From nobody Sat Nov 2 10:20:24 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1493138212744706.3691713184213; Tue, 25 Apr 2017 09:36:52 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id D5F3E21951C9F; Tue, 25 Apr 2017 09:36:28 -0700 (PDT) Received: from mail-oi0-x244.google.com (mail-oi0-x244.google.com [IPv6:2607:f8b0:4003:c06::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 437C221951C82 for ; Tue, 25 Apr 2017 09:36:27 -0700 (PDT) Received: by mail-oi0-x244.google.com with SMTP id a3so31964800oii.3 for ; Tue, 25 Apr 2017 09:36:27 -0700 (PDT) Received: from brijesh-build-machine.amd.com ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id j17sm9666356ota.24.2017.04.25.09.36.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Apr 2017 09:36:26 -0700 (PDT) X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=1CDrr2KdHRuJlk1aIvh6L5gFRgruW+yf7bDWSmlf8dI=; b=Zas/IjULJrS8uK1DRQm8If1ocs8djpNZu1Xr9diCKgfgH4HOsDXW00le3dxRpJdeGV ORNejhmK0jbzrW+JMv1t+x3jsiQ0c6+ij2Pk4nmJ39wlgDLqRWbqed23e+UMZBQrnSCW sjeMXUllae3OK+TML470Wly+DU5yM9Ze5CQREOntiFDum7oX5Psce+0Gj2cGD7mWvKw6 gwoor79o8SOL7oijusmuGfWCs1KHmByH2mfSINji7niueO2BR/9ogvVU8fQ4OCt669vf dXYCjlAg6U/ILhA+dF268K5qD/DnEMImPABNzMjygF0kowURtYeKzBn2iCk4ugIhCFBm g6Jg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=1CDrr2KdHRuJlk1aIvh6L5gFRgruW+yf7bDWSmlf8dI=; b=CW9rO82kgprO163KUEZTjyNdwnG5MB0lCE3b8HBkGxojHxn7Hq5dzi6xoXeuZfK2wD Kb8/T4GJq2vcLWWn/NUEebgKfXK8Rz4xjRLS4gCJl2ah0AwJX3DwILuBDW05CoH0rt+x zYDtV7i1ubIoWn97EnHe5OcV2k4iiOe1MNdeCwRCeOt69XW2znmI6pqB6cvF1RS3Z3tS Sw2czBvfu39O1GwSPU435DxLWIQgr1nfxJfP7OqPI8g687UtjIIDWR1Ibmoxzncyhml/ AZr8CgI3FxIE9Aq3qwNkaNwYLmOUObCkN1BRLi0v3UW96Ata15Xkj+Kyq8FNrIEBSq3v ubkw== X-Gm-Message-State: AN3rC/5KlNdIiQYWodCnFoA73v/cTPqJPFg7OxZ7fMEJfLSHG1vaCi1n AGBZdijVacdbJg== X-Received: by 10.157.14.171 with SMTP id 40mr16805005otj.193.1493138186520; Tue, 25 Apr 2017 09:36:26 -0700 (PDT) From: Brijesh Singh To: edk2-devel@lists.01.org, lersek@redhat.com, jordan.l.justen@intel.com Date: Tue, 25 Apr 2017 12:34:24 -0400 Message-Id: <1493138064-7816-16-git-send-email-brijesh.ksingh@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> References: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> Subject: [edk2] [RFC v3 15/15] OvmfPkg/AmdSevDxe: Add AmdSevDxe driver X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: thomas.lendacky@amd.com, brijesh.singh@amd.com, ard.biesheuvel@linaro.org, liming.gao@intel.com, leo.duran@amd.com, jiewen.yao@intel.com, star.zeng@intel.com MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh When SEV is enabled, the MMIO memory range must be mapped as unencrypted (i.e C-bit cleared). The patch adds a DXE driver that runs early in boot and clears the memory encryption attribute from MMIO and NonExistent memory ranges. By clearing the C-bit from NonExistent memory space will gurantee that any MMIO adds done later (e.g PciHostBridge) will be mapped as unencrypted . Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkgIa32X64.dsc | 1 + OvmfPkg/OvmfPkgX64.dsc | 1 + OvmfPkg/OvmfPkgIa32X64.fdf | 2 + OvmfPkg/OvmfPkgX64.fdf | 2 + OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 43 +++++++++++++ OvmfPkg/AmdSevDxe/AmdSevDxe.c | 67 ++++++++++++++++++++ 6 files changed, 116 insertions(+) diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index da7b8d398462..311f152fca0a 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -805,6 +805,7 @@ [Components.X64] !endif =20 OvmfPkg/PlatformDxe/Platform.inf + OvmfPkg/AmdSevDxe/AmdSevDxe.inf =20 !if $(SMM_REQUIRE) =3D=3D TRUE OvmfPkg/SmmAccess/SmmAccess2Dxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 8bf7cf8e75a6..70f700373f20 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -803,6 +803,7 @@ [Components] !endif =20 OvmfPkg/PlatformDxe/Platform.inf + OvmfPkg/AmdSevDxe/AmdSevDxe.inf =20 !if $(SMM_REQUIRE) =3D=3D TRUE OvmfPkg/SmmAccess/SmmAccess2Dxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf index 5233314139bc..12871860d001 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -190,6 +190,7 @@ [FV.DXEFV] APRIORI DXE { INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf + INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf !if $(SMM_REQUIRE) =3D=3D FALSE INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf !endif @@ -351,6 +352,7 @@ [FV.DXEFV] INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf INF OvmfPkg/PlatformDxe/Platform.inf +INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf =20 !if $(SMM_REQUIRE) =3D=3D TRUE INF OvmfPkg/SmmAccess/SmmAccess2Dxe.inf diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 36150101e784..ae6e66a1c08d 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -190,6 +190,7 @@ [FV.DXEFV] APRIORI DXE { INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf + INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf !if $(SMM_REQUIRE) =3D=3D FALSE INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf !endif @@ -351,6 +352,7 @@ [FV.DXEFV] INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf INF OvmfPkg/PlatformDxe/Platform.inf +INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf =20 !if $(SMM_REQUIRE) =3D=3D TRUE INF OvmfPkg/SmmAccess/SmmAccess2Dxe.inf diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.= inf new file mode 100644 index 000000000000..633387f6d2c7 --- /dev/null +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf @@ -0,0 +1,43 @@ +#/** @file +# +# AmdSevDxe driver clears the C-bit from MMIO region +# +# Copyright (c) 2017, AMD Inc. All rights reserved.
+# +# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the B= SD +# License which accompanies this distribution. The full text of the lice= nse may +# be found at http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM= PLIED. +# +#**/ + +[Defines] + INF_VERSION =3D 1.25 + BASE_NAME =3D AmdSevDxe + FILE_GUID =3D 2ec9da37-ee35-4de9-86c5-6d9a81dc38a7 + MODULE_TYPE =3D DXE_DRIVER + VERSION_STRING =3D 1.0 + ENTRY_POINT =3D AmdSevDxeEntryPoint + +[Sources] + AmdSevDxe.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + OvmfPkg/OvmfPkg.dec + +[LibraryClasses] + BaseLib + DebugLib + DxeServicesTableLib + MemEncryptSevLib + UefiBootServicesTableLib + UefiDriverEntryPoint + UefiLib + +[Depex] + TRUE diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c new file mode 100644 index 000000000000..4c863ff604dc --- /dev/null +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -0,0 +1,67 @@ +/** @file + + The driver runs early in DXE phase and clears C-bit from MMIO memory spa= ce. + + Copyright (c) 2017, AMD Inc. All rights reserved.
+ + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD + License which accompanies this distribution. The full text of the licen= se may + be found at http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. + +**/ + +#include + +#include +#include +#include +#include +#include +#include +#include + +EFI_STATUS +EFIAPI +AmdSevDxeEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_GCD_MEMORY_SPACE_DESCRIPTOR *AllDescMap; + UINTN NumEntries; + UINTN Index; + EFI_STATUS Status; + + // + // Do nothing when SEV is not enabled + // + if (!MemEncryptSevIsEnabled ()) { + return EFI_SUCCESS; + } + + // + // Iterate through the GCD map and clear the C-bit from MMIO and NonExis= tent + // memory space. The NonExistent memory space will be used for mapping t= he MMIO + // space added later (eg PciRootBridge). By clearing both known NonExist= ent + // memory space can gurantee that any MMIO added later will have C-bit c= leared. + // + Status =3D gDS->GetMemorySpaceMap (&NumEntries, &AllDescMap); + if (Status =3D=3D EFI_SUCCESS) { + for (Index =3D 0; Index < NumEntries; Index++) { + CONST EFI_GCD_MEMORY_SPACE_DESCRIPTOR *Desc; + + Desc =3D &AllDescMap[Index]; + if (Desc->GcdMemoryType =3D=3D EfiGcdMemoryTypeMemoryMappedIo || + Desc->GcdMemoryType =3D=3D EfiGcdMemoryTypeNonExistent) { + Status =3D MemEncryptSevClearPageEncMask (Desc->BaseAddress, EFI_S= IZE_TO_PAGES(Desc->Length), FALSE); + ASSERT_EFI_ERROR(Status); + } + } + } + + return Status; +} --=20 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel