[edk2-devel] [PATCH V6 1/1] OvmfPkg: Enable TDX in ResetVector

Brijesh Singh via groups.io brijesh.singh=amd.com at groups.io
Fri Sep 17 15:52:29 UTC 2021 

Hi Min,

On 9/17/21 7:55 AM, Xu, Min M wrote:
...

> 
> As I mentioned in my last mail, in the beginning I missed the limitation of smsw.
> So I update the code (ResetVectorVtf0.asm) as below using mov CRx.
>                                                            <1> BITS 16
>     176 00000800 0F20C0              <1>     mov   eax, cr0    <-- previously it was smsw
>     177 00000803 A801                  <1>     test    al, 1
>     178 00000805 7405                  <1>     jz       .Real
>     179                                               <1> BITS 32
>     180 00000807 E951FFFFFF      <1>     jmp   Main32
>     181                                               <1> BITS 16
>     182                                               <1> .Real:
>     183 0000080C E939FF              <1>     jmp   EarlyBspInitReal16
> 
> I test the code in a AMD SEV server and try to launch a SEV guest. This time it stuck at the *mov eax, cr0*.
> I am curious if *mov eax, cr0* works in real mode in a SEV guest?
> I also test the code in a legacy vm guest and td guest, all passed.
> Did I miss something?
> 
> I followed https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FAMDESE%2FAMDSEV&data=04%7C01%7Cbrijesh.singh%40amd.com%7C735127b019a14c43ed7008d979da674c%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637674801211043868%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=8jElJRmB0dVBe0vfhMLCdwZsUqbi6DKhmAA16pbtGnc%3D&reserved=0 to set up the AMD SEV environment and successfully launched SEV guest with the OVMF image.
> 

Hmm, I am not aware of any limitation w.r.t encrypted VMs. I just added 
the below code in my branch and I do not see any issues, my SEV, SEV-ES 
and SEV-SNP all are able to boot fine. And KVM trace confirms that code 
it read

diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm 
b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
index f0e509d0672e..98e34332b04c 100644
--- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
+++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
@@ -175,9 +175,21 @@ resetVector:
  ;
  ; This is where the processor will begin execution
  ;
+%ifdef ARCH_IA32
      nop
      nop
      jmp     EarlyBspInitReal16
+%else
+    mov     eax, cr0
+    test    al, 1
+    jz      .Real
+BITS 32
+    hlt
+    ;jmp     Main32
+BITS 16
+.Real:
+    jmp     EarlyBspInitReal16
+%endif

  ALIGN   16


And KVM trace:

kvm_exit: vcpu 0 reason npf rip 0xfff0 info1 0x0000000500000014 info2 
0x00000000fffff000 intr_info 0x00000000 error_code 0x00000000
kvm_page_fault: address fffff000 error_code 500000014
kvm_entry: vcpu 0, rip 0xfff0
kvm_exit: vcpu 0 reason read_cr0 rip 0xfff0 info1 0x8000000000000000 
info2 0x0000000000000000 intr_info 0x00000000 error_code 0x00000000
kvm_cr: cr_read 0 = 0x60000010
kvm_entry: vcpu 0, rip 0xfff3

As we can see from the kvm trace, the first instruction here is the Cr0 
read and it was successfully intercepted and rip moved to next instruction.

Can you please provide me KVM trace for your failure case ? Also, 
provide me the output of "lscpu" and "dmesg" from the host.

thanks


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#80845): https://edk2.groups.io/g/devel/message/80845
Mute This Topic: https://groups.io/mt/85597386/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list