[edk2-devel] [Patch V3 03/11] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry

Gerd Hoffmann kraxel at redhat.com
Mon Apr 24 09:54:54 UTC 2023 

On Fri, Apr 21, 2023 at 09:26:44AM -0500, Tom Lendacky wrote:
> On 4/21/23 03:36, Dun Tan wrote:
> > Remove code that apply AddressEncMask to non-leaf entry when split
> > smm page table by MemEncryptSevLib. In FvbServicesSmm driver, it
> > calls MemEncryptSevClearMmioPageEncMask to clear AddressEncMask
> > bit in page table for a specific range. In AMD SEV feature, this
> > AddressEncMask bit in page table is used to indicate if the memory
> > is guest private memory or shared memory. But all memory used by
> > page table are treated as encrypted regardless of encryption bit.
> > So remove the EncMask bit for smm non-leaf page table entry
> > doesn't impact AMD SEV feature.
> > If page split happens in the AddressEncMask bit clear process,
> > there will be some new non-leaf entries with AddressEncMask
> > applied in smm page table. When ReadyToLock, code in PiSmmCpuDxe
> > module will use CpuPageTableLib to modify smm page table. So
> > remove code to apply AddressEncMask for new non-leaf entries
> > since CpuPageTableLib doesn't consume the EncMask PCD.
> 
> I'm really not a fan of removing the encryption mask, because technically it
> is correct to have it present in non-leaf entries. I really think the
> pagetable library should be able to work correctly with or without the
> encryption mask.

Agree.  We have a bunch of custom page page code in TDX and SEV support
libraries.  See here:

 - Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
 - Library/BaseMemEncryptTdxLib/MemoryEncryption.c
 - Library/PeilessStartupLib/X64/VirtualMemory.c

I'd like to see those switched over to use the pagetable library, and
that probably requires support for the tdx/sev specific page table bits.

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#103463): https://edk2.groups.io/g/devel/message/103463
Mute This Topic: https://groups.io/mt/98406586/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list