From nobody Sun Feb  8 14:22:09 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+74311+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+74311+1787277+3901457@groups.io;
	arc=fail (BodyHash is different from the expected one);
	dmarc=fail(p=none dis=none)  header.from=amd.com
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1618959603590183.32133858325597;
 Tue, 20 Apr 2021 16:00:03 -0700 (PDT)
Return-Path: <bounce+27952+74311+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id bcl1YY1788612xptMldlWiNI;
 Tue, 20 Apr 2021 16:00:02 -0700
X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com
 (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.86])
 by mx.groups.io with SMTP id smtpd.web10.4427.1618959319881816979
 for <devel@edk2.groups.io>;
 Tue, 20 Apr 2021 15:55:20 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=Dvze3jZYx6PmY5btom6aHpNdcZLcYnjHdvSkTq8oIqoM1Mlk3jQojJFWclJ2uKc42wSfBOPgmgQ6yR/gqnAZPNMqFYpVo9AfprTJm0ciFkvAH2gVV6IIE99CbUmkp2PfRaFec+kFfAmQ1KYStF5xHg1aYMSMvZ8IS3AFnN7sU38Y3t3qkc6FJT7gm4oYfZCQFUa14h1Wh5v37wbntZ86UJPaaDCPly9tXEypPylu+fJpNOLtNHvfHADyDJfuVoUBWfd6hhMgI0doe7s6I/zrCTcXRMVcjAv0go/01vx1ZSz9Y21izwyMOdS7L698n9+4qtF3alcV4EG+SWE3G7K0Ww==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=IV6d+KCFdmfmcxSXfvRENdHZYbY9RcCAXkNcPWojAYQ=;
 b=IuTobAKCEOwTLM3a6hvc1rDUZD/FAPo544lrefiXRY4CpIhf8ujNSzBY2tMh37Ebm9WxLb8Eaoald7ABIrY9xBTan8C5Qa6b22yPqx1wnRwUKL3pLfFVZXX3wWQ2zRDQXyf3MjX026k3vfWn3JbLq1EfUaUFZ/G66Lo4oocKScItTTKzBFc8AqzfT9meFhgTgfE5GKDUzw8GqQ3fm52aildBok5nrQcjMJi+/CsjBcaJu6hG0Zt8/wQTcSwwxKD1GBTvwWqRKxgyJ84IpHJlCg6n8365m+DrPcsqfZqQKCWqLi42N1E04gLYou+nc4u2ra2zT6H/jiNQC9QyTrd+Iw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
X-Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7)
 by
 DM6PR12MB4337.namprd12.prod.outlook.com (2603:10b6:5:2a9::12) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.4042.16; Tue, 20 Apr 2021 22:55:18 +0000
X-Received: from DM5PR12MB1355.namprd12.prod.outlook.com
 ([fe80::b914:4704:ad6f:aba9]) by DM5PR12MB1355.namprd12.prod.outlook.com
 ([fe80::b914:4704:ad6f:aba9%12]) with mapi id 15.20.4042.024; Tue, 20 Apr
 2021 22:55:18 +0000
From: "Lendacky, Thomas" <thomas.lendacky@amd.com>
To: devel@edk2.groups.io
CC: Joerg Roedel <joro@8bytes.org>,
	Borislav Petkov <bp@alien8.de>,
	Laszlo Ersek <lersek@redhat.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Brijesh Singh <brijesh.singh@amd.com>,
	James Bottomley <jejb@linux.ibm.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Min Xu <min.m.xu@intel.com>
Subject: [edk2-devel] [PATCH 3/3] OvmfPkg/PlatformPei: Mark TPM MMIO range as
 unencrypted for SEV
Date: Tue, 20 Apr 2021 17:54:42 -0500
Message-ID: 
 <1f64ca5689ec86c427e4db8c41da598896dca4ba.1618959281.git.thomas.lendacky@amd.com>
In-Reply-To: <cover.1618959281.git.thomas.lendacky@amd.com>
References: <cover.1618959281.git.thomas.lendacky@amd.com>
X-Originating-IP: [165.204.77.1]
X-ClientProxiedBy: SN4PR0501CA0066.namprd05.prod.outlook.com
 (2603:10b6:803:41::43) To DM5PR12MB1355.namprd12.prod.outlook.com
 (2603:10b6:3:6e::7)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-Received: from tlendack-t1.amd.com (165.204.77.1) by
 SN4PR0501CA0066.namprd05.prod.outlook.com (2603:10b6:803:41::43) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.6 via Frontend
 Transport; Tue, 20 Apr 2021 22:55:18 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: f97f73b0-f9ac-4c16-00c2-08d9044f5ea2
X-MS-TrafficTypeDiagnostic: DM6PR12MB4337:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
 <DM6PR12MB4337DECD63D74136CB0E2EE9EC489@DM6PR12MB4337.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:8882;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: 
 x9kVgftWuxx4gRd3/YuJY6kMmeXX30Jf0EBOK2e9m1aSRdUP/FvAnFl/jqiX9/6lKSPtUn5+9BdETaVSvenScWeneP1fBfcPeY5C1eANg0f/o5M7Kg2kWIT67uZZFLJIQ1d8zjttL7+zAI/NPREW7lbX9zP5ILlEYD4X6JJ4l7pzpJTBcSsS06z1tHjq5B6j1icCsevf9pzMtGzH0sU2LS/gZAQ4jk/SM3ahMRev+Xccpw4ByTHo2T+9A9oP/VyoUX58YXb3SmdTYYdZ1oNyCcQKgj+3W+JN9nCyTbBBIdhDpKx3qAbOE+CEpTWG5QJMcmhNynxzUECt6K91dRLf8HNn5by+5+4C9UQqxMQaQ7lSiZBKu/HVvrf41qmHEq9UpQ73/1TfLx2H4nzWWDjS1YjOKz5PXkN21ICA08gagfJA5abcSq6JnVTgnCVGlVsWJ8U7z+IXdI847GM352gJ95HbNDeEH6PwLLS7c8aTrDj9wDRu/xNMPlUKSRkqK9Vst/qaNLaSNan3fN3m46NbM3E50gD8p0W6p+REz5EPLNByEvWQb6oqSd7qGToACn0++wyxJZlZBxdUnn34pN64yK9+bpl/oLaIpV+ZKa//tU60/PyCFslLF66rPeg1Nq+4Unc2WfV3A/QSYRJv+Jq9pp54A005aa28+di/Ibuvdk8vlYTO5FSqqjudPZawxGSWyZCNIU62XyUCgA6NUPcXCyw/Ruw7NrT7IT241GZJBHc=
X-MS-Exchange-AntiSpam-MessageData: 
 =?us-ascii?Q?ddjSondS0l+ejuldS05+dFfcKh9dtbxsFo0wqDmZTknw7uLmdoJrDcp6CvyC?=
 =?us-ascii?Q?XUa60pG965WUWzJngycA/w8yLmAvipgbxSUcjtkdPFHFNZ2ysbN3IixQuNyj?=
 =?us-ascii?Q?w3vm2jfVSfi+rDQsFpfg67+2YcAuRhNzZT4U6U7G7Eq1jikNZ10Pxm59lNV1?=
 =?us-ascii?Q?b3DRxw4WL3JJM6eEnm66RVhCwLVNZ9JndkmbQ3DiMBp/I1CXPtSe7eBiLEsd?=
 =?us-ascii?Q?pY+O4PILpU1O7mcUmgPys+AZZZyruLYaOfzh3PimuJaVsZT/lp5pNpkZjU8I?=
 =?us-ascii?Q?i4zYhZ5uq+L5LcghI+FCH2CZ7Bze/uy3T3kxGYk2pihJezHB2/WVCI2Os5tW?=
 =?us-ascii?Q?0yjB6OV2BTvNEOQqekXKHXAY3gTOQ2f9TazC7jSFxpLtibyIYpzqibV4/Llt?=
 =?us-ascii?Q?cW5aqGCJMrydgJLCt/5JzypRi+YGkXZXGzoSXKFKsIEL+wgZkeFZdgmKiMnu?=
 =?us-ascii?Q?HHEXjaSdAof7q/vPKMN9C+8b5iJbCTGCyYbGKocEnrJHFB8DQYgApQNqH+c6?=
 =?us-ascii?Q?1YMbb2XgaAudvz/4WHrBv1yPlRTzuevmWIe/8gP6LrHSxKeS/RWLWGhBIP3X?=
 =?us-ascii?Q?uDYE01pvv0HoAv4yUEcue4UC70Q48GQZsG2SiM3m/nL6CbkNYgwNprf99Yxp?=
 =?us-ascii?Q?Lqvw0yUbympWTEmjby8pUvOK9SY1ol6pucP0in43VMj2WRrLxldU/QFy+CUO?=
 =?us-ascii?Q?FAmlNoOeDBo3QFLesaI2NAbvWCWYON5Ot9aMLtogmEozKTJjUE3/68x2nG7E?=
 =?us-ascii?Q?wiiaAhAUbmHD1dCbBN1dRsdVEieOBrJ7EoOcPA2NOOw5EsdmaohceuMC7P96?=
 =?us-ascii?Q?0wlWFxuzGyokQoc+vLq5B4iItQ9WEPC5OVX+7iCWNcSr5wQCVTgjjtTucnwA?=
 =?us-ascii?Q?jJEMJxPGpm6kJrkdDzUfpKgrokyMWydd7hqqRFrBw+VMjZqAUdl1B0oJWay8?=
 =?us-ascii?Q?xSiZB8j4Q8qvdosIEk0ZU9Yrr/igy/ZTjB1xuipmy3xSmEkAuY6DJb/u0Wzm?=
 =?us-ascii?Q?dIiy1nnAwYd1yJmpIS35xqOdn4Rt5+orqKrgtYmb0gVN1h9qPn+isLO5mHXY?=
 =?us-ascii?Q?AwnfcwsS5kmZ/BStY8wvrzBumUPNKs6elQfnZOXTcFK/H4c755lly/psaOno?=
 =?us-ascii?Q?Xqv35kRFEMTRTk7bdjiV1Vo/2/zGTmyO5YjlTGMmmdD73APq6xcHAf299k8Q?=
 =?us-ascii?Q?uylqtf5PvDq8FEOP+W4V2SrUp76nY2Jo4Htnxy55gVQp/aTjJFpfg0uXRmj+?=
 =?us-ascii?Q?u6gKO8uixAw7yAcSbR+nSbe1zn9dOoK8/50e0zvOyN6z35ofheS1gMsy6y0t?=
 =?us-ascii?Q?keAZxpRhn04TLlwtHBQfePbk?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 f97f73b0-f9ac-4c16-00c2-08d9044f5ea2
X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Apr 2021 22:55:18.7518
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 GvAjvQDorhKIe3sXTZ8prxBmvV94GJh/YXHY42E84odnyLzkeC1SKcMpieay8fA6u4DsIh0tEak2kAWqDsGJtA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4337
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com
X-Gm-Message-State: PLJRgUJVIJh6ZDQC1gz6ddCZx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1618959602;
 bh=3DkGGCp9XqSZalf3ldZrUywNNOQBjbr2V0vK0J6JlI4=;
 h=CC:Content-Type:Date:From:Reply-To:Subject:To;
 b=KJaFyELGxTABIXg+F2FIhLxZaMGVX88+JHIBrpps5JzxpntL6+AnAX5vFgRJVS2RtLv
 /jtlo0EyEsx1as12vR53fk/6BSdreMdGv12GpZ9mjbDuNHJJK4OeQqOTXeNYFgm8SJMC0
 cprG4nyhFcQnVVIdYA7VhOCWiNzO8e8N5z8=
X-ZohoMail-DKIM: pass (identity @groups.io)
Content-Type: text/plain; charset="utf-8"

From: Tom Lendacky <thomas.lendacky@amd.com>

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3345

The TPM support in OVMF performs MMIO accesses during the PEI phase. At
this point, MMIO ranges have not been marked un-encyrpted, so an SEV-ES
guest will fail attempting to perform MMIO to an encrypted address.

Read the PcdTpmBaseAddress and mark the specification defined range
(0x5000 in length) as un-encrypted, to allow an SEV-ES guest to process
the MMIO requests.

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 OvmfPkg/PlatformPei/PlatformPei.inf |  1 +
 OvmfPkg/PlatformPei/AmdSev.c        | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat=
formPei.inf
index 6ef77ba7bb21..de60332e9390 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -113,6 +113,7 @@ [Pcd]
=20
 [FixedPcd]
   gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress
   gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryNVS
   gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory
   gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType
diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index dddffdebda4b..d524929f9e10 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -141,6 +141,7 @@ AmdSevInitialize (
   )
 {
   UINT64                            EncryptionMask;
+  UINT64                            TpmBaseAddress;
   RETURN_STATUS                     PcdStatus;
=20
   //
@@ -206,6 +207,24 @@ AmdSevInitialize (
     }
   }
=20
+  //
+  // PEI TPM support will perform MMIO accesses, be sure this range is not
+  // marked encrypted.
+  //
+  TpmBaseAddress =3D PcdGet64 (PcdTpmBaseAddress);
+  if (TpmBaseAddress !=3D 0) {
+    RETURN_STATUS  DecryptStatus;
+
+    DecryptStatus =3D MemEncryptSevClearPageEncMask (
+                      0,
+                      TpmBaseAddress,
+                      EFI_SIZE_TO_PAGES (0x5000),
+                      FALSE
+                      );
+
+    ASSERT_RETURN_ERROR (DecryptStatus);
+  }
+
   //
   // Check and perform SEV-ES initialization if required.
   //
--=20
2.31.0



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#74311): https://edk2.groups.io/g/devel/message/74311
Mute This Topic: https://groups.io/mt/82247968/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-