OvmfPkg/Sec: Skip setup MTRR early in TD-Guest

With the commit ce4c76e (“OvmfPkg/Sec: Setup MTRR early in the boot process.”), we find an unexpected #VE is triggered in TD-Guest. The background of importing the above commit is that: Before running lzma uncompress of the main firmware volume, if not correctly set MTRR, that would make the uncompress be extremely slow. Detailed discussion info can refer to below links: https://edk2.groups.io/g/devel/message/114202 https://edk2.groups.io/g/devel/message/114977 Refer to [intel-tdx-module-1.5-base-spec] Section 11.3 and section11.6.1, CR0.CD is enforced to 0 in TD-Guest. And refer to section 18.2.1.4, TDX module MTRR emulation enforces WB in VMM. Currently the initial MTRR are: - Td-Guest : MTRR disabled, Type is WB. - Non-Td-Guest : MTRR disabled, Type is UC. In DXE phase, OVMF/TDVF would check the MTRR Type for MMIO (in CpuSetMemoryAttributes -> MtrrGetMemoryAttribute -> MtrrGetMemoryAttributeworker: https://github.com/tianocore/edk2/blob/master/UefiCpuPkg/Library/MtrrLib/MtrrLib.c#L929 ). If MTRR is disabled, it always returns UC. Otherwise, it returns the actual value. If it checks that the type is not UC then the MTRR is programmed. It is required to disable cache by setting CR0.CD to 1. That will trigger an unexpected #VE in TD-Guest. Based on above analysis we propose to skip "Setup MTRR early" in TD-Guest because of: - TD-Guest doesn’t have the issue that lzma uncompress extremely slow. - This patch will trigger an unexpected #VE in TD-Guest. intel-tdx-module-1.5-base-spec: https://cdrdv2.intel.com/v1/dl/getContent/733575 Cc: Erdem Aktas <erdemaktas@google.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
2025-07-30 17:14:07 +02:00 · 2024-07-02 01:50:10 +08:00 · 2024-07-02 01:50:10 +08:00 · 071d2cfab8
commit 071d2cfab8
parent 0f45be1633
2 changed files with 27 additions and 0 deletions
--- a/OvmfPkg/IntelTdx/Sec/SecMain.c
+++ b/OvmfPkg/IntelTdx/Sec/SecMain.c
@ -68,6 +68,18 @@ SecMtrrSetup (
    return;
  }

+  if (CcProbe () == CcGuestTypeIntelTdx) {
+    //
+    // According to TDX Spec, the default MTRR type is enforced to WB
+    // and CR0.CD is enforced to 0.
+    // The TD guest has to disable MTRR otherwise it tries to
+    // program MTRRs to disable caching. CR0.CD=1 results in the
+    // unexpected #VE.
+    //
+    DEBUG ((DEBUG_INFO, "%a: Skip TD-Guest\n", __func__));
+    return;
+  }
+
  DefType.Uint64    = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE);
  DefType.Bits.Type = MSR_IA32_MTRR_CACHE_WRITE_BACK;
  DefType.Bits.E    = 1; /* enable */
--- a/OvmfPkg/Sec/SecMain.c
+++ b/OvmfPkg/Sec/SecMain.c
@ -764,6 +764,21 @@ SecMtrrSetup (
    return;
  }

+ #if defined (TDX_GUEST_SUPPORTED)
+  if (CcProbe () == CcGuestTypeIntelTdx) {
+    //
+    // According to TDX Spec, the default MTRR type is enforced to WB
+    // and CR0.CD is enforced to 0.
+    // The TD guest has to disable MTRR otherwise it tries to
+    // program MTRRs to disable caching. CR0.CD=1 results in the
+    // unexpected #VE.
+    //
+    DEBUG ((DEBUG_INFO, "%a: Skip TD-Guest\n", __func__));
+    return;
+  }
+
+ #endif
+
  DefType.Uint64    = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE);
  DefType.Bits.Type = MSR_IA32_MTRR_CACHE_WRITE_BACK;
  DefType.Bits.E    = 1; /* enable */