rpms/edk2
6
0
Fork 0
Code Issues Pull Requests Releases Activity

* Mon Oct 20 2025 Jon Maloy <jmaloy@redhat.com> - 20241117-5

Browse Source 
- edk2-MdePkg-Acpi66.h-Add-ACPI-6.6-header.patch [RHEL-109010]
- edk2-OvmfPkg-WorkArea.h-Add-MAILBOX_GDT.patch [RHEL-109010]
- edk2-OvmfPkg-Add-the-Test-command-in-TDX-MailBox.patch [RHEL-109010]
- edk2-OvmfPkg-Add-the-ResetVector-in-TDX-MailBox.patch [RHEL-109010]
- edk2-OvmfPkg-TdxDxe-Support-5-level-paging-for-ResetVecto.patch [RHEL-109010]
- edk2-OvmfPkg-IoMmuDxe-Fix-1M-and-2M-buffer-handling.patch [RHEL-69780]
- Resolves: RHEL-109010
  (TD guest dmesg reports ACPI BIOS Warning (bug): Incorrect checksum in table [APIC] - 0x29)
- Resolves: RHEL-69780
  (Fail to create AMD SEV SLES 15 SP4 guest via virt-install --cdrom [rhel-9.8])
This commit is contained in:
Jon Maloy 2025-10-20 18:51:11 -04:00
parent 995ede3339
commit 47bbb1076c
7 changed files with 4102 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3412
edk2-MdePkg-Acpi66.h-Add-ACPI-6.6-header.patch Normal file
View File

File diff suppressed because it is too large Load Diff

362
edk2-OvmfPkg-Add-the-ResetVector-in-TDX-MailBox.patch Normal file
View File

@ -0,0 +1,362 @@
From 05a792b1f976fb2befa6e5f3c90d94b361e4b8c2 Mon Sep 17 00:00:00 2001
From: Ceping Sun <cepingx.sun@intel.com>
Date: Thu, 30 Nov 2023 21:00:32 -0500
Subject: [PATCH 4/6] OvmfPkg: Add the ResetVector in TDX MailBox
RH-Author: Luigi Leonardi <None>
RH-MergeRequest: 95: Fix ACPI warning due to incorrect checksum
RH-Jira: RHEL-109010
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [4/5] 72a7c05c87f8f4e8ae78b2026918e7ddeea05c15 (luigileonardi/edk2)
Base on ACPI 6.6 Multiprocessor Wakeup Structure, TDVF needs to provide
a physical address of the ResetVector to OS. And it should allow the
Multiprocessor Wakeup Mailbox to be reset in order to be used once again
with a given AP.
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Reviewed-by: Min Xu <min.m.xu@intel.com>
Tested-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
---
OvmfPkg/Include/IndustryStandard/IntelTdx.h | 1 +
OvmfPkg/Library/PlatformInitLib/IntelTdx.c | 5 +-
OvmfPkg/TdxDxe/TdxAcpiTable.c | 63 ++++++++++--
OvmfPkg/TdxDxe/TdxAcpiTable.h | 4 +-
OvmfPkg/TdxDxe/TdxDxe.inf | 4 +
OvmfPkg/TdxDxe/X64/ApRunLoop.nasm | 100 +++++++++++++++++++-
6 files changed, 167 insertions(+), 10 deletions(-)
diff --git a/OvmfPkg/Include/IndustryStandard/IntelTdx.h b/OvmfPkg/Include/IndustryStandard/IntelTdx.h
index 1151f9edd5..e80688c459 100644
--- a/OvmfPkg/Include/IndustryStandard/IntelTdx.h
+++ b/OvmfPkg/Include/IndustryStandard/IntelTdx.h
@@ -63,6 +63,7 @@ typedef struct {
typedef struct {
UINT8 *RelocateApLoopFuncAddress;
UINTN RelocateApLoopFuncSize;
+ UINT8 *RelocateApResetVector;
} MP_RELOCATION_MAP;
#pragma pack()
diff --git a/OvmfPkg/Library/PlatformInitLib/IntelTdx.c b/OvmfPkg/Library/PlatformInitLib/IntelTdx.c
index 12e4501c5b..c3e08d8812 100644
--- a/OvmfPkg/Library/PlatformInitLib/IntelTdx.c
+++ b/OvmfPkg/Library/PlatformInitLib/IntelTdx.c
@@ -186,10 +186,13 @@ PlatformTdxPublishRamRegions (
// work area. We ought to prevent DXE from serving allocation requests
// such that they would overlap the work area.
//
+ // Since this memory range will be used by the Reset Vector on Maibox
+ // wakeup again, it must be reserved as ACPI NVS.
+ //
BuildMemoryAllocationHob (
(EFI_PHYSICAL_ADDRESS)(UINTN)FixedPcdGet32 (PcdOvmfWorkAreaBase),
(UINT64)(UINTN)FixedPcdGet32 (PcdOvmfWorkAreaSize),
- EfiBootServicesData
+ EfiACPIMemoryNVS
);
}
}
diff --git a/OvmfPkg/TdxDxe/TdxAcpiTable.c b/OvmfPkg/TdxDxe/TdxAcpiTable.c
index d6d6975e56..4f62d7d729 100644
--- a/OvmfPkg/TdxDxe/TdxAcpiTable.c
+++ b/OvmfPkg/TdxDxe/TdxAcpiTable.c
@@ -28,6 +28,43 @@
#include <Uefi.h>
#include <TdxAcpiTable.h>
+IA32_SEGMENT_DESCRIPTOR mGdtEntries[] = {
+ {
+ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }
+ }, /* 0x0: reserve */
+ {
+ { 0xFFFF, 0, 0, 0xB, 1, 0, 1, 0xF, 0, 0, 1, 1, 0 }
+ }, /* 0x8: compatibility mode */
+ {
+ { 0xFFFF, 0, 0, 0xB, 1, 0, 1, 0xF, 0, 1, 0, 1, 0 }
+ }, /* 0x10: for long mode */
+ {
+ { 0xFFFF, 0, 0, 0x3, 1, 0, 1, 0xF, 0, 0, 1, 1, 0 }
+ }, /* 0x18: data */
+ {
+ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }
+ }, /* 0x20: reserve */
+};
+
+/**
+ At the beginning of ResetVector in OS, the GDT needs to be reloaded.
+**/
+VOID
+SetMailboxResetVectorGDT (
+ VOID
+ )
+{
+ TDX_WORK_AREA *TdxWorkArea;
+
+ TdxWorkArea = (TDX_WORK_AREA *)(UINTN)FixedPcdGet32 (PcdOvmfWorkAreaBase);
+ ASSERT (TdxWorkArea != NULL);
+ ZeroMem ((VOID *)TdxWorkArea->MailboxGdt.Data, sizeof (TdxWorkArea->MailboxGdt.Data));
+
+ CopyMem ((VOID *)TdxWorkArea->MailboxGdt.Data, (VOID *)mGdtEntries, sizeof (mGdtEntries));
+ TdxWorkArea->MailboxGdt.Gdtr.Base = (UINTN)TdxWorkArea->MailboxGdt.Data;
+ TdxWorkArea->MailboxGdt.Gdtr.Limit = sizeof (mGdtEntries) - 1;
+}
+
/**
At the beginning of system boot, a 4K-aligned, 4K-size memory (Td mailbox) is
pre-allocated by host VMM. BSP & APs do the page accept together in that memory
@@ -37,12 +74,14 @@
memory block which is allocated in the ACPI Nvs memory. APs are waken up and
spin around the relocated mailbox for further command.
+ @param[in, out] ResetVector Pointer to the ResetVector
+
@return EFI_PHYSICAL_ADDRESS Address of the relocated mailbox
**/
EFI_PHYSICAL_ADDRESS
EFIAPI
RelocateMailbox (
- VOID
+ EFI_PHYSICAL_ADDRESS *ResetVector
)
{
EFI_PHYSICAL_ADDRESS Address;
@@ -92,6 +131,7 @@ RelocateMailbox (
ApLoopFunc
));
+ SetMailboxResetVectorGDT ();
//
// Initialize mailbox
//
@@ -115,6 +155,13 @@ RelocateMailbox (
0
);
+ *ResetVector = (UINT64)ApLoopFunc + (RelocationMap.RelocateApResetVector -
+ RelocationMap.RelocateApLoopFuncAddress);
+ DEBUG ((
+ DEBUG_INFO,
+ "Ap Relocation: reset_vector %llx\n",
+ *ResetVector
+ ));
return Address;
}
@@ -142,7 +189,8 @@ AlterAcpiTable (
UINT8 *NewMadtTable;
UINTN NewMadtTableLength;
EFI_PHYSICAL_ADDRESS RelocateMailboxAddress;
- EFI_ACPI_6_4_MULTIPROCESSOR_WAKEUP_STRUCTURE *MadtMpWk;
+ EFI_PHYSICAL_ADDRESS RelocateResetVector;
+ EFI_ACPI_6_6_MULTIPROCESSOR_WAKEUP_STRUCTURE *MadtMpWk;
EFI_ACPI_1_0_MULTIPLE_APIC_DESCRIPTION_TABLE_HEADER *MadtHeader;
Index = 0;
@@ -155,7 +203,7 @@ AlterAcpiTable (
return;
}
- RelocateMailboxAddress = RelocateMailbox ();
+ RelocateMailboxAddress = RelocateMailbox (&RelocateResetVector);
if (RelocateMailboxAddress == 0) {
ASSERT (FALSE);
DEBUG ((DEBUG_ERROR, "Failed to relocate Td mailbox\n"));
@@ -172,7 +220,7 @@ AlterAcpiTable (
break;
}
- NewMadtTableLength = Table->Length + sizeof (EFI_ACPI_6_4_MULTIPROCESSOR_WAKEUP_STRUCTURE);
+ NewMadtTableLength = Table->Length + sizeof (EFI_ACPI_6_6_MULTIPROCESSOR_WAKEUP_STRUCTURE);
NewMadtTable = AllocatePool (NewMadtTableLength);
if (NewMadtTable == NULL) {
DEBUG ((DEBUG_ERROR, "%a: OUT_OF_SOURCES error.\n", __func__));
@@ -183,12 +231,13 @@ AlterAcpiTable (
MadtHeader = (EFI_ACPI_1_0_MULTIPLE_APIC_DESCRIPTION_TABLE_HEADER *)NewMadtTable;
MadtHeader->Header.Length = (UINT32)NewMadtTableLength;
- MadtMpWk = (EFI_ACPI_6_4_MULTIPROCESSOR_WAKEUP_STRUCTURE *)(NewMadtTable + Table->Length);
+ MadtMpWk = (EFI_ACPI_6_6_MULTIPROCESSOR_WAKEUP_STRUCTURE *)(NewMadtTable + Table->Length);
MadtMpWk->Type = EFI_ACPI_6_4_MULTIPROCESSOR_WAKEUP;
- MadtMpWk->Length = sizeof (EFI_ACPI_6_4_MULTIPROCESSOR_WAKEUP_STRUCTURE);
- MadtMpWk->MailBoxVersion = 0;
+ MadtMpWk->Length = sizeof (EFI_ACPI_6_6_MULTIPROCESSOR_WAKEUP_STRUCTURE);
+ MadtMpWk->MailBoxVersion = 1;
MadtMpWk->Reserved = 0;
MadtMpWk->MailBoxAddress = RelocateMailboxAddress;
+ MadtMpWk->ResetVector = RelocateResetVector;
Status = AcpiTableProtocol->InstallAcpiTable (AcpiTableProtocol, NewMadtTable, NewMadtTableLength, &NewTableKey);
if (EFI_ERROR (Status)) {
diff --git a/OvmfPkg/TdxDxe/TdxAcpiTable.h b/OvmfPkg/TdxDxe/TdxAcpiTable.h
index 6b7615dc36..6081665ffa 100644
--- a/OvmfPkg/TdxDxe/TdxAcpiTable.h
+++ b/OvmfPkg/TdxDxe/TdxAcpiTable.h
@@ -18,6 +18,8 @@
#include <Library/UefiBootServicesTableLib.h>
#include <Library/DebugLib.h>
#include <Library/PcdLib.h>
+#include <WorkArea.h>
+
#include <IndustryStandard/IntelTdx.h>
#include <IndustryStandard/Acpi.h>
@@ -41,7 +43,7 @@ AsmGetRelocationMap (
EFI_PHYSICAL_ADDRESS
EFIAPI
RelocateMailbox (
- VOID
+ EFI_PHYSICAL_ADDRESS *ResetVector
);
/**
diff --git a/OvmfPkg/TdxDxe/TdxDxe.inf b/OvmfPkg/TdxDxe/TdxDxe.inf
index 9793562884..69e4c0bfa5 100644
--- a/OvmfPkg/TdxDxe/TdxDxe.inf
+++ b/OvmfPkg/TdxDxe/TdxDxe.inf
@@ -71,3 +71,7 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved
gUefiOvmfPkgTokenSpaceGuid.PcdTdxAcceptPageSize
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize
diff --git a/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm b/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
index 2f42510605..d1a4dce2ff 100644
--- a/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
+++ b/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
@@ -16,8 +16,18 @@
DEFAULT REL
+SECTION .bss
+global STACK_BASE
+STACK_BASE:
+ resb 1024
+STACK_TOP:
+
SECTION .text
+%define TDX_WORK_AREA_MAILBOX_GDTR (FixedPcdGet32 (PcdOvmfWorkAreaBase) + 128)
+
+%define PT_ADDR(Offset) (FixedPcdGet32 (PcdOvmfSecPageTablesBase) + (Offset))
+
BITS 64
%define TDVMCALL_EXPOSE_REGS_MASK 0xffcc
@@ -76,6 +86,7 @@ AsmRelocateApMailBoxLoopStart:
test r10, r10
jnz Panic
mov r8, r15
+ mov qword[rel mailbox_address], rbx
MailBoxLoop:
; Spin until command set
@@ -104,6 +115,91 @@ MailBoxTest:
jmp MailBoxLoop
Panic:
ud2
+
+AsmRelocateApResetVector:
+
+.prepareStack:
+ ; The stack can then be used to switch from long mode to compatibility mode
+ mov rsp, STACK_TOP
+
+.loadGDT:
+ cli
+ mov rax, TDX_WORK_AREA_MAILBOX_GDTR
+ lgdt [rax]
+
+.loadSwicthModeCode:
+ mov rcx, dword 0x10 ; load long mode selector
+ shl rcx, 32
+ lea rdx, [LongMode] ; assume address < 4G
+ or rcx, rdx
+ push rcx
+
+ mov rcx, dword 0x08 ; load compatible mode selector
+ shl rcx, 32
+ lea rdx, [Compatible] ; assume address < 4G
+ or rcx, rdx
+ push rcx
+ retf
+
+BITS 32
+Compatible:
+ mov eax, dword 0x18
+; ; reload DS/ES/SS to make sure they are correct referred to current GDT
+ mov ds, ax
+ mov es, ax
+ mov ss, ax
+ ; reload the fs and gs
+ mov fs, ax
+ mov gs, ax
+
+ ; Must clear the CR4.PCIDE before clearing paging
+ mov ecx, cr4
+ btc ecx, 17
+ mov cr4, ecx
+ ;
+ ; Disable paging
+ ;
+ mov ecx, cr0
+ btc ecx, 31
+ mov cr0, ecx
+ ;
+RestoreCr0:
+ ; Only enable PE(bit 0), NE(bit 5), ET(bit 4) 0x31
+ mov eax, dword 0x31
+ mov cr0, eax
+
+
+ ; Only Enable MCE(bit 6), VMXE(bit 13) 0x2040
+ ; TDX enforeced the VMXE = 1 and mask it in VMM, so not set it.
+RestoreCr4:
+ mov eax, 0x40
+ mov cr4, eax
+SetCr3:
+ ;
+ ; Can use the boot page tables since it's reserved
+
+ mov eax, PT_ADDR (0)
+ mov cr3, eax
+
+EnablePAE:
+ mov eax, cr4
+ bts eax, 5
+ mov cr4, eax
+
+EnablePaging:
+ mov eax, cr0
+ bts eax, 31 ; set PG
+ mov cr0, eax ; enable paging
+ ; return to LongMode
+ retf
+
+BITS 64
+LongMode:
+ mov rbx, qword[rel mailbox_address]
+ jmp AsmRelocateApMailBoxLoopStart
+align 16
+mailbox_address:
+ dq 0
BITS 64
AsmRelocateApMailBoxLoopEnd:
@@ -112,8 +208,10 @@ AsmRelocateApMailBoxLoopEnd:
;-------------------------------------------------------------------------------------
global ASM_PFX(AsmGetRelocationMap)
ASM_PFX(AsmGetRelocationMap):
+ ; mov byte[TDX_WORK_AREA_MB_PGTBL_READY], 0
lea rax, [AsmRelocateApMailBoxLoopStart]
mov qword [rcx], rax
mov qword [rcx + 8h], AsmRelocateApMailBoxLoopEnd - AsmRelocateApMailBoxLoopStart
+ lea rax, [AsmRelocateApResetVector]
+ mov qword [rcx + 10h], rax
ret
-
--
2.50.1

123
edk2-OvmfPkg-Add-the-Test-command-in-TDX-MailBox.patch Normal file
View File

@ -0,0 +1,123 @@
From e2c3ffb6540e74a928ec80ebbd8912953459fc4f Mon Sep 17 00:00:00 2001
From: Ceping Sun <cepingx.sun@intel.com>
Date: Thu, 12 Jun 2025 23:48:16 -0400
Subject: [PATCH 3/6] OvmfPkg: Add the Test command in TDX MailBox
RH-Author: Luigi Leonardi <None>
RH-MergeRequest: 95: Fix ACPI warning due to incorrect checksum
RH-Jira: RHEL-109010
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [3/5] 15ebd77c681d1e720a299ed42d370e81b20c7374 (luigileonardi/edk2)
Base on ACPI 6.6 MultiProcessor Wakeup Mailbox Structure,
the new "Test" command is added.
Also the "Sleep" command is not used in TDX Mailbox, it should be removed.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
---
OvmfPkg/Include/IndustryStandard/IntelTdx.h | 7 +++++--
OvmfPkg/Include/TdxCommondefs.inc | 3 +--
OvmfPkg/TdxDxe/X64/ApRunLoop.nasm | 20 +++++++++++++-------
3 files changed, 19 insertions(+), 11 deletions(-)
diff --git a/OvmfPkg/Include/IndustryStandard/IntelTdx.h b/OvmfPkg/Include/IndustryStandard/IntelTdx.h
index cc849be2fb..1151f9edd5 100644
--- a/OvmfPkg/Include/IndustryStandard/IntelTdx.h
+++ b/OvmfPkg/Include/IndustryStandard/IntelTdx.h
@@ -17,11 +17,14 @@
#define MP_CPU_PROTECTED_MODE_MAILBOX_APICID_INVALID 0xFFFFFFFF
#define MP_CPU_PROTECTED_MODE_MAILBOX_APICID_BROADCAST 0xFFFFFFFE
+//
+// This enum is defined for the use of Intel TDX Guest.
+// TDX Guest CPUs wait for below commands and do corresponding tasks.
+//
typedef enum {
MpProtectedModeWakeupCommandNoop = 0,
MpProtectedModeWakeupCommandWakeup = 1,
- MpProtectedModeWakeupCommandSleep = 2,
- MpProtectedModeWakeupCommandAcceptPages = 3,
+ MpProtectedModeWakeupCommandAcceptPages = 2,
} MP_CPU_PROTECTED_MODE_WAKEUP_CMD;
#pragma pack(1)
diff --git a/OvmfPkg/Include/TdxCommondefs.inc b/OvmfPkg/Include/TdxCommondefs.inc
index a29d2fad42..b49a830178 100644
--- a/OvmfPkg/Include/TdxCommondefs.inc
+++ b/OvmfPkg/Include/TdxCommondefs.inc
@@ -41,8 +41,7 @@ ERROR_INVALID_FALLBACK_PAGE_LEVEL equ 3
MpProtectedModeWakeupCommandNoop equ 0
MpProtectedModeWakeupCommandWakeup equ 1
-MpProtectedModeWakeupCommandSleep equ 2
-MpProtectedModeWakeupCommandAcceptPages equ 3
+MpProtectedModeWakeupCommandAcceptPages equ 2
MailboxApicIdInvalid equ 0xffffffff
MailboxApicidBroadcast equ 0xfffffffe
diff --git a/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm b/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
index 57560015f4..2f42510605 100644
--- a/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
+++ b/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
@@ -1,5 +1,5 @@
;------------------------------------------------------------------------------ ;
-; Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+; Copyright (c) 2025, Intel Corporation. All rights reserved.<BR>
; SPDX-License-Identifier: BSD-2-Clause-Patent
;
; Module Name:
@@ -24,6 +24,11 @@ BITS 64
%define TDVMCALL 0x0
%define EXIT_REASON_CPUID 0xa
+; Defined in ACPI 6.6 section 5.2.12.19 MultiProcessor Wakeup Mailbox Command.
+%define MULTIPROCESSOR_WAKEUP_MAILBOX_COMMAND_NOOP 0
+%define MULTIPROCESSOR_WAKEUP_MAILBOX_COMMAND_WAKEUP 1
+%define MULTIPROCESSOR_WAKEUP_MAILBOX_COMMAND_TEST 2
+
%macro tdcall 0
db 0x66, 0x0f, 0x01, 0xcc
%endmacro
@@ -74,7 +79,7 @@ AsmRelocateApMailBoxLoopStart:
MailBoxLoop:
; Spin until command set
- cmp dword [rbx + CommandOffset], MpProtectedModeWakeupCommandNoop
+ cmp dword [rbx + CommandOffset], MULTIPROCESSOR_WAKEUP_MAILBOX_COMMAND_NOOP
je MailBoxLoop
; Determine if this is a broadcast or directly for my apic-id, if not, ignore
cmp dword [rbx + ApicidOffset], MailboxApicidBroadcast
@@ -82,10 +87,10 @@ MailBoxLoop:
cmp dword [rbx + ApicidOffset], r8d
jne MailBoxLoop
MailBoxProcessCommand:
- cmp dword [rbx + CommandOffset], MpProtectedModeWakeupCommandWakeup
+ cmp dword [rbx + CommandOffset], MULTIPROCESSOR_WAKEUP_MAILBOX_COMMAND_WAKEUP
je MailBoxWakeUp
- cmp dword [rbx + CommandOffset], MpProtectedModeWakeupCommandSleep
- je MailBoxSleep
+ cmp dword [rbx + CommandOffset], MULTIPROCESSOR_WAKEUP_MAILBOX_COMMAND_TEST
+ je MailBoxTest
; Don't support this command, so ignore
jmp MailBoxLoop
MailBoxWakeUp:
@@ -94,8 +99,9 @@ MailBoxWakeUp:
; the command field back to zero as acknowledgement.
mov qword [rbx + CommandOffset], 0
jmp rax
-MailBoxSleep:
- jmp $
+MailBoxTest:
+ mov qword [rbx + CommandOffset], 0
+ jmp MailBoxLoop
Panic:
ud2
BITS 64
--
2.50.1

49
edk2-OvmfPkg-IoMmuDxe-Fix-1M-and-2M-buffer-handling.patch Normal file
View File

@ -0,0 +1,49 @@
From 7316c1f5aaaffa1829bf6b391886b13569b093d0 Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Wed, 15 Oct 2025 13:17:36 -0400
Subject: [PATCH 6/6] OvmfPkg/IoMmuDxe: Fix 1M and 2M buffer handling
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 97: OvmfPkg/IoMmuDxe: Fix 1M and 2M buffer handling
RH-Jira: RHEL-69780
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Acked-by: Luigi Leonardi <None>
RH-Commit: [1/1] 93d58032b28497df124caa7b525cf01e26e54751 (osteffen/edk2)
The IoMmu keeps a pool of pre-allocated shared buffers in various sizes
to serve requests. Usage is tracked in a bitmap.
The bitmap masks for the 1M and 2M buffer pools are incorrect, causing
the same buffers getting handed out repeatedly, causing corrupted device
accesses.
The masks needs to be kept in sync with mReservedMemRanges below.
This sets the correct values for:
- RESERVED_MEM_BITMAP_1M_MASK = (1 << 14) = 0x4000
- RESERVED_MEM_BITMAP_2M_MASK = (1 << 15) | (1 << 16) = 0x18000
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
(cherry picked from commit e27cfda33b429762975215cccba5837ee850d18e)
---
OvmfPkg/IoMmuDxe/IoMmuBuffer.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/OvmfPkg/IoMmuDxe/IoMmuBuffer.c b/OvmfPkg/IoMmuDxe/IoMmuBuffer.c
index f8dcd5b7ec..6b9c38cf0d 100644
--- a/OvmfPkg/IoMmuDxe/IoMmuBuffer.c
+++ b/OvmfPkg/IoMmuDxe/IoMmuBuffer.c
@@ -23,8 +23,8 @@ extern BOOLEAN mReservedSharedMemSupported;
#define RESERVED_MEM_BITMAP_4K_MASK 0xf
#define RESERVED_MEM_BITMAP_32K_MASK 0xff0
#define RESERVED_MEM_BITMAP_128K_MASK 0x3000
-#define RESERVED_MEM_BITMAP_1M_MASK 0x40000
-#define RESERVED_MEM_BITMAP_2M_MASK 0x180000
+#define RESERVED_MEM_BITMAP_1M_MASK 0x4000
+#define RESERVED_MEM_BITMAP_2M_MASK 0x18000
#define RESERVED_MEM_BITMAP_MASK 0x1fffff
/**
--
2.50.1

75
edk2-OvmfPkg-TdxDxe-Support-5-level-paging-for-ResetVecto.patch Normal file
View File

@ -0,0 +1,75 @@
From c9102313a0de257397bf508b929db26fb42c0f77 Mon Sep 17 00:00:00 2001
From: Ceping Sun <cepingx.sun@intel.com>
Date: Tue, 2 Apr 2024 07:13:40 +0800
Subject: [PATCH 5/6] OvmfPkg/TdxDxe: Support 5-level paging for ResetVector
RH-Author: Luigi Leonardi <None>
RH-MergeRequest: 95: Fix ACPI warning due to incorrect checksum
RH-Jira: RHEL-109010
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [5/5] 84d72db1644e3b62dc7f11595800f84ed14c5802 (luigileonardi/edk2)
Since OVMF already supports 5-level paging, the ResetVector
needs to handle the case.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
---
OvmfPkg/TdxDxe/TdxDxe.inf | 1 +
OvmfPkg/TdxDxe/X64/ApRunLoop.nasm | 20 +++++++++++++++++++-
2 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/OvmfPkg/TdxDxe/TdxDxe.inf b/OvmfPkg/TdxDxe/TdxDxe.inf
index 69e4c0bfa5..9af67952c0 100644
--- a/OvmfPkg/TdxDxe/TdxDxe.inf
+++ b/OvmfPkg/TdxDxe/TdxDxe.inf
@@ -75,3 +75,4 @@
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize
+ gEfiMdeModulePkgTokenSpaceGuid.PcdUse5LevelPageTable
diff --git a/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm b/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
index d1a4dce2ff..7c860b1195 100644
--- a/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
+++ b/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
@@ -25,8 +25,13 @@ STACK_TOP:
SECTION .text
%define TDX_WORK_AREA_MAILBOX_GDTR (FixedPcdGet32 (PcdOvmfWorkAreaBase) + 128)
+%define PT_ADDR(Offset) (FixedPcdGet32 (PcdOvmfSecPageTablesBase) + (Offset))
+%define TDX_WORK_AREA_PGTBL_READY (FixedPcdGet32 (PcdOvmfWorkAreaBase) + 4)
+%define PG_5_LEVEL (FixedPcdGetBool (PcdUse5LevelPageTable))
-%define PT_ADDR(Offset) (FixedPcdGet32 (PcdOvmfSecPageTablesBase) + (Offset))
+%define TDX_BSP 1
+%define TDX_AP 2
+%define TDX_AP_5_LEVEL 3
BITS 64
@@ -174,6 +179,19 @@ RestoreCr0:
RestoreCr4:
mov eax, 0x40
mov cr4, eax
+
+%if PG_5_LEVEL
+ mov al, byte[TDX_WORK_AREA_PGTBL_READY]
+ inc eax
+ cmp eax, TDX_AP_5_LEVEL
+ jne SetCr3
+SetCr4La57:
+ ; set la57 bit in cr4
+ mov eax, cr4
+ bts eax, 12
+ mov cr4, eax
+%endif
+
SetCr3:
;
; Can use the boot page tables since it's reserved
--
2.50.1

56
edk2-OvmfPkg-WorkArea.h-Add-MAILBOX_GDT.patch Normal file
View File

@ -0,0 +1,56 @@
From 34e1330887d2ef777c25a954a1293a104f1f7865 Mon Sep 17 00:00:00 2001
From: Ceping Sun <cepingx.sun@intel.com>
Date: Thu, 30 Nov 2023 00:54:17 -0500
Subject: [PATCH 2/6] OvmfPkg/WorkArea.h: Add MAILBOX_GDT
RH-Author: Luigi Leonardi <None>
RH-MergeRequest: 95: Fix ACPI warning due to incorrect checksum
RH-Jira: RHEL-109010
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [2/5] 71a1340ba873d04eaf72e0d27d7fc0c8933f9f92 (luigileonardi/edk2)
Add the GDT table to swicth paging mode when the OS jumps
to the ResetVector in Mailbox.
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Reviewed-by: Min Xu <min.m.xu@intel.com>
Tested-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
---
OvmfPkg/Include/WorkArea.h | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/OvmfPkg/Include/WorkArea.h b/OvmfPkg/Include/WorkArea.h
index e3b415db2c..3b9ea04630 100644
--- a/OvmfPkg/Include/WorkArea.h
+++ b/OvmfPkg/Include/WorkArea.h
@@ -12,6 +12,7 @@
#include <ConfidentialComputingGuestAttr.h>
#include <IndustryStandard/Tpm20.h>
+#include <Library/BaseLib.h>
//
// Confidential computing work area header definition. Any change
@@ -85,6 +86,11 @@ typedef struct _TDX_MEASUREMENTS_DATA {
UINT8 CfvImgHashValue[SHA384_DIGEST_SIZE];
} TDX_MEASUREMENTS_DATA;
+#define MAILBOX_GDT_SIZE (sizeof(IA32_SEGMENT_DESCRIPTOR) * 5)
+typedef struct _MAILBOX_GDT {
+ IA32_DESCRIPTOR Gdtr;
+ UINT8 Data[MAILBOX_GDT_SIZE];
+} MAILBOX_GDT;
//
// The TDX work area definition
//
@@ -98,6 +104,7 @@ typedef struct _SEC_TDX_WORK_AREA {
typedef struct _TDX_WORK_AREA {
CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER Header;
SEC_TDX_WORK_AREA SecTdxWorkArea;
+ MAILBOX_GDT MailboxGdt;
} TDX_WORK_AREA;
//
--
2.50.1

26
edk2.spec
View File

@ -21,7 +21,7 @@ ExclusiveArch: x86_64 aarch64
Name: edk2
Version: %{GITDATE}
Release: 4%{?dist}
Release: 5%{?dist}
Summary: UEFI firmware for 64-bit virtual machines
License: BSD-2-Clause-Patent and Apache-2.0 and MIT
URL: http://www.tianocore.org
@ -89,6 +89,18 @@ Patch34: 0036-OvmfPkg-PlatformInitLib-enable-x2apic-mode-if-needed.patch
Patch35: 0037-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch
# For RHEL-70865 - SNP guest failed to boot with SVSM using OVMF.amdsev.fd [rhel-9.7]
Patch36: edk2-OvmfPkg-Use-the-OvmfPkg-version-of-CcProbeLib.patch
# For RHEL-109010 - TD guest dmesg reports ACPI BIOS Warning (bug): Incorrect checksum in table [APIC] - 0x29
Patch37: edk2-MdePkg-Acpi66.h-Add-ACPI-6.6-header.patch
# For RHEL-109010 - TD guest dmesg reports ACPI BIOS Warning (bug): Incorrect checksum in table [APIC] - 0x29
Patch38: edk2-OvmfPkg-WorkArea.h-Add-MAILBOX_GDT.patch
# For RHEL-109010 - TD guest dmesg reports ACPI BIOS Warning (bug): Incorrect checksum in table [APIC] - 0x29
Patch39: edk2-OvmfPkg-Add-the-Test-command-in-TDX-MailBox.patch
# For RHEL-109010 - TD guest dmesg reports ACPI BIOS Warning (bug): Incorrect checksum in table [APIC] - 0x29
Patch40: edk2-OvmfPkg-Add-the-ResetVector-in-TDX-MailBox.patch
# For RHEL-109010 - TD guest dmesg reports ACPI BIOS Warning (bug): Incorrect checksum in table [APIC] - 0x29
Patch41: edk2-OvmfPkg-TdxDxe-Support-5-level-paging-for-ResetVecto.patch
# For RHEL-69780 - Fail to create AMD SEV SLES 15 SP4 guest via virt-install --cdrom [rhel-9.8]
Patch42: edk2-OvmfPkg-IoMmuDxe-Fix-1M-and-2M-buffer-handling.patch
# python3-devel and libuuid-devel are required for building tools.
# python3-devel is also needed for varstore template generation and
@ -424,6 +436,18 @@ install -m 0644 \
%changelog
* Mon Oct 20 2025 Jon Maloy <jmaloy@redhat.com> - 20241117-5
- edk2-MdePkg-Acpi66.h-Add-ACPI-6.6-header.patch [RHEL-109010]
- edk2-OvmfPkg-WorkArea.h-Add-MAILBOX_GDT.patch [RHEL-109010]
- edk2-OvmfPkg-Add-the-Test-command-in-TDX-MailBox.patch [RHEL-109010]
- edk2-OvmfPkg-Add-the-ResetVector-in-TDX-MailBox.patch [RHEL-109010]
- edk2-OvmfPkg-TdxDxe-Support-5-level-paging-for-ResetVecto.patch [RHEL-109010]
- edk2-OvmfPkg-IoMmuDxe-Fix-1M-and-2M-buffer-handling.patch [RHEL-69780]
- Resolves: RHEL-109010
(TD guest dmesg reports ACPI BIOS Warning (bug): Incorrect checksum in table [APIC] - 0x29)
- Resolves: RHEL-69780
(Fail to create AMD SEV SLES 15 SP4 guest via virt-install --cdrom [rhel-9.8])
* Fri Jul 04 2025 Miroslav Rezanina <mrezanin@redhat.com> - 20241117-4
- edk2-update-dbx-to-20250610.patch [RHEL-96869]
- Resolves: RHEL-96869