From nobody Tue Nov 26 22:39:55 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46104+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1566301167452311.2976435639631; Tue, 20 Aug 2019 04:39:27 -0700 (PDT) Return-Path: X-Received: from NAM02-SN1-obe.outbound.protection.outlook.com (NAM02-SN1-obe.outbound.protection.outlook.com []) by groups.io with SMTP; Mon, 19 Aug 2019 14:35:57 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mY978YI84URZZLfa7QjJMpKAG4eaqNDQM6cYAh3ZcJBQinteNzqs4IVIWN2Mi3P2bAcoVHnPkv02Gqzokyts2FOZhVV+ZoY/49ojD8DcqIZA0WzQNgnnJ8kwXJM42sqMmCdMMQ45yLQXdpaOqFXXK9MD9wF/nR7cjm8grnURrYmm1BwyDUyM3nL+gMyqqgGR8Irrn59rRe6PjK7bsl4GYBqR33LoLQR3Cghly3bZidfvvlGC1lUJ1EzpjIhVoibcv4sxsoqAoJu9Y119onD6+OHsYLzLCWtpD6S1uQbNHmgVXgnm7tcsv8lNN5nNqPbXKVoFO9Xs0lAwjuKNyUw/JA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=O/ElI3zfus3NYkHUTH47QaSTnI9KGlMBICADaLRtos8=; b=H6lRiprr3yEfJIg8v2TwWSvXRIKB83gKFTqGq05ygRsww/Y6gona7Nvdxut55P1jKDQZp5JKjlEeSechKOR6t0DXuZpzDWRsMwRK9UuPIq1ScQLk5VTVzmu7V7u0oCWcy/bJj5UkEvIYSK5sfw8HKb7yFDCWNMZCIznlM4SfM636vskNWzQeOnmOZ2Nk9aPxsqQj2TPKGk9/kdG64HGN6OtaPfuM8q2B9JtHqorCT46SNcBqDxYe/Tx/6f9l6mUaGLvbBxEwpAgNV+H96GzpRAuvpFQvDmNbaZFBmhCcqFNIC9aWi1kBsewhcQHQfFa7om++xXpzwIoJ14tEMKGVPQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB2965.namprd12.prod.outlook.com (20.178.52.214) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.18; Mon, 19 Aug 2019 21:35:51 +0000 X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:35:51 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [edk2-devel] [RFC PATCH 04/28] OvmfPkg: Create a GHCB page for use during Sec phase Thread-Topic: [RFC PATCH 04/28] OvmfPkg: Create a GHCB page for use during Sec phase Thread-Index: AQHVVtYSoQOpaoLYa0aA0ZRNFtsEdA== Date: Mon, 19 Aug 2019 21:35:51 +0000 Message-ID: <0be78309c1e69f907d36512661dc0843db531837.1566250534.git.thomas.lendacky@amd.com> References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: baf54d57-096c-482b-122b-08d724ed3539 x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: BYAPR12MB2965: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:4125; Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46104+1787277+3901457@groups.io; helo=web01.groups.io; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: +eBjajifY24BSknDLHB92/AQjFoICe4gw9KTh6z6Gy9JYsG558wqubgLvNJU9FYV91+5bg9wQZQ2zRFbxumLVRPoDchsr126JXdF4wbnY0mgKkV6yYK8Ch4IusxnJrAso45AWBbqTAi3MKtZcQz5QZiStBv2MDXPTkQhd1U70pMLR8ZDIjUAQGDX5rO3x0LP5RLdn8gv5GYsXqICYGAOQHTtF5I2uKbCAoAZ6YQjm7rmbSlfIj4HELEp3/FiTpcGgCoJFTacJMrJWEdLObIimJT4QHx0G8WxqGpiC/zQnoahbpcUj7h2Ybovr15Vgg/bw+CQliG+VLk8kGOZS2ijG5ALfV9c3kn6SzJVms/vJ//1fq9ez0YRY4E1WS/uKOwHxeVmFXWc6orG4IFxBLseDVBar1lY/5j8/e8Q44oYSpM= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: baf54d57-096c-482b-122b-08d724ed3539 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:35:51.7744 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 6Xp42oGibN5/Yplf+Gd3bMA4ZK5csm8HDRNxZkxKCws5+xGoQYnaOxDK02nclKb56tbkTw03MJm9GYzbotAaxw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB2965 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com Content-Language: en-US Content-ID: Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566301167; bh=hJzwiVgrljoNdkjIiqqWbuEjsjN4D4g1ykA95xiv2V8=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=AvuT2cyiwjarc30OXFGhP180JDhMUeTGSmJkiXIVbPrX0Ce/vd7wGBBB2j6EIQWT0AG SgVkKKIWI0eUcpSEJ/pMXOF3ZNK6WjO4WdeRdixeq6Zs8PBZL/kTPVSC/PgIojF4IenCG 96xRTKYsB7e649UM77EYk+vxxkZ3TSL3fEY= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky A GHCB page is needed during the Sec phase, so this new page must be created. Since the GHCB must be marked as an un-encrypted, or shared, page, an additional pagetable page is required so break down the 2MB region where the GHCB page lives into 4K pagetable entries. Signed-off-by: Tom Lendacky --- OvmfPkg/OvmfPkg.dec | 5 +++ OvmfPkg/OvmfPkgX64.fdf | 11 ++++--- OvmfPkg/PlatformPei/PlatformPei.inf | 2 ++ OvmfPkg/ResetVector/ResetVector.inf | 2 ++ UefiCpuPkg/Include/Register/Amd/Fam17Msr.h | 28 ++++++++++++++++ OvmfPkg/ResetVector/Ia32/PageTables64.asm | 37 +++++++++++++++++++++- OvmfPkg/ResetVector/ResetVector.nasmb | 2 +- 7 files changed, 81 insertions(+), 6 deletions(-) diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 9640360f6245..2ead9a944af4 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -218,6 +218,11 @@ [PcdsFixedAtBuild] # The value should be a multiple of 4KB. gUefiOvmfPkgTokenSpaceGuid.PcdHighPmmMemorySize|0x400000|UINT32|0x31 =20 + ## Specify the GHCB base address and size. + # The value should be a multiple of 4KB for each. + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|0x0|UINT32|0x32 + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbSize|0x0|UINT32|0x33 + [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10 diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 74407072563b..2a2427092382 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -67,13 +67,16 @@ [FD.MEMFD] BlockSize =3D 0x10000 NumBlocks =3D 0xC0 =20 -0x000000|0x006000 +0x000000|0x007000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPageTablesSize =20 -0x006000|0x001000 -gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase|gUefiOvmfPkgTokenSpac= eGuid.PcdOvmfLockBoxStorageSize - 0x007000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|gUefiOvmfPkgTokenSpaceGuid.P= cdOvmfSecGhcbSize + +0x008000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase|gUefiOvmfPkgTokenSpac= eGuid.PcdOvmfLockBoxStorageSize + +0x009000|0x001000 gEfiMdePkgTokenSpaceGuid.PcdGuidedExtractHandlerTableAddress|gUefiOvmfPkgT= okenSpaceGuid.PcdGuidedExtractHandlerTableSize =20 0x010000|0x010000 diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index d9fd9c8f05b3..aed1f64b7c93 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -72,6 +72,8 @@ [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageSize gUefiOvmfPkgTokenSpaceGuid.PcdGuidedExtractHandlerTableSize diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/Rese= tVector.inf index 960b47cd0797..d66f4dc29737 100644 --- a/OvmfPkg/ResetVector/ResetVector.inf +++ b/OvmfPkg/ResetVector/ResetVector.inf @@ -37,3 +37,5 @@ [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbSize diff --git a/UefiCpuPkg/Include/Register/Amd/Fam17Msr.h b/UefiCpuPkg/Includ= e/Register/Amd/Fam17Msr.h index 37b935dcdb30..55a5723e164e 100644 --- a/UefiCpuPkg/Include/Register/Amd/Fam17Msr.h +++ b/UefiCpuPkg/Include/Register/Amd/Fam17Msr.h @@ -17,6 +17,34 @@ #ifndef __FAM17_MSR_H__ #define __FAM17_MSR_H__ =20 +/** + Secure Encrypted Virtualization - Encrypted State (SEV-ES) GHCB register + +**/ +#define MSR_SEV_ES_GHCB 0xc0010130 + +/** + MSR information returned for #MSR_SEV_ES_GHCB +**/ +typedef union { + struct { + UINT32 GhcbNegotiateBit:1; + + UINT32 Reserved:31; + } Bits; + + struct { + UINT8 Reserved[3]; + UINT8 SevEncryptionBitPos; + UINT16 SevEsProtocolMin; + UINT16 SevEsProtocolMax; + } GhcbProtocol; + + VOID *Ghcb; + + UINT64 GhcbPhysicalAddress; +} MSR_SEV_ES_GHCB_REGISTER; + /** Secure Encrypted Virtualization (SEV) status register =20 diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto= r/Ia32/PageTables64.asm index c6071fe934de..fd4d5b1d8661 100644 --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm @@ -21,6 +21,11 @@ BITS 32 %define PAGE_2M_MBO 0x080 %define PAGE_2M_PAT 0x01000 =20 +%define PAGE_4K_PDE_ATTR (PAGE_ACCESSED + \ + PAGE_DIRTY + \ + PAGE_READ_WRITE + \ + PAGE_PRESENT) + %define PAGE_2M_PDE_ATTR (PAGE_2M_MBO + \ PAGE_ACCESSED + \ PAGE_DIRTY + \ @@ -120,7 +125,7 @@ SevNotActive: ; more permanent location by DxeIpl. ; =20 - mov ecx, 6 * 0x1000 / 4 + mov ecx, 7 * 0x1000 / 4 xor eax, eax clearPageTablesMemoryLoop: mov dword[ecx * 4 + PT_ADDR (0) - 4], eax @@ -157,6 +162,36 @@ pageTableEntriesLoop: mov [(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], edx loop pageTableEntriesLoop =20 + ; + ; The GHCB will live at 0x807000 (just after the page tables) + ; and needs to be un-encrypted. This requires the 2MB page + ; (index 4 in the first 1GB page) for this range be broken down + ; into 512 4KB pages. All will be marked as encrypted, except + ; for the GHCB. + ; + mov ecx, 4 + mov eax, PT_ADDR (0x6000) + PAGE_PDP_ATTR + mov [ecx * 8 + PT_ADDR (0x2000)], eax + + mov ecx, 512 +pageTableEntries4kLoop: + mov eax, ecx + dec eax + shl eax, 12 + add eax, 0x800000 + add eax, PAGE_4K_PDE_ATTR + mov [ecx * 8 + PT_ADDR (0x6000 - 8)], eax + mov [(ecx * 8 + PT_ADDR (0x6000 - 8)) + 4], edx + loop pageTableEntries4kLoop + + ; + ; Clear the encryption bit from the GHCB entry (index 7 in the + ; new PTE table - (0x807000 - 0x800000) >> 12). + ; + mov ecx, 7 + xor edx, edx + mov [(ecx * 8 + PT_ADDR (0x6000)) + 4], edx + ; ; Set CR3 now that the paging structures are available ; diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re= setVector.nasmb index 3b213cd05ab2..56d9b86ed943 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -49,7 +49,7 @@ %ifdef ARCH_X64 #include =20 - %if (FixedPcdGet32 (PcdOvmfSecPageTablesSize) !=3D 0x6000) + %if (FixedPcdGet32 (PcdOvmfSecPageTablesSize) !=3D 0x7000) %error "This implementation inherently depends on PcdOvmfSecPageTables= Size" %endif =20 --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46104): https://edk2.groups.io/g/devel/message/46104 Mute This Topic: https://groups.io/mt/32966276/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-