From nobody Sun May 19 13:07:57 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+99050+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99050+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1674694616; cv=none; d=zohomail.com; s=zohoarc; b=JBwY0fOZazjE/ii+4fTFPyTkk7SoMu97pTYf3KNs0KBRz6CEahCAlMLbX4M/uBmZ4mKgvmSirFSk1BCv0zy1mrCWmY5roS+gbs1nRfISNnwx7syXCEeUuzg0PQcGZN43MS8L+8988GZ0Z4CrpezzKmEqdOgLHM6gFwJPav/9Eig= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1674694616; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=CILa/N6eWRDR9Vq8FUuNMup3wcB46/sGBdSOzsw2Wk8=; b=Q/q7RwTE9m81eWHYMei/5YgGDYQvtxWdxKW5HFVRpk3ir96aFZvwfEP8ipN7nv/6VuOqKMB9KuT4K1r37mN3paSSEQuXP+Ln+Mwpzrf4UADDptwlkZilcTPMkyWtlOtcC/dBY3v6gqMB3jn3JVoUxivLakMlUuwCwO37+2a/7ik= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99050+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1674694616404933.7920557895561; Wed, 25 Jan 2023 16:56:56 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id VDoYYY1788612xh2cjur8KeS; Wed, 25 Jan 2023 16:56:56 -0800 X-Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201]) by mx.groups.io with SMTP id smtpd.web10.63533.1674694615382100831 for ; Wed, 25 Jan 2023 16:56:55 -0800 X-Received: by mail-pf1-f201.google.com with SMTP id s4-20020a056a00194400b0058d9b9fecb6so161092pfk.1 for ; Wed, 25 Jan 2023 16:56:55 -0800 (PST) X-Gm-Message-State: m3pJdgqPVi7Sla5BpeHE24elx1787277AA= X-Google-Smtp-Source: AMrXdXuc9VBssLdY5fSnaLDJdEgtQH6eVmXFXCxp2nVtMyjZcgz5cxUu82/C2NoFnUNITxnkMcvhXsxp0RaeHlIuyw== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a63:5753:0:b0:499:7f08:40c3 with SMTP id h19-20020a635753000000b004997f0840c3mr3762633pgm.80.1674694614600; Wed, 25 Jan 2023 16:56:54 -0800 (PST) Date: Thu, 26 Jan 2023 00:56:44 +0000 In-Reply-To: <20230126005647.3019225-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20230126005647.3019225-1-dionnaglaze@google.com> Message-ID: <20230126005647.3019225-2-dionnaglaze@google.com> Subject: [edk2-devel] [PATCH v10 1/4] OvmfPkg: Add memory acceptance event in AmdSevDxe From: "Dionna Glaze via groups.io" To: devel@edk2.groups.io Cc: Dionna Glaze , Gerd Hoffmann , James Bottomley , Jiewen Yao , Tom Lendacky , Ard Biesheuvel , "Min M. Xu" , Andrew Fish , "Michael D. Kinney" Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dionnaglaze@google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1674694616; bh=7xVEPSMZ/nDoaazxKcDtiMZHv//zZUrJHK6xxjE9ETk=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=EKDW7m0Nh3qhlUduwRCZUdcS10KbLxIlM8ilfneY0kQVGcVtSl9GyDPDXuNRiOYG59Z dK/NHjobWxKlvT6xEV7wBEjNpifByFoybuj6GSqIhZTSsnrkecZqLr2EK47npK0iqQeeu W2y6ifcfcA5bvh6sr7K6DPd9XXPa2nFNAU8= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1674694618075100007 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The added behavior is to accept all unaccepted memory at ExitBootServices if the behavior is not disabled. This allows safe upgrades for OS loaders to affirm their support for the unaccepted memory type. Cc: Gerd Hoffmann Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Ard Biesheuvel Cc: "Min M. Xu" Cc: Andrew Fish Cc: "Michael D. Kinney" Signed-off-by: Dionna Glaze --- OvmfPkg/AmdSevDxe/AmdSevDxe.c | 109 ++++++++++++++++++++ OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 1 + 2 files changed, 110 insertions(+) diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c index f7600c3c81..5eec76fea2 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -20,6 +20,7 @@ #include #include #include +#include #include =20 STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable =3D { @@ -34,6 +35,10 @@ STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBoo= tDxeTable =3D { =20 STATIC EFI_HANDLE mAmdSevDxeHandle =3D NULL; =20 +STATIC BOOLEAN mAcceptAllMemoryAtEBS =3D TRUE; + +STATIC EFI_EVENT mAcceptAllMemoryEvent =3D NULL; + #define IS_ALIGNED(x, y) ((((x) & ((y) - 1)) =3D=3D 0)) =20 STATIC @@ -62,6 +67,94 @@ AmdSevMemoryAccept ( return EFI_SUCCESS; } =20 +STATIC +EFI_STATUS +AcceptAllMemory ( + IN EDKII_MEMORY_ACCEPT_PROTOCOL *AcceptMemory + ) +{ + EFI_GCD_MEMORY_SPACE_DESCRIPTOR *AllDescMap; + UINTN NumEntries; + UINTN Index; + EFI_STATUS Status; + + DEBUG ((DEBUG_INFO, "Accepting all memory\n")); + + /* + * Get a copy of the memory space map to iterate over while + * changing the map. + */ + Status =3D gDS->GetMemorySpaceMap (&NumEntries, &AllDescMap); + if (EFI_ERROR (Status)) { + return Status; + } + + for (Index =3D 0; Index < NumEntries; Index++) { + CONST EFI_GCD_MEMORY_SPACE_DESCRIPTOR *Desc; + + Desc =3D &AllDescMap[Index]; + if (Desc->GcdMemoryType !=3D EFI_GCD_MEMORY_TYPE_UNACCEPTED) { + continue; + } + + Status =3D AcceptMemory->AcceptMemory ( + AcceptMemory, + Desc->BaseAddress, + Desc->Length + ); + if (EFI_ERROR (Status)) { + break; + } + + Status =3D gDS->RemoveMemorySpace (Desc->BaseAddress, Desc->Length); + if (EFI_ERROR (Status)) { + break; + } + + Status =3D gDS->AddMemorySpace ( + EfiGcdMemoryTypeSystemMemory, + Desc->BaseAddress, + Desc->Length, + EFI_MEMORY_CPU_CRYPTO | EFI_MEMORY_XP | EFI_MEMORY_RO = | EFI_MEMORY_RP + ); + if (EFI_ERROR (Status)) { + break; + } + } + + gBS->FreePool (AllDescMap); + return Status; +} + +VOID +EFIAPI +ResolveUnacceptedMemory ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EDKII_MEMORY_ACCEPT_PROTOCOL *AcceptMemory; + EFI_STATUS Status; + + if (!mAcceptAllMemoryAtEBS) { + return; + } + + Status =3D gBS->LocateProtocol ( + &gEdkiiMemoryAcceptProtocolGuid, + NULL, + (VOID **)&AcceptMemory + ); + if (Status =3D=3D EFI_NOT_FOUND) { + return; + } + + ASSERT_EFI_ERROR (Status); + + Status =3D AcceptAllMemory (AcceptMemory); + ASSERT_EFI_ERROR (Status); +} + STATIC EDKII_MEMORY_ACCEPT_PROTOCOL mMemoryAcceptProtocol =3D { AmdSevMemoryAccept }; @@ -195,6 +288,22 @@ AmdSevDxeEntryPoint ( ); ASSERT_EFI_ERROR (Status); =20 + // SEV-SNP support does not automatically imply unaccepted memory supp= ort, + // so make ExitBootServices accept all unaccepted memory if support is + // not communicated. + Status =3D gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_CALLBACK, + ResolveUnacceptedMemory, + NULL, + &gEfiEventBeforeExitBootServicesGuid, + &mAcceptAllMemoryEvent + ); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "AllowUnacceptedMemory event creation for Event= BeforeExitBootServices failed.\n")); + } + // // If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING= _SEV_SNP_BLOB. // It contains the location for both the Secrets and CPUID page. diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.= inf index cd1b686c53..5b443d45bc 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf @@ -52,6 +52,7 @@ =20 [Guids] gConfidentialComputingSevSnpBlobGuid + gEfiEventBeforeExitBootServicesGuid =20 [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId --=20 2.39.1.456.gfc5497dd1b-goog -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99050): https://edk2.groups.io/g/devel/message/99050 Mute This Topic: https://groups.io/mt/96534752/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 19 13:07:57 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+99051+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99051+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1674694617; cv=none; d=zohomail.com; s=zohoarc; b=geTj3mERtIL23wiwjkPn/p4KsIT0qfzdm9+0xmz6fpHNGIK0FAzsvRFd0VVCMblLXsLqEUGS0rR1HOSXG04b87jOhfNFB55JzJPhIB5HNRMAZ9lF6BKYYiW3P2SNdZiaiscJWgg14Q8Rs/wANv5pNJ9QmS57KomsElPQ5vnwcbo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1674694617; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=B4JGNzMKpe6q/cgIDzRbXz7fUpTgcrbFYs8rX7VFXn8=; b=TOTMSUvNTQTeEuZDAj5s3c0n+CS0cPSl0lYGZdrsWe0VkuEGU+KepGWFKdwIWXpaKj13PbBKX6noiZhhfuT5coSN+j/XKNHFB2rZk6PTajstoYAe9dqoMeoW8niq5+hLoD/bnS0nLdFCUnjUOTrs72/RMTw11qKdVLieLFUIpwI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99051+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1674694617884939.7988020370972; Wed, 25 Jan 2023 16:56:57 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id aB25YY1788612x0Zy5tzVr5w; Wed, 25 Jan 2023 16:56:57 -0800 X-Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) by mx.groups.io with SMTP id smtpd.web11.63461.1674694617004374831 for ; Wed, 25 Jan 2023 16:56:57 -0800 X-Received: by mail-pl1-f201.google.com with SMTP id u6-20020a170903124600b00188cd4769bcso309293plh.0 for ; Wed, 25 Jan 2023 16:56:56 -0800 (PST) X-Gm-Message-State: 3OqI0Kp9JJoxJRI7m1U4WKP1x1787277AA= X-Google-Smtp-Source: AK7set+HZZ3WBudomVIexNEciM2uHgY4mc20Jyq6R3PlDHmDXQcLqGILsaM4i7WwDwVigFJt19OsZU0LVFJ4QjWv5g== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a17:90b:fc7:b0:226:9980:67f3 with SMTP id gd7-20020a17090b0fc700b00226998067f3mr2501pjb.1.1674694616062; Wed, 25 Jan 2023 16:56:56 -0800 (PST) Date: Thu, 26 Jan 2023 00:56:45 +0000 In-Reply-To: <20230126005647.3019225-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20230126005647.3019225-1-dionnaglaze@google.com> Message-ID: <20230126005647.3019225-3-dionnaglaze@google.com> Subject: [edk2-devel] [PATCH v10 2/4] MdePkg: Introduce the SevMemoryAcceptance protocol From: "Dionna Glaze via groups.io" To: devel@edk2.groups.io Cc: Dionna Glaze , Gerd Hoffmann , James Bottomley , Jiewen Yao , Tom Lendacky , Ard Biesheuvel , "Min M. Xu" , Andrew Fish , "Michael D. Kinney" Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dionnaglaze@google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1674694617; bh=IqokhUHMHVZGxqFa85bewjgrREf1Is6JeVBXtKFrsik=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=p8EldyNRrPyY2cdQ+FS0yLdF8gP4eRDxqH8OoyN04Z0QT83PLVTsMlmbuEK6DQReIwY +aK158yZ2sdvstiNOvgM68HkiJILVy/YPjMn4MDCkr6aU+nrHsbPZKb8ygyR7pZdYyLNM ixHNe8qQpONYwD8Sz+gWiY9lR6GdOcInaDE= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1674694618074100006 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The default behavior for unaccepted memory in SEV-SNP is to accept all memory when ExitBootServices is called. An OS loader can use this protocol to disable this behavior to assume responsibility for memory acceptance and to affirm that the OS can handle the unaccepted memory type. This is a candidate for standardization. Cc: Gerd Hoffmann Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Ard Biesheuvel Cc: "Min M. Xu" Cc: Andrew Fish Cc: "Michael D. Kinney" Signed-off-by: Dionna Glaze --- MdePkg/Include/Protocol/Bz3987SevMemoryAcceptance.h | 44 +++++++++++++++++= +++ MdePkg/MdePkg.dec | 3 ++ 2 files changed, 47 insertions(+) diff --git a/MdePkg/Include/Protocol/Bz3987SevMemoryAcceptance.h b/MdePkg/I= nclude/Protocol/Bz3987SevMemoryAcceptance.h new file mode 100644 index 0000000000..c3691e1c93 --- /dev/null +++ b/MdePkg/Include/Protocol/Bz3987SevMemoryAcceptance.h @@ -0,0 +1,44 @@ +/** @file + The file provides the protocol that disables the behavior that all memory + gets accepted at ExitBootServices(). This protocol is only meant to be c= alled + by the OS loader, and not EDK2 itself. The SEV naming is due to the coin= cidence + that only SEV-SNP needs this protocol, since SEV-SNP kernel support rele= ased + before kernel support for unaccepted memory. The technology enablement t= hus + does not strictly imply support for the unaccepted memory type. + + Copyright (c) 2023, Google LLC. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#ifndef SEV_MEMORY_ACCEPTANCE_H_ +#define SEV_MEMORY_ACCEPTANCE_H_ + +#define BZ3987_SEV_MEMORY_ACCEPTANCE_PROTOCOL_GUID \ + {0xc5a010fe, \ + 0x38a7, \ + 0x4531, \ + {0x8a, 0x4a, 0x05, 0x00, 0xd2, 0xfd, 0x16, 0x49}} + +typedef struct _BZ3987_SEV_MEMORY_ACCEPTANCE_PROTOCOL \ + BZ3987_SEV_MEMORY_ACCEPTANCE_PROTOCOL; + +/** + @param This A pointer to a BZ3987_SEV_MEMORY_ACCEPTANCE_PROTOCOL. +**/ +typedef + EFI_STATUS +(EFIAPI *BZ3987_SEV_ALLOW_UNACCEPTED_MEMORY)( + IN BZ3987_SEV_MEMORY_ACCEPTANCE_PROTOCOL *This + ); + +/// +/// The BZ3987_SEV_MEMORY_ACCEPTANCE_PROTOCOL allows the OS loader to +/// indicate to EDK2 that ExitBootServices should not accept all memory. +/// +struct _BZ3987_SEV_MEMORY_ACCEPTANCE_PROTOCOL { + BZ3987_SEV_ALLOW_UNACCEPTED_MEMORY AllowUnacceptedMemory; +}; + +extern EFI_GUID gBz3987SevMemoryAcceptanceProtocolGuid; + +#endif diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index 3d08f20d15..b82d6e46a4 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -1031,6 +1031,9 @@ gEfiPeiDelayedDispatchPpiGuid =3D { 0x869c711d, 0x649c, 0x44fe, { 0x8b,= 0x9e, 0x2c, 0xbb, 0x29, 0x11, 0xc3, 0xe6 }} =20 [Protocols] + ## Include/Protocol/Bz3987SevMemoryAcceptance.h + gBz3987SevMemoryAcceptanceProtocolGuid =3D { 0xc5a010fe, 0x38a7, 0x4531,= {0x8a, 0x4a, 0x05, 0x00, 0xd2, 0xfd, 0x16, 0x49 }} + ## Include/Protocol/MemoryAccept.h gEdkiiMemoryAcceptProtocolGuid =3D { 0x38c74800, 0x5590, 0x4db4, { 0xa0,= 0xf3, 0x67, 0x5d, 0x9b, 0x8e, 0x80, 0x26 }} =20 --=20 2.39.1.456.gfc5497dd1b-goog -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99051): https://edk2.groups.io/g/devel/message/99051 Mute This Topic: https://groups.io/mt/96534753/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 19 13:07:57 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+99052+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99052+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1674694619; cv=none; d=zohomail.com; s=zohoarc; b=LlvQ2ccMJffhkYZ34bJhD1vlnrd4tTHIU9/JMAlBofXf/HmTi1x5E4H0TBBIXtIql0Yzab8S7SfD+hA5B1BDlZ/TfVxkyK984DYJlXGKMbMSVQgI65GvvteFpjkoccfPHAXTvgGtWGb5pfqx5JEJGf3PXU0rPHjDTWTy+YLNrBA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1674694619; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=Z2htd1Zo3ERq550B7E6a4wbNom45oTV6IW9foY+8/us=; b=g+9/rqIv2oDg97y6U31XvfMccWcjOg26tVdDzL/5S4P39/E9QRGmgLeQubz6njKmRcgZbsIcJJuW9lkJYH+7A7Tksp/x4RlO1U5V/AMFBsus1FGOoUSIWcHrKRXp6JxQwmrPukd6ZBEAvK+YndkgZRBy+oTgcvNg607zdF4YyIo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99052+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1674694619279566.3560441552903; Wed, 25 Jan 2023 16:56:59 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id V0qxYY1788612xyRnqmUEX0E; Wed, 25 Jan 2023 16:56:58 -0800 X-Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201]) by mx.groups.io with SMTP id smtpd.web10.63534.1674694618502297134 for ; Wed, 25 Jan 2023 16:56:58 -0800 X-Received: by mail-pf1-f201.google.com with SMTP id g16-20020a056a001a1000b0059050afa753so150660pfv.10 for ; Wed, 25 Jan 2023 16:56:58 -0800 (PST) X-Gm-Message-State: BfN4yZ6owvOjxLB4XfbD2s8Jx1787277AA= X-Google-Smtp-Source: AK7set8p+mz9EcaoF/u7whRxSb2GhRxAPxRwp3WjYkwj8wITSHz4372JNSg+jEDbxN5PI4JGV6ruWk/v4gM3kcrSHw== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a63:5f96:0:b0:4de:5506:dc61 with SMTP id t144-20020a635f96000000b004de5506dc61mr49382pgb.112.1674694617748; Wed, 25 Jan 2023 16:56:57 -0800 (PST) Date: Thu, 26 Jan 2023 00:56:46 +0000 In-Reply-To: <20230126005647.3019225-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20230126005647.3019225-1-dionnaglaze@google.com> Message-ID: <20230126005647.3019225-4-dionnaglaze@google.com> Subject: [edk2-devel] [PATCH v10 3/4] OvmfPkg: Implement AcceptAllUnacceptedMemory in AmdSevDxe From: "Dionna Glaze via groups.io" To: devel@edk2.groups.io Cc: Dionna Glaze , Gerd Hoffmann , James Bottomley , Jiewen Yao , Tom Lendacky , Ard Biesheuvel , "Min M. Xu" , Andrew Fish , "Michael D. Kinney" Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dionnaglaze@google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1674694618; bh=tpHnO04Z+yWEPo2wjV1UzF4OdHLIol/PjMWbL2XNFYQ=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=MSO8C8t8HKnag0VJMpSxh2CVAt04OMXVbtC/7kK78eARhs7Mme+6Euel2eb8zS2/UIa 6Qat4txD3hRr8MzMP5iLtZFLGRzMZuNDyXW0sX7L3x2Row587wLrHsNcfbXPphCAijsEH Su3wFVPvRHackEqxGvkaatSIexIlFL0/cDQ= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1674694620096100013 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" This protocol implementation disables the accept-all-memory behavior of the BeforeExitBootServices event this driver adds. Cc: Gerd Hoffmann Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Ard Biesheuvel Cc: "Min M. Xu" Cc: Andrew Fish Cc: "Michael D. Kinney" Signed-off-by: Dionna Glaze --- OvmfPkg/AmdSevDxe/AmdSevDxe.c | 26 ++++++++++++++++++++ OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 1 + 2 files changed, 27 insertions(+) diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c index 5eec76fea2..e98867afac 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -21,6 +21,7 @@ #include #include #include +#include #include =20 STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable =3D { @@ -155,6 +156,21 @@ ResolveUnacceptedMemory ( ASSERT_EFI_ERROR (Status); } =20 +STATIC +EFI_STATUS +EFIAPI +AllowUnacceptedMemory ( + IN BZ3987_SEV_MEMORY_ACCEPTANCE_PROTOCOL *This + ) +{ + mAcceptAllMemoryAtEBS =3D FALSE; + return EFI_SUCCESS; +} + +STATIC +BZ3987_SEV_MEMORY_ACCEPTANCE_PROTOCOL + mMemoryAcceptanceProtocol =3D { AllowUnacceptedMemory }; + STATIC EDKII_MEMORY_ACCEPT_PROTOCOL mMemoryAcceptProtocol =3D { AmdSevMemoryAccept }; @@ -304,6 +320,16 @@ AmdSevDxeEntryPoint ( DEBUG ((DEBUG_ERROR, "AllowUnacceptedMemory event creation for Event= BeforeExitBootServices failed.\n")); } =20 + Status =3D gBS->InstallProtocolInterface ( + &mAmdSevDxeHandle, + &gBz3987SevMemoryAcceptanceProtocolGuid, + EFI_NATIVE_INTERFACE, + &mMemoryAcceptanceProtocol + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Install Bz3987SevMemoryAcceptanceProtocol fail= ed.\n")); + } + // // If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING= _SEV_SNP_BLOB. // It contains the location for both the Secrets and CPUID page. diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.= inf index 5b443d45bc..1e14e4e0ab 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf @@ -49,6 +49,7 @@ =20 [Protocols] gEdkiiMemoryAcceptProtocolGuid + gBz3987SevMemoryAcceptanceProtocolGuid =20 [Guids] gConfidentialComputingSevSnpBlobGuid --=20 2.39.1.456.gfc5497dd1b-goog -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99052): https://edk2.groups.io/g/devel/message/99052 Mute This Topic: https://groups.io/mt/96534756/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 19 13:07:57 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+99053+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99053+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1674694621; cv=none; d=zohomail.com; s=zohoarc; b=QsEsj98IwePbAGPCAs3gwEFv+shD96y2Vj7zWa8TlntrCv2Vl06+ziTB0AYqplUTiusvydcfHHrlGMwrGbAriQTIaiSRUopnuyJ9LTj/hnH1EY7BJIQG1MyxqwNEpNJVEKbeBxjIzDDTgDKuJLM8jqVb5tKuT9sD2NHuWoAdecg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1674694621; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=wi+j4BhkywuPJzCNDdGJRvN0m4o7YLBx0aXnpiT2MIk=; b=TJbORidWQtHGZY/NZUBsKnA78rs9KqgnYP7SupSLuy53BwpKkr69mwVumBjHXunJRdVg2t3V2CnpADqL9e+fPzVuFilJE/nKhKLe7ECv8MTdPiXGZVk3VPX/Hzec60hBAeVTXR4SVW75tj4MNtb1iIQZPoEcnEDWBzta9Jcse/Q= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99053+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1674694621074929.3176623558384; Wed, 25 Jan 2023 16:57:01 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id HEdVYY1788612xgcOvtO8tps; Wed, 25 Jan 2023 16:57:00 -0800 X-Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) by mx.groups.io with SMTP id smtpd.web10.63536.1674694620156262360 for ; Wed, 25 Jan 2023 16:57:00 -0800 X-Received: by mail-pj1-f73.google.com with SMTP id f7-20020a17090a9b0700b0022c0e9362a3so1348978pjp.5 for ; Wed, 25 Jan 2023 16:57:00 -0800 (PST) X-Gm-Message-State: Y88HnhLCIFi6yN0k71v3DzJmx1787277AA= X-Google-Smtp-Source: AMrXdXve5Fvf3oTUkhAmdXiIURtvdOqZYCvGyQs40wSn5XOhDi6p5YT9s7PdXJ6iz0obDS6rtTvosBHoADdy4k7TZg== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a05:6a00:1302:b0:589:bd89:3651 with SMTP id j2-20020a056a00130200b00589bd893651mr4147951pfu.28.1674694619504; Wed, 25 Jan 2023 16:56:59 -0800 (PST) Date: Thu, 26 Jan 2023 00:56:47 +0000 In-Reply-To: <20230126005647.3019225-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20230126005647.3019225-1-dionnaglaze@google.com> Message-ID: <20230126005647.3019225-5-dionnaglaze@google.com> Subject: [edk2-devel] [PATCH v10 4/4] OvmfPkg/PlatformPei: SEV-SNP make >=4GB unaccepted From: "Dionna Glaze via groups.io" To: devel@edk2.groups.io Cc: Dionna Glaze , Ard Biescheuvel , "Min M. Xu" , Gerd Hoffmann , James Bottomley , Tom Lendacky , Jiewen Yao , Erdem Aktas Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dionnaglaze@google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1674694620; bh=28p+gu11DTPrkWDpB3f5l+q7HJ6F70mkhNDBlYzaQzw=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=No7xLhdMDpEYzgtxsXH0wrcJusrkeeQ2NfQnQvZUzIP5EXJ5jlc6iuiZKWja0V2I85W FtckdZQ7dBZaEQZnEiBl/LvUxg8zVGwgp62xrtXtkyFs/JtJ5PN7CRuSAh90T/v1gHE8A 0TCbpkRURt2lgPfzuSF7ArAwxVX3DXV5Pc8= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1674694622164100018 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Instead of eagerly accepting all memory in PEI, only accept memory under the 4GB address. This allows a loaded image to use the MEMORY_ACCEPTANCE_PROTOCOL to disable the accept behavior and indicate that it can interpret the memory type accordingly. This classification is safe since ExitBootServices will accept and reclassify the memory as conventional if the disable protocol is not used. Cc: Ard Biescheuvel Cc: "Min M. Xu" Cc: Gerd Hoffmann Cc: James Bottomley Cc: Tom Lendacky Cc: Jiewen Yao Cc: Erdem Aktas Signed-off-by: Dionna Glaze --- OvmfPkg/PlatformPei/AmdSev.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index e4e7b72e67..7d824cc282 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -63,6 +64,10 @@ AmdSevSnpInitialize ( for (Hob.Raw =3D GetHobList (); !END_OF_HOB_LIST (Hob); Hob.Raw =3D GET_= NEXT_HOB (Hob)) { if ((Hob.Raw !=3D NULL) && (GET_HOB_TYPE (Hob) =3D=3D EFI_HOB_TYPE_RES= OURCE_DESCRIPTOR)) { ResourceHob =3D Hob.ResourceDescriptor; + if (ResourceHob->PhysicalStart >=3D SIZE_4GB) { + ResourceHob->ResourceType =3D BZ3937_EFI_RESOURCE_MEMORY_UNACCEPTE= D; + continue; + } =20 if (ResourceHob->ResourceType =3D=3D EFI_RESOURCE_SYSTEM_MEMORY) { MemEncryptSevSnpPreValidateSystemRam ( --=20 2.39.1.456.gfc5497dd1b-goog -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99053): https://edk2.groups.io/g/devel/message/99053 Mute This Topic: https://groups.io/mt/96534757/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-