From nobody Fri Nov 29 04:41:55 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1490129962490897.020150374192; Tue, 21 Mar 2017 13:59:22 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 498678041F; Tue, 21 Mar 2017 13:59:21 -0700 (PDT) Received: from mail-ot0-x242.google.com (mail-ot0-x242.google.com [IPv6:2607:f8b0:4003:c0f::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 0F04680380 for ; Tue, 21 Mar 2017 13:59:20 -0700 (PDT) Received: by mail-ot0-x242.google.com with SMTP id i1so23742469ota.3 for ; Tue, 21 Mar 2017 13:59:20 -0700 (PDT) Received: from [127.0.1.1] ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id n126sm9295923oia.18.2017.03.21.13.59.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 Mar 2017 13:59:18 -0700 (PDT) X-Original-To: edk2-devel@ml01.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:cc:date:message-id:in-reply-to:references :user-agent:mime-version:content-transfer-encoding; bh=yAKU24hQV2lfymybX1+gVm+DNO7VBM6r9sKVoHpBNl4=; b=GE6ldrNLoRChxP1ZX3aTRjWBhxIg9MlkO+85uZmoeDph+j3bhNrcnieshVuDfHR1/D c8n1OueS/g9vx0j/tIUGVsbdoRMVRgbO+b8++gmAbT73R++HH1gsvBagUKZkPPfqMUFv hQkI+dV7y7f1O8K2RtoyB3v29j/nH8In3F23l01MJUsC5kMPApM7tK53MdM0vjBE6YcP tDfk7NJNrg5toI9Ldjp4uOqOJT/kAvzMCMF1jbI5sUQ6nANdiPWKsLIkVJP/9WAGkc41 MopTrBWEK7YYbt1Uwe0KJtD63iy6JhM3r9qxZVeD0ktgKpWMtLI2bzx46J/N+55a2zA9 FjsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:cc:date:message-id:in-reply-to :references:user-agent:mime-version:content-transfer-encoding; bh=yAKU24hQV2lfymybX1+gVm+DNO7VBM6r9sKVoHpBNl4=; b=kdnf7w1J7MB10W1+e11r8bNc7AWkyXFnJr00b+QVTgIp9r376Hk+f4qzxzzGHf9gVj PaRRntT+I/2ujesc/oaOoiODbXKCI2F/uORq3AeJswqud1F2VfXCm2J7HykhlLpynanf vdVWcrqS3zU7PBbR+QpUWqJCN/96GVVthQb6h89MdDJlS33zc3OEIVhe3aS8CcHO2+tS BpbfF/m3+9nAYMPMZQPZYfFxYhvfjd9vGtofec7AQOIz4lgn9UZdBP7CdiXNVq9UmlF3 Jiw+PthEyKLn+K+XOl4Vn1NpZvcujJ++CQsUmzLM4u9V9zyJ2hhq3l5fuD9ixxRGEAIV B7Pw== X-Gm-Message-State: AFeK/H2v3nx86LEcvGQWCnAyeXFT3FJnLXHOqkSYvgiZRMeZEt2wj66IsAqEufJwva6EMg== X-Received: by 10.157.80.15 with SMTP id a15mr17545233oth.126.1490129959328; Tue, 21 Mar 2017 13:59:19 -0700 (PDT) From: Brijesh Singh X-Google-Original-From: Brijesh Singh To: michael.d.kinney@intel.com, ersek@redhat.com, edk2-devel@ml01.01.org, liming.gao@intel.com, jordan.l.justen@intel.com Date: Tue, 21 Mar 2017 16:59:18 -0400 Message-ID: <149012995820.26803.16399112118312308125.stgit@brijesh-build-machine> In-Reply-To: <149012994545.26803.15256468111517327020.stgit@brijesh-build-machine> References: <149012994545.26803.15256468111517327020.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Subject: [edk2] [RFC PATCH v2 02/10] OvmfPkg/ResetVector: add memory encryption mask when SEV is enabled X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: brijesh.singh@amd.com, leo.duran@amd.com, Thomas.Lendacky@amd.com Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" SEV guest VMs have the concept of private and shared memory. Private memory is encrypted with the guest-specific key, while shared memory may be encrypted with hypervisor key. Certain types of memory (namely instruction pages and guest page tables) are always treated as private memory by the hardware. The C-bit in PTE indicate whether the page is private or shared. The C-bit position for the PTE can be obtained from CPUID Fn8000_001F[EBX]. When SEV is active, the BIOS is pre-encrypted by the Qemu launch sequence, we must set the C-bit when building the page table for 64-bit or 32-bit PAE mode. Signed-off-by: Brijesh Singh --- OvmfPkg/ResetVector/Ia32/PageTables64.asm | 62 +++++++++++++++++++++++++= ++++ 1 file changed, 62 insertions(+) diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto= r/Ia32/PageTables64.asm index 6201cad..7083f6b 100644 --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm @@ -37,6 +37,47 @@ BITS 32 PAGE_READ_WRITE + \ PAGE_PRESENT) =20 +; Check if Secure Encrypted Virtualization (SEV) feature +; =20 +; If SEV is enabled, then EAX will contain Memory encryption bit position +; +CheckSevFeature: + xor eax, eax + + ; Check if we have a valid (0x8000_001F) CPUID leaf + mov eax, 0x80000000 + cpuid + cmp eax, 0x8000001f + jl NoSev + + ; Check for memory encryption feature: + ; CPUID Fn8000_001F[EAX] - Bit 1 + ; + mov eax, 0x8000001f + cpuid + bt eax, 1 + jnc NoSev + + ; Check if memory encryption is enabled + ; MSR_0xC0010131 - Bit 0 (SEV enabled) + ; MSR_0xC0010131 - Bit 1 (SEV-ES enabled) + mov ecx, 0xc0010131 + rdmsr + bt eax, 0 + jnc NoSev + + ; Get pte bit position to enable memory encryption + ; CPUID Fn8000_001F[EBX] - Bits 5:0 + ; + mov eax, ebx + and eax, 0x3f + jmp SevExit + +NoSev: + xor eax, eax + +SevExit: + OneTimeCallRet CheckSevFeature =20 ; ; Modified: EAX, ECX @@ -60,18 +101,38 @@ clearPageTablesMemoryLoop: mov dword[ecx * 4 + PT_ADDR (0) - 4], eax loop clearPageTablesMemoryLoop =20 + ; Check if its SEV-enabled Guest + ; + OneTimeCall CheckSevFeature + xor edx, edx + test eax, eax + jz SevNotActive + + ; If SEV is enabled, Memory encryption bit is always above 31 + mov ebx, 32 + sub ebx, eax + bts edx, eax + +SevNotActive: + + ; ; ; Top level Page Directory Pointers (1 * 512GB entry) ; mov dword[PT_ADDR (0)], PT_ADDR (0x1000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (4)], edx =20 ; ; Next level Page Directory Pointers (4 * 1GB entries =3D> 4GB) ; mov dword[PT_ADDR (0x1000)], PT_ADDR (0x2000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (0x1004)], edx mov dword[PT_ADDR (0x1008)], PT_ADDR (0x3000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (0x100C)], edx mov dword[PT_ADDR (0x1010)], PT_ADDR (0x4000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (0x1014)], edx mov dword[PT_ADDR (0x1018)], PT_ADDR (0x5000) + PAGE_PDP_ATTR + mov dword[PT_ADDR (0x101C)], edx =20 ; ; Page Table Entries (2048 * 2MB entries =3D> 4GB) @@ -83,6 +144,7 @@ pageTableEntriesLoop: shl eax, 21 add eax, PAGE_2M_PDE_ATTR mov [ecx * 8 + PT_ADDR (0x2000 - 8)], eax + mov [(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], edx loop pageTableEntriesLoop =20 ; _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel