From nobody Sat May 4 17:19:15 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1519231964701534.5152230207833; Wed, 21 Feb 2018 08:52:44 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 6B765223230E2; Wed, 21 Feb 2018 08:46:40 -0800 (PST) Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0075.outbound.protection.outlook.com [104.47.40.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 2EBC2223C179D for ; Wed, 21 Feb 2018 08:46:38 -0800 (PST) Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0154.namprd12.prod.outlook.com (2a01:111:e400:50ce::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.506.18; Wed, 21 Feb 2018 16:52:35 +0000 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=helo; client-ip=104.47.40.75; helo=nam03-co1-obe.outbound.protection.outlook.com; envelope-from=brijesh.singh@amd.com; receiver=edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=GG4hsdwF4exT0kk9n4bIVjujxcrVo1rR8hV4fmKQGkY=; b=iDDeJtOSx3eZ3oRE4pxvb7CWHrtbu1Yx00etypB0XIidfLL6BpDl3O//S7vYzrzatZxTIxGH0n0VBVIn4XjqrHlA9g+QIoIIDZEyGn364d9b87KvKt4O9czEgGFFkTur7E5U1sihf3ZN2Ul5IbvUgkOk/oYj6C01raDvgnya1NE= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: edk2-devel@lists.01.org Date: Wed, 21 Feb 2018 10:52:11 -0600 Message-Id: <20180221165212.6643-2-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180221165212.6643-1-brijesh.singh@amd.com> References: <20180221165212.6643-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: MWHPR1601CA0017.namprd16.prod.outlook.com (2603:10b6:300:da::27) To DM2PR12MB0154.namprd12.prod.outlook.com (2a01:111:e400:50ce::17) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 4d486350-78b2-488d-30de-08d5794b82df X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:DM2PR12MB0154; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 3:7RMAeVB8hJZMhwfXxsiN/jwtX3K5jDqk2LD37AGrm7731WmEuLuGFDBN1j2w+1FQyBdTq2kHP5P49o0dnARPwpBaa7sPFXjkEuKrIIAaI1IbIx1+yFGiz4DOpbOA1iquexjTgVJIi1gPrywCowfM0EOv3qSo4us7Sfp4fmczRlQPwhsTo6JFhYT4FvirOHuYqkmaG2FU7iGtVimIazcL30oapSa0UoVnUsIRAjQD/h5n19JC6OkgHo7BXcsPkeyj; 25:ekyL3o5zIdBRCLdqRVoWJz8vTv1hUK8+tMeWS29AC9oCqryhus+eKii0eO59OmXM8+oWw9dqHxU+U/nv/sBfGEA3UI/snirD/USmdivc2tzI5rthOZyHdFCT+ecY22EYpFncvYSS6q5BEAS9hMoEnEfCdXztWPOi6Ptggyvmz6iHQ53ovSP1zsrLcgFQDkkNCU7zo7RDmI3SKbBuhUDtm3n+1Y05synOQBd/0ydPrv5gLdmUBFzSCC9vyFbNZH8kisU3ykZOSGFamun9xZ/KZpXkjh1gLs640VLB1sfTMhZSAgXaJ8dLG/BUxj1vlyjSuhXFJwVPuILfmD8nNU7Btg==; 31:+jJ9I5Q8Q49hqMm+bgipgPjMTp6M1DELNnajKP8tsbi6pgFgx4YOVpIy0VE0xmbiAWb/pyapYsvWc6CFuJ6CDy5GVv2uygEE4bhqV9a2AaRECpbVvgvzZ9TJ/jmnbLL2GNGThiGAc0v3vWroTFC6uc+a3KqcoArMLCRbMUT9i8NQoUWH2Vvj36PTNaPC9tJ1YC7uBrldBGPY87FPRwgw9LjW/5TsvFuy1qXS04YfJgo= X-MS-TrafficTypeDiagnostic: DM2PR12MB0154: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 20:2Az7mW10qn9YjkMyYG9WYJ0sFZGwVI4d05Tk8q6CtWKeVV8ZoSwklqjx1pg9BNULFYAfBU9x11aS+6muNjIRU12lpXqDJ8o89owq8p6bVzsH7QgynaxN5EREYioBeyvrGLArDFgP85M4NJVkwKypxLTPO6x6chawXiUmDieLysKSj6oX2cR/C/yZ78KBJoQ19DfEc8FtE0e6ev2rpyJD+lWhe5j0DyQOV3kd7AAS56+ntlN+qAbf0HHfqBRBFIvcWHK6cCHFWq3IvrQbHqbV+TqLyxK9VQ7Kuv8UVivpZSk+9InYnB9vrqsXZ/2l0LEHwhpb5ekvvCLUvH+z2BBmNTTOtDtUUUKbKhLZqpD9Hspdi59afALl4SxBSAaqMj7cUebieEZMiUfXCA1QrRj/4G/1kCEjmnvoZROOPBv7roAUhDn9m7dFQzvFlYKADLXWcsyyNx1ESIOlGe5/WwEqREXhobcigfOyO/T4fsk6fIqxdKDzvZHkiiOoEXqOGWfq; 4:9xGvnTJ6MCOzl+DMow+kNjTmjiQZDw3QT3fkFOb7k1ImQ/TxT6NH6ItIq0LOATmT7EFsWST0x69JjdiiRwTyJo2KGKmWdDH1YVUllO3Yrf82LAyxW0tQeuR03geECkThPCXx+9vXXvbCT1rExkTMH+B3t9MNhWlGp7q29fXJhzjkXeGOg9THRF4LbzWdu9ur6Q6c+pDToDmJIVIINGYLXRgKop16Qn4tRg1duLJISThi55d1lkwxmUqMC25TAzGjsHO6RTLFMDxN2EewrnksYNo2XCHqvf8nbqjoQvGVSJ9NmZ7kkYBJvhDrd+Zcm3FcADHgryQuWi/af4g+GnsKtA== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110)(228905959029699); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001069)(6040501)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(10201501046)(3231101)(944501161)(6055026)(6041288)(20161123560045)(20161123564045)(20161123558120)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:DM2PR12MB0154; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0154; X-Forefront-PRVS: 0590BBCCBC X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(376002)(346002)(396003)(366004)(39860400002)(39380400002)(199004)(189003)(8676002)(16586007)(81166006)(2351001)(76176011)(68736007)(52116002)(7696005)(316002)(105586002)(51416003)(2361001)(106356001)(50226002)(97736004)(47776003)(3846002)(8936002)(1076002)(6116002)(36756003)(66066001)(2906002)(81156014)(7736002)(305945005)(50466002)(6486002)(6666003)(53416004)(2950100002)(6916009)(53936002)(5660300001)(54906003)(478600001)(26005)(4326008)(16526019)(386003)(186003)(86362001)(25786009)(48376002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0154; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0154; 23:jxLyEeu44HePsa6OGUUI1Q/9m+POTfp7fxXUZlbG5?= =?us-ascii?Q?+a48ueeGMDVlpziqIqdVMWWwDIivn1PILXVQlG9YjstEPRzxiyFgUftavd3I?= =?us-ascii?Q?pp59ZoCPXXfEUwTU+XH89BpwepyapCyhKvHYap2pQ7Svdh6BTxdO++lnX1Lt?= =?us-ascii?Q?VOl7mFObudfXjEjElwqBdczCTU3jqCHSVMBEdrN/dUrsJ02uMxyuCkfCVgof?= =?us-ascii?Q?OLhO78ethNn4pbZPHEt8/GgCUQyk5fBSRR5j9fk4+3delawEv9Uqd5OLJvbN?= =?us-ascii?Q?lr4G7n+PlB6kKyq8mrxLEDGeBplCQQPQ0jEXBku48CiXP4Buc/REvENi61wN?= =?us-ascii?Q?Saf6JgvxvxinSpkemBVu26tXDsrLSIEbVGc64fX4C0nWB7esPoyoSx1NChE1?= =?us-ascii?Q?J30C13OEi3bOpbaGuaMIb9uVY1w8ec9y3DDpaWr3/RCC1Bfu6+XUo6qdNsj2?= =?us-ascii?Q?VombAtAB0ZF7/9IZCWs88KjKVFXlnmdJ7xBS1IqpjzYojuKlAq4iWbe/6w9C?= =?us-ascii?Q?Nfjeh6KL4JwuMRGARJqluQ//4TT77KuBwJGwEQejaY/Wg7oOqihopTKLyfVN?= =?us-ascii?Q?bM5kfxcNMDVCllWSK23WsTroFu6vorIgtRYRSWgqERNT3wmPhQZoNa2tlEST?= =?us-ascii?Q?9/Vg+c2ws+FyrVdaSQLUOBobWx71wb+8iSLTPhAsTLwsPMmMD/wr6IeIuw4z?= =?us-ascii?Q?wfl9kfaazmb0CbdEC4j7xhDF6K0Yq0w9TLRnm662XKKzZTNzsvnsU8pRdsqD?= =?us-ascii?Q?hepbXopubUgQAESMtsZF+ihV6IiVVRGL/oDWXPxXGvMGBkapmAX8r4LMJgfN?= =?us-ascii?Q?SAq/7i5hAUd5wMfU1PtavSh/ldZf9Nh+mHjWVIbs1EPKE6/x7sHi6EeLOotq?= =?us-ascii?Q?TCDsRpZ+pQaXgOevzGhSwyIGcXx7sR5pRNlJ/rmBN3T0tg/U4IC378NT9EPn?= =?us-ascii?Q?DU2yw8Z4BzDvShGZB+vzytEqUfLPPvdYxBeXihsjPmGrrf2E+cwI9B22HNlF?= =?us-ascii?Q?hsUbrlzRFMXuOt3hBg/MzKzJpY0njaj2bQFSVZc3eNrI8I6qWixaWqCxI04H?= =?us-ascii?Q?IrDQCpT4nkPgNqRrfoOCQichr68OTo+j1eFm2AUMDu9i1tpjt5UF1LnTZM/t?= =?us-ascii?Q?fDJzPUbNqR9Eq53WfjxTISTaoURN9s6nZaAnk0ypflJOXZufqX1uEjPkB0W8?= =?us-ascii?Q?hKTglLiIvsSsC0=3D?= X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 6:VeyQqnJ4Sunb9EBMRBwheTxxb1Z4HZh56xKPlunqkLpzyPHDJlFeAmnlc0hU9Ey7fsT37Ua3g8PPmqiMI5TMXQADy6fDkobt3j9BtN7HsCrV7/s7w0VivwTGKOLfrdpE5JEWSh1DbZ4C6y4BF9wVmEvKOcaSJ+eeoZaP9i+FwxYeFRlmdIOPbJpdzhFkvdtzjTfROkxjI68HHE86fr6iwO2GHldluHJe3tjPWXYLeYuPPys2A7bG/pMqWCrirosoWyEzH74+iFHwGmXekS/FRs9XF5xdEqjtvk+KUN+exXofG6hSoLOnarrYbMtktgLRxrFTdyvEBzSjSZjvU2v1CNHcQx+4J1QjgX4M9jZXxI4=; 5:X37f4+3v2A9j3WXOjG2Um7B6Vm445zTEtQnn66ST2K0OQgIuknK6S/PdZtcHSEW8DbguwPCugSZrgLmMaG4CkIiCjsbEVX3/B4wfhvY1NwZFlQPKgT5tNcwTtndymqH/kDgbgV3plSFIP3wVhQX63XEJYJJ3U81HkMJ6GFwJIn8=; 24:oIRYEO3KchKV03laJoW7s+h9/RVchWhun/p6kbwwCFi9BdHyS9dKV7u5KzwtB/UnaN6/xi80VnvlpJw/K9m7J/suD1628v0O08zHOhRLqJk=; 7:rjYTJAFo8BghS/KSfz3KgAGJcVZK3UfOqgT9Qi+VAsSqKwQUOZ1V+2sGP5wWHIBqH1AUG0nI4O0mVr0bcYenMLC/A9di/nLSCF3cgSCyISKW7xGz6NxTEkQALS22eM1yaeJhyOB1UPQ94MhiqF7eM72lsJv1Gbbmb1XxQjZRwTByjC0Br8ZJdSB/yb3+87505P6PnGSzZQUGUid2Hs/St3NG2lBtOG1y/4grP+vfy6Vijs8i65fak1V95MPIaV5S SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 20:zStmLkptlyf1LRppRptD/0LjNx8gM8RIUZKcKoxbh/dBzXi2VpZLJYJmaSsWbsYaBukLFPV58eu2HOMbOcNmP3MyjPwiOcOw3xJG/VH1FyGxPsua7Guv/KQmRwXjoS2PBOgQK4gLe8D/7sKoIYGgGCP+EmyuPB/MV7OjqppW1lRa+iX8eAE1KYUqyXvz1rG+Uom++K94UEWOr2sEVaCvPpF+i4cpVo/S60E38DDWgLeu0YP0LXcjXykSDw9RN6vt X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Feb 2018 16:52:35.9372 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4d486350-78b2-488d-30de-08d5794b82df X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0154 Subject: [edk2] [PATCH 1/2] OvmfPkg/AmdSevDxe: Clear the C-bit from SMM Saved State X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Tom Lendacky , Ard Biesheuvel , Brijesh Singh , Laszlo Ersek , Jordan Justen Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" When OVMF is built with SMM, SMMSaved State area (SMM_DEFAULT_SMBASE + SMRAM_SAVE_STATE_MAP_OFFSET) contains data which need to be accessed by both guest and hypervisor. Since the data need to be accessed by both hence we must map the SMMSaved State area as unencrypted (i.e C-bit cleared). Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Brijesh Singh --- OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 4 ++++ OvmfPkg/AmdSevDxe/AmdSevDxe.c | 19 +++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.= inf index 41635a57a454..162ed98a2fbe 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf @@ -29,6 +29,7 @@ [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec OvmfPkg/OvmfPkg.dec + UefiCpuPkg/UefiCpuPkg.dec =20 [LibraryClasses] BaseLib @@ -41,3 +42,6 @@ [LibraryClasses] =20 [Depex] TRUE + +[FeaturePcd] + gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c index e472096320ea..5ec727456526 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -25,6 +25,8 @@ #include #include #include +#include +#include =20 EFI_STATUS EFIAPI @@ -71,5 +73,22 @@ AmdSevDxeEntryPoint ( FreePool (AllDescMap); } =20 + // + // When SMM is enabled, clear the C-bit from SMM Saved State Area + // + if (FeaturePcdGet (PcdSmmSmramRequire)) { + EFI_PHYSICAL_ADDRESS SmmSavedStateAreaAddress; + + SmmSavedStateAreaAddress =3D SMM_DEFAULT_SMBASE + SMRAM_SAVE_STATE_MAP= _OFFSET; + + Status =3D MemEncryptSevClearPageEncMask ( + 0, + SmmSavedStateAreaAddress, + EFI_SIZE_TO_PAGES (sizeof(QEMU_SMRAM_SAVE_STATE_MAP)), + FALSE + ); + ASSERT_EFI_ERROR (Status); + } + return EFI_SUCCESS; } --=20 2.14.3 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sat May 4 17:19:15 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1519231965614342.3357013781874; Wed, 21 Feb 2018 08:52:45 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id D8F84223230EC; Wed, 21 Feb 2018 08:46:41 -0800 (PST) Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0052.outbound.protection.outlook.com [104.47.32.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 91586223230EA for ; Wed, 21 Feb 2018 08:46:40 -0800 (PST) Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0154.namprd12.prod.outlook.com (2a01:111:e400:50ce::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.506.18; Wed, 21 Feb 2018 16:52:37 +0000 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=helo; client-ip=104.47.32.52; helo=nam01-sn1-obe.outbound.protection.outlook.com; envelope-from=brijesh.singh@amd.com; receiver=edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=nk2pDONs8QIv6u3mGP0P/fpFQ7T8BUpGEbfrjPHJ67Y=; b=DUhd/rwIW8jqvAYFAtlvk9HkSpT8veuQzFDA3bglyJ5szxhxQJYwI6pzq4wZQ8PWCc1Cmq7+mNpKyFvU8eklN/i5L4LNCQdwFk+ahIDdifpVokv4r2EYcTQSG71pzf/dDclNUmztZYgD5Su23tjAEZ8Y25djuVwbygm2ShyoAg4= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: edk2-devel@lists.01.org Date: Wed, 21 Feb 2018 10:52:12 -0600 Message-Id: <20180221165212.6643-3-brijesh.singh@amd.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180221165212.6643-1-brijesh.singh@amd.com> References: <20180221165212.6643-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: MWHPR1601CA0017.namprd16.prod.outlook.com (2603:10b6:300:da::27) To DM2PR12MB0154.namprd12.prod.outlook.com (2a01:111:e400:50ce::17) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 8a6ee4bd-c0c2-4b95-8aee-08d5794b839b X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:DM2PR12MB0154; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 3:3BoYkIe3VWEcvuoFLRqb4/J01Jhh6khWWMzuNieYdJlBOfDKqm23rGQrU/wJuBnin4BIkuatj904AyYJKSL2q/eI7dUgqxIVA0JUQI3rqrCKAKk0Dq4GaxmbdixFOi2jbbSf2y1OBVIh0MeUDzVsML4i7kvo8x9JuCvwXL/bXPeA/DvmCEIPz4T7tn0Wet6xea05Wsxc4IDVYeTxWbUqyBZoiVqr53VDCDwf4XI1WMOsA/NeXU1RcXMxIis9KvKj; 25:Hfwr+htuyMIaC2oVeRzlCpWa+8cx98Wfxeju8puqx1BTdJlGU5XE25yZKLOoChLrnzDY4YJXTq+PPG9fQnTuPjnrQGToTwKGgV56XRC8XrMJcpNN2jy/7ZEVWGLQn2EqVWorp0/b/Au7LJHrOtnwuvaCAPfLWawPYsf4U/5RKxb2OU5WVE2TYyI6iqKS+ne5k6ilLx5/qxbIYXcyiF5CR/eV5D2ABfmyaDOO7iv5SH2LrXzOZkSEvtbK34IeKrMaIJFdaq31qEKrCNHGg6opJSD2h1C62v5oqQ340e9SeQARXhanMdB5wGnlPPW4W7bJFArUrUmWznqaAIJwKFChTQ==; 31:c8je1U/ym5L7SOQKtEXb5dzV7rKATa6Jdg77Pvlss4/PQz6ceBKgwpIdU5rpNWDX8MrSnnNSjLXcabDHWAZbYi2SbnsXSh8kN1zt3iZMKDbADzLYgvy+PRM7llGjzujDwXqO4OxF1XKUpEEiG7LZlLOYKtwfH10Xj5Wfntwy1mStzSraRGSQzvEGcNpdoJRSGHAO9QFemFN9u62e059y4kV1+IiU/RxE2uWMm5jYrSY= X-MS-TrafficTypeDiagnostic: DM2PR12MB0154: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 20:awwzlxN4TPQ9qVfBMP15TGlprvZxQ1eostLuDIg/eWWqVVFlmoELTznkQCQWVO3bxH7omOXGsOkJ/omp6Jlr1eLbnuFxVr5wwKoUMyVi1nnZdEgqrSYYvi6UR2Cysn4DSNh47AxFwuDV5bptsD5hFEE/xAWMXIANB9zamjO9MCb0CXBu2FcMCVi/45IAsxQpXjLrBp4BCYrhUi70yh8rfESqhvZpge0uupBWOoXEpypos16DaSkvgDgaT+gkBvncWBvAXJJAOdB7vILlERZZBYIJqyOsGNK7ah8Lg6XGFc6WqneE7XM4Xj7pw7Ldrm7Mo/queF11MArBY0GXji2v92rm3XTCmXjgF14nnnGgcS80FefM0P7m97lt6hmt+Tz4S270U5AueILtDaiFR7Dq/pjfloKm5sCzLYtDIiBfnYj3WLHzSg41whGPXgOrZRFav9pOf27JOQZYKTnd6VCrth03IY4PI1E56CLCWqgAP9T1e3IjFP4NynhrZf+lSoZf; 4:sRGZRKOd24AKfoCvLc5SjtYcC8yLEjte946IIBF4k6J41wxZ8HLrzUZLHnTPVEkPa1lF6ELymWDxf7e1t6rnuazxZbQjRGaQm1bkRi+p8WA61ViZNABYtn/hXbSRYKR70j/mLYglsOxlMksjn4D+dBzmlZRYbqWLraMlGG/Q8aBQt8jYOZBFI1lJAYIquKv1dzXmb3jDF5tfAQPVEJjPfNz6B1PZ4ETMmjXgMBeyvF3ZFSbG0p78PKccc3eC5KmbBfw/c0gNYufypcXzHDz3YAtobnd0LCS3UT8rHhkczB1ByuTrDPeuJcjFxwbYPyi+8L+gif/B+X9aT8lNswPAHw== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110)(228905959029699); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001069)(6040501)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(10201501046)(3231101)(944501161)(6055026)(6041288)(20161123560045)(20161123564045)(20161123558120)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:DM2PR12MB0154; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0154; X-Forefront-PRVS: 0590BBCCBC X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(376002)(346002)(396003)(366004)(39860400002)(39380400002)(199004)(189003)(8676002)(16586007)(81166006)(2351001)(76176011)(68736007)(52116002)(7696005)(316002)(105586002)(59450400001)(51416003)(2361001)(106356001)(50226002)(97736004)(47776003)(3846002)(8936002)(1076002)(6116002)(36756003)(66066001)(2906002)(81156014)(7736002)(305945005)(50466002)(6486002)(6666003)(53416004)(2950100002)(6916009)(53936002)(5660300001)(54906003)(478600001)(26005)(4326008)(16526019)(386003)(186003)(86362001)(25786009)(48376002)(213903007); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0154; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0154; 23:yhSNr4OGm3WSRqkLEo4yeEs1hu/6gQGGlH6fh4WRF?= =?us-ascii?Q?cfvy9qTwkKpb4dks6vIllxWRvouDtL4ZT9Yh6cuEDDLoB1Rapjkb3bOIKCUN?= =?us-ascii?Q?NpVw1SqeD3tD0q6JSfvNJeLtPtdzqPDUu6DOQAt+mo58KQyFiy+bTty2Pw8u?= =?us-ascii?Q?lT86BQx0td8WmsF0jyKF2ItDjDStDH2ERPCzxBZB4LfCptFYsDSL91ZSO40t?= =?us-ascii?Q?XIo5VFDaFOlSVHZ6jmU3kiohgYpF/17zB5J2nJ7LkRhTchcft2qZ1myO1Px6?= =?us-ascii?Q?M2c/4Fx73+NYWMdh5U61nDV1S/BpehGaJTGg5kcSrYgOQbbu/DWVLHKWfnaZ?= =?us-ascii?Q?URVyKqTkvBmIj0C7bMjufyhXhVxWRso6kSVSrlOlvZg13laEVkQzeC2OsbQO?= =?us-ascii?Q?iu4VfOTH1eVxIQl23kunnVuz7nA9DGbmqL+u/74rcD36o14ylOOi5Elkeb9G?= =?us-ascii?Q?/64o/AJ2idHlTUwzuhBpQC6SndS8iNiWRK8sd+tQqCcYmgoTLAcypJkizJB1?= =?us-ascii?Q?QMLMaEKHaPCta1PcGyrjnl8pjIwMmdgm1w5PPkfxMmaCqvx/yyjvz/YrhRwT?= =?us-ascii?Q?eZiials4h1jRw37qaUxWyPl2IxuZ0C+9hU6rRDVvHx0+pyET3mq66ZkM3ER9?= =?us-ascii?Q?3NmXvdEcyaTUJiG+7uVzbCTLnxjJd5ntvlJoHHi6jPZUZ7Xuc4zhovf5S05M?= =?us-ascii?Q?g09tuZfue/xy/3dNWULZ7v3dgVtBxgljUoUwhvPJEpd1uC+kINQY7Tdmzj4C?= =?us-ascii?Q?PfESxxfPYIkCBddWf9hhU3mAeDcp7fL+SaFRg9BVl36gGxO7ieqDeb5nNFPu?= =?us-ascii?Q?wt1INsVkJPaa6bjmTiySfqAqsN8mL+znMwbJt5We+eVsxVD+RoS2L/W8m8JU?= =?us-ascii?Q?QLAXqvJk9VMgEJOYc0O8ImeRLWB79bk81NYjeTaKjVy5m9ujnLH1j22GHKme?= =?us-ascii?Q?m6uOLvaucQizKT2v1NM/hAUhSExC0zodW/SLYHqmRQTh5FsiISMAgM9UKYqF?= =?us-ascii?Q?eh/uQq00GW93qV3nmPvGm2V540A4TiKvtirfUmK/XJbJVwhP9hMEtk5cwyEn?= =?us-ascii?Q?f93Ua7m/C8welEaMhCS19dHsD/x/seh291wwzQDKZkwz0mG3IyE5W2UoO54J?= =?us-ascii?Q?oG5cBbKSjLuQxR9qXilzGZAy9515cKxI0horvKL6oWADDthJxz+UyLmGkjkP?= =?us-ascii?Q?+xLFB2NUChHxqYNN7PS2XTqoK6wtF64wyrQWy5B5onIGl4euhXZwrXASQ=3D?= =?us-ascii?Q?=3D?= X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 6:3d78Rctwk3kFNPvbjo5a2TUQ5c3dGmlF5vNa6TXet6Xrss9rFz6k5gEmDKdpZbm6es46XFuYv1J6HfG85eat2eQ3pdrAFImmY8eVgMgPNwBtuvZzJ1ZGRQ4OeaTbeXBBS/eMM90Ba7e2N8Yk22Ayc/Uoe4Fk5OfofazEJCjj6szhDjP4YmPc+NYOee+RMxfQp3YihBgVIqoiAhDyDFXsfwDMIKrfpD0sYwIAT0KCRgDn20V7AuhNPFyNcVYyZ2/d0/dOWdvLJ7tiVPYmupEog+zfNTR8028hzvWpvrSNjegfqCZJf2V3CGzidLIpHY3Y2OaH52De8HIzn0FCIdCBjli7O7NQISVgYHsYsG8PtIg=; 5:Q40ceHogFDZkDjSnyUvhyblL3z1f9BYUtE2g3iZwWfOqT7exU0ilrXlFSnpoZnqn+lvzKsM96/x10aCVtRNaFSZu0kZbQ6xpvgbGvJ9z+0AZMThRDhItZS0an2V09lFJXImN7I6/BVRMutDTrLAeio5PpkuQdL7nyCypaEcOeoc=; 24:jlxqw+fWB/5NYVtUdMpD3rsZ68HHgMDUJhp4dogAbFdcfXkOZNoQSuY2Qy3HzSYCsDFYkP/EUJKw9fGOEkjSMz3cemfvd9JgCGIsZu5W5OY=; 7:5jo3d61OcrmURPhww9Atf1ZEXYOUNhuxPKtDcClH/XcJxIQDLl27MBn01e/5f2lz202Eh9xZnTFIahYID5mDWhKX71iRZnpwb3/anxNm4Fy9I6aYA+v9DUWj+E8EfbLrmMsC77qxpndEB7SxAuz6eLkYU5lt9bIitqo7HBq2MiNJY/uCxPwFAV559qIukYN8IjA2zciMQP6/7GfNGbfMUfmlCjr/V1ICMj/YD9QHq/94OwY5amjgXg484Mo0R6m1 SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154; 20:xz+qMd9sNZHhlPzvNa/UGOiJkjyygUf+7BQjgqoAB8KvfdIkS1ZzV0edtXmaVWr1820dDHls5TGGWS0LjoCvzXe1yvNklLjkUP9fAmdFuYGpGVPKiVeLnuixHJNs2/3WqhYHbQvR8fa/qXVBSJ0R4/zfwLYXW6YM+EtXJSx1WkMn6n1yBu+PzMQb7wVKp67ID9On/tMe7/1mjJLCoGo6XbRNLSDSUzlxFDXSyvZcDyxYe4+dI/5vZJH1ObUB89P9 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Feb 2018 16:52:37.1716 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8a6ee4bd-c0c2-4b95-8aee-08d5794b839b X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0154 Subject: [edk2] [PATCH 2/2] OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Clear C-bit when SEV is active X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Tom Lendacky , Ard Biesheuvel , Brijesh Singh , Laszlo Ersek , Jordan Justen Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Commit:24e4ad7 (OvmfPkg: Add AmdSevDxe driver) added a driver which runs early in PEI phase and clears the C-bit from all MMIO regions (including Qemu Flash). When SMM is enabled, we build two sets of page tables; first page table is used when executing code in non SMM mode (SMM-less-pgtable) and second page table is used when we are executing code in SMM mode (SMM-pgtable). During boot time, AmdSevDxe driver clears the C-bit from the SMM-less-pgtable. But when SMM is enabled, Qemu Flash services are used from SMM mode. In this patch we explicitly clear the C-bit from Qemu flash MMIO range before we probe the flash. When OVMF is built with SMM_REQUIRE then call to initialize the flash services happen after the SMM-pgtable is created and processor is serving the first SMI. At this time we will have access to the SMM-pgtable. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Brijesh Singh --- OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf | 1 + OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.h | 5 +++ OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.c | 5 +++ OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c | 10 ++++++ OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceSmm.c | 35 ++++++++++= ++++++++++ 5 files changed, 56 insertions(+) diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf b/Ov= mfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf index ba2d3679a46d..d365e27cbe59 100644 --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf @@ -53,6 +53,7 @@ [LibraryClasses] DevicePathLib DxeServicesTableLib MemoryAllocationLib + MemEncryptSevLib PcdLib SmmServicesTableLib UefiBootServicesTableLib diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.h b/Ovmf= Pkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.h index 1f9287b08769..704ed477ba14 100644 --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.h +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.h @@ -189,4 +189,9 @@ VOID InstallVirtualAddressChangeHandler ( VOID ); + +VOID +FvbBeforeFlashProbe ( + VOID + ); #endif diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.c b/Ovmf= Pkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.c index 558b395dff4a..b7b9bf1fb8d9 100644 --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.c +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.c @@ -967,6 +967,11 @@ FvbInitialize ( UINTN NumOfBlocks; RETURN_STATUS PcdStatus; =20 + // + // execute platform specific hooks before probing the flash + // + FvbBeforeFlashProbe (); + if (EFI_ERROR (QemuFlashInitialize ())) { // // Return an error so image will be unloaded diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c b/O= vmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c index 63b308658e36..7d274c08ad12 100644 --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c @@ -155,3 +155,13 @@ InstallVirtualAddressChangeHandler ( ); ASSERT_EFI_ERROR (Status); } + +VOID +FvbBeforeFlashProbe ( + VOID + ) +{ + // + // Do nothing + // +} diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceSmm.c b/O= vmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceSmm.c index e0617f2503a2..d97b13f47bf7 100644 --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceSmm.c +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceSmm.c @@ -17,6 +17,7 @@ #include #include #include +#include #include #include =20 @@ -67,3 +68,37 @@ InstallVirtualAddressChangeHandler ( // Nothing. // } + +VOID +FvbBeforeFlashProbe ( + VOID + ) +{ + + ASSERT (FeaturePcdGet (PcdSmmSmramRequire)); + + // + // When SEV is enabled, AmdSevDxe runs early in PEI phase and clears the= C-bit + // from the MMIO space (including flash ranges) but the driver runs in n= on SMM + // context hence it cleared the flash ranges from non SMM page table. + // When SMM is enabled, the flash services are accessed from the SMM mode + // hence we explicitly clear the C-bit on flash ranges from SMM page tab= le. + // + if (MemEncryptSevIsEnabled ()) { + EFI_STATUS Status; + EFI_PHYSICAL_ADDRESS BaseAddress; + UINTN FdBlockSize, FdBlockCount; + + BaseAddress =3D (EFI_PHYSICAL_ADDRESS) PcdGet32 (PcdOvmfFdBaseAddress); + FdBlockSize =3D PcdGet32 (PcdOvmfFirmwareBlockSize); + FdBlockCount =3D PcdGet32 (PcdOvmfFirmwareFdSize) / FdBlockSize; + + Status =3D MemEncryptSevClearPageEncMask ( + 0, + BaseAddress, + EFI_SIZE_TO_PAGES (FdBlockSize * FdBlockCount), + FALSE + ); + ASSERT_EFI_ERROR (Status); + } +} --=20 2.14.3 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel