OvmfPkg: Update PlatformInitLib for Tdx guest

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

There are below changes in PlatformInitLib for Tdx guest:

1. Publish ram regions
In Tdx guest, the system memory is passed in TdHob by host VMM. So
the major task of PlatformTdxPublishRamRegions is to walk thru the
TdHob list and transfer the ResourceDescriptorHob and MemoryAllocationHob
to the hobs in DXE phase.

2. Build MemoryAllocationHob for Tdx Mailbox and Ovmf work area.

3. Update of PlatformAddressWidthInitialization. The physical
address width that Tdx guest supports is either 48 or 52.

4. Update of PlatformMemMapInitialization.
0xA0000 - 0xFFFFF is VGA bios region.  Platform initialization marks the
region as MMIO region. Dxe code maps MMIO region as IO region.
As TDX guest, MMIO region is maps as shared.  However VGA BIOS doesn't need
to be shared.  Guest TDX Linux maps VGA BIOS as private and accesses for
BIOS and stuck on repeating EPT violation.  VGA BIOS (more generally ROM
region) should be private.  Skip marking VGA BIOA region [0xa000, 0xfffff]
as MMIO in HOB.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>

OvmfPkg/Include/Library/PlatformInitLib.h

@@ -220,4 +220,18 @@ ProcessTdxHobList (
   VOID
   );
 
+/**
+  In Tdx guest, the system memory is passed in TdHob by host VMM. So
+  the major task of PlatformTdxPublishRamRegions is to walk thru the
+  TdHob list and transfer the ResourceDescriptorHob and MemoryAllocationHob
+  to the hobs in DXE phase.
+
+  MemoryAllocationHob should also be created for Mailbox and Ovmf work area.
+**/
+VOID
+EFIAPI
+PlatformTdxPublishRamRegions (
+  VOID
+  );
+
 #endif // PLATFORM_INIT_LIB_H_

OvmfPkg/Library/PlatformInitLib/IntelTdx.c

@@ -512,3 +512,52 @@ TransferTdxHobList (
     Hob.Raw = GET_NEXT_HOB (Hob);
   }
 }
+
+/**
+  In Tdx guest, the system memory is passed in TdHob by host VMM. So
+  the major task of PlatformTdxPublishRamRegions is to walk thru the
+  TdHob list and transfer the ResourceDescriptorHob and MemoryAllocationHob
+  to the hobs in DXE phase.
+
+  MemoryAllocationHob should also be created for Mailbox and Ovmf work area.
+**/
+VOID
+EFIAPI
+PlatformTdxPublishRamRegions (
+  VOID
+  )
+{
+  if (!TdIsEnabled ()) {
+    return;
+  }
+
+  TransferTdxHobList ();
+
+  //
+  // The memory region defined by PcdOvmfSecGhcbBackupBase is pre-allocated by
+  // host VMM and used as the td mailbox at the beginning of system boot.
+  //
+  BuildMemoryAllocationHob (
+    FixedPcdGet32 (PcdOvmfSecGhcbBackupBase),
+    FixedPcdGet32 (PcdOvmfSecGhcbBackupSize),
+    EfiACPIMemoryNVS
+    );
+
+  if (FixedPcdGet32 (PcdOvmfWorkAreaSize) != 0) {
+    //
+    // Reserve the work area.
+    //
+    // Since this memory range will be used by the Reset Vector on S3
+    // resume, it must be reserved as ACPI NVS.
+    //
+    // If S3 is unsupported, then various drivers might still write to the
+    // work area. We ought to prevent DXE from serving allocation requests
+    // such that they would overlap the work area.
+    //
+    BuildMemoryAllocationHob (
+      (EFI_PHYSICAL_ADDRESS)(UINTN)FixedPcdGet32 (PcdOvmfWorkAreaBase),
+      (UINT64)(UINTN)FixedPcdGet32 (PcdOvmfWorkAreaSize),
+      EfiBootServicesData
+      );
+  }
+}

OvmfPkg/Library/PlatformInitLib/IntelTdxNull.c

@@ -28,3 +28,19 @@ ProcessTdxHobList (
 {
   return EFI_UNSUPPORTED;
 }
+
+/**
+  In Tdx guest, the system memory is passed in TdHob by host VMM. So
+  the major task of PlatformTdxPublishRamRegions is to walk thru the
+  TdHob list and transfer the ResourceDescriptorHob and MemoryAllocationHob
+  to the hobs in DXE phase.
+
+  MemoryAllocationHob should also be created for Mailbox and Ovmf work area.
+**/
+VOID
+EFIAPI
+PlatformTdxPublishRamRegions (
+  VOID
+  )
+{
+}

OvmfPkg/Library/PlatformInitLib/MemDetect.c

@@ -37,6 +37,8 @@ Module Name:
 #include <Library/MtrrLib.h>
 #include <Library/QemuFwCfgLib.h>
 #include <Library/QemuFwCfgSimpleParserLib.h>
+#include <Library/TdxLib.h>
+
 #include <Library/PlatformInitLib.h>
 
 VOID
@@ -528,7 +530,19 @@ PlatformAddressWidthInitialization (
     PhysMemAddressWidth = 36;
   }
 
+ #if defined (MDE_CPU_X64)
+  if (TdIsEnabled ()) {
+    if (TdSharedPageMask () == (1ULL << 47)) {
+      PhysMemAddressWidth = 48;
+    } else {
+      PhysMemAddressWidth = 52;
+    }
+  }
+
+  ASSERT (PhysMemAddressWidth <= 52);
+ #else
   ASSERT (PhysMemAddressWidth <= 48);
+ #endif
 
   PlatformInfoHob->FirstNonAddress     = FirstNonAddress;
   PlatformInfoHob->PhysMemAddressWidth = PhysMemAddressWidth;

OvmfPkg/Library/PlatformInitLib/Platform.c

@@ -136,7 +136,9 @@ PlatformMemMapInitialization (
   //
   // Video memory + Legacy BIOS region
   //
-  PlatformAddIoMemoryRangeHob (0x0A0000, BASE_1MB);
+  if (!TdIsEnabled ()) {
+    PlatformAddIoMemoryRangeHob (0x0A0000, BASE_1MB);
+  }
 
   if (PlatformInfoHob->HostBridgeDevId == 0xffff /* microvm */) {
     PlatformAddIoMemoryBaseSizeHob (MICROVM_GED_MMIO_BASE, SIZE_4KB);