);
|