From nobody Sat Nov 2 14:27:02 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1488842859850691.6896126623794; Mon, 6 Mar 2017 15:27:39 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 847B780338; Mon, 6 Mar 2017 15:27:38 -0800 (PST) Received: from mail-it0-x241.google.com (mail-it0-x241.google.com [IPv6:2607:f8b0:4001:c0b::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id B3B0980333 for ; Mon, 6 Mar 2017 15:27:37 -0800 (PST) Received: by mail-it0-x241.google.com with SMTP id w185so11363317ita.3 for ; Mon, 06 Mar 2017 15:27:37 -0800 (PST) Received: from [127.0.1.1] ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id b15sm9337856ioj.34.2017.03.06.15.27.36 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 06 Mar 2017 15:27:36 -0800 (PST) X-Original-To: edk2-devel@ml01.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:cc:date:message-id:in-reply-to:references :user-agent:mime-version:content-transfer-encoding; bh=NhFE9VUwdBHZlRBOozeZMhxftUbqETgHBmjfPRfJVPw=; b=D1jWM3vlxZLRZPnJDbLZqu+m8a54QlSzQMzRlgp3VOMJKClmIJWUvBUvhpy0S6VzsE NeQQ8AWORk/0tucXzIpTkU7Ehp2EOkbB4OMo/Ms9cIWvXi0DjacxRKLL4Jn6NIUzWGZA zULe3woTxBSIz2fN311p5ZZErdqPVSgvqBKz2sq16MmR3y9QOJ9fFXYVHkoP4CDxtrF4 NTidn6bVAflOtxahi+hK5kp4Mc0/7B0r0APXWU8KPpg7Ca7nvtWNRR/RkgR+ZkZL3uvp 5PHlX0XR9hUgPLcUGPANE/i/IVBN//yejhF2KiP/OUagNPOgA0JtJlgoFSlDQWQwXy3y o7rw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:cc:date:message-id:in-reply-to :references:user-agent:mime-version:content-transfer-encoding; bh=NhFE9VUwdBHZlRBOozeZMhxftUbqETgHBmjfPRfJVPw=; b=BGsDvmmU3VVGbqcqqye0nFmbZOYJGdu8UIg/1Kdir2236oaGapKQHOvz3YB08DeOOM rUkNqVpLqwhgSRn5/T6a2ldyMrB0LYJsD7Dl24tVRAOJdAfGsFBd1t71bFghap16PJ6/ nB/+PIR3mMuNTaZQvVqxw5CmScwNMoQ1yDHDoBBYO7Cgt+DXDDPR2TvYrlvLCzjKvjWC QkRGfSmI276B7f5XLJdvne25pZmTrJg1+L5Mijr5wM60TeF8YFIodwAcZ/lJ4Z8wnpoH Vu8TPlNjRXC4Q2VJDBAmevHiSX7Lz0KGzLbiXEK/P1wj5HphiluDY41vhGKb8fGFszet A+sQ== X-Gm-Message-State: AMke39lHtoYJT3i4PmCLBKT0XhyOmFxJDoAMUj7thBVkt9QPzUg9Omg9EJQs7oFmvab1DQ== X-Received: by 10.36.91.67 with SMTP id g64mr15943269itb.20.1488842857086; Mon, 06 Mar 2017 15:27:37 -0800 (PST) From: Brijesh Singh X-Google-Original-From: Brijesh Singh To: jordan.l.justen@intel.com, edk2-devel@ml01.01.org, lersek@redhat.com Date: Mon, 06 Mar 2017 18:27:35 -0500 Message-ID: <148884285589.29188.3336162059588227554.stgit@brijesh-build-machine> In-Reply-To: <148884284887.29188.7643544710695103939.stgit@brijesh-build-machine> References: <148884284887.29188.7643544710695103939.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Subject: [edk2] [RFC PATCH v1 1/5] OvmfPkg/ResetVector: Set memory encryption when SEV is active X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Thomas.Lendacky@amd.com, leo.duran@amd.com, brijesh.sing@amd.com Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" SEV guest VMs have the concept of private and shared memory. Private memory is encrypted with the guest-specific key, while shared memory may be encrypted with hypervisor key. The C-bit (encryption attribute) in PTE indicates whether the page is private or shared. If SEV is active, set the memory encryption attribute while building the page table. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Brijesh Singh --- OvmfPkg/ResetVector/Ia32/PageTables64.asm | 52 +++++++++++++++++++++++++= ++++ 1 file changed, 52 insertions(+) diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto= r/Ia32/PageTables64.asm index 6201cad..eaf9732 100644 --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm @@ -26,6 +26,7 @@ BITS 32 %define PAGE_GLOBAL 0x0100 %define PAGE_2M_MBO 0x080 %define PAGE_2M_PAT 0x01000 +%define KVM_FEATURE_SEV 0x08 =20 %define PAGE_2M_PDE_ATTR (PAGE_2M_MBO + \ PAGE_ACCESSED + \ @@ -37,6 +38,33 @@ BITS 32 PAGE_READ_WRITE + \ PAGE_PRESENT) =20 +; Check if Secure Encrypted Virtualization (SEV) feature +; is enabled in KVM +; +; If SEV is enabled, then EAX will contain Memory encryption bit position +; +CheckKVMSEVFeature: + ; Check for SEV feature + ; CPUID KVM_FEATURE - Bit 8 + mov eax, 0x40000001 + cpuid + bt eax, KVM_FEATURE_SEV + jnc NoSev + + ; Get memory encryption information + ; CPUID Fn8000_001F[EBX] - Bits 5:0 + ; + mov eax, 0x8000001f + cpuid + mov eax, ebx + and eax, 0x3f + jmp SevExit + +NoSev: + xor eax, eax + +SevExit: + OneTimeCallRet CheckKVMSEVFeature =20 ; ; Modified: EAX, ECX @@ -60,18 +88,41 @@ clearPageTablesMemoryLoop: mov dword[ecx * 4 + PT_ADDR (0) - 4], eax loop clearPageTablesMemoryLoop =20 + ; Check if it SEV-enabled Guest + ; + OneTimeCall CheckKVMSEVFeature + xor edx, edx + test eax, eax + jz SevNotActive + + ; If SEV is enabled, Memory encryption bit is always above 31 + mov ebx, 32 + sub ebx, eax + bts edx, eax + +SevNotActive: + + ; ; ; Top level Page Directory Pointers (1 * 512GB entry) ; + ; edx contain the memory encryption bit mask, must be applied + ; to upper 31 bit on 64-bit address + ; mov dword[PT_ADDR (0)], PT_ADDR (0x1000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (4)], edx =20 ; ; Next level Page Directory Pointers (4 * 1GB entries =3D> 4GB) ; mov dword[PT_ADDR (0x1000)], PT_ADDR (0x2000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (0x1004)], edx mov dword[PT_ADDR (0x1008)], PT_ADDR (0x3000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (0x100C)], edx mov dword[PT_ADDR (0x1010)], PT_ADDR (0x4000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (0x1004)], edx mov dword[PT_ADDR (0x1018)], PT_ADDR (0x5000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (0x100C)], edx =20 ; ; Page Table Entries (2048 * 2MB entries =3D> 4GB) @@ -83,6 +134,7 @@ pageTableEntriesLoop: shl eax, 21 add eax, PAGE_2M_PDE_ATTR mov [ecx * 8 + PT_ADDR (0x2000 - 8)], eax + mov [(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], edx loop pageTableEntriesLoop =20 ; _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel