From nobody Mon Feb 9 09:09:08 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+72355+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+72355+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1614718147; cv=none; d=zohomail.com; s=zohoarc; b=iR/o5xpEPuj/CzJICE7hzTQ0Uj+m2f04Bj6tZnOXJHSDuVJc15A2QGfbAe2ptr1P7g0eXW/iKoN/3hNs+QSQszYMI1AodPUKnl+AXweMZf6kvVgYM7pq6F7/3yBa61d1xsJmSjsAMWks2DHoLbpmcr6SeFn5ytSOe2emr6s15CE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1614718147; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=99GIk2N7ccbzt4VZ0++fWYZwnNAo0Uo2TCAwDwuXkLU=; b=QRQ8ZVxhlu+mAVFge7Wdrm8UXK5qZJUnoqq1oAGEUClc8puEzpoHMlDwfNSWIvMAvgFkYlIoLDeFfJrPHNBe7Onv6i0O2s9bAzpaKCznXXZvDG5w1jftzngG9Em1NH4ATPXuA40MR2fkHw1KnkGZmDCaLBFI60rITerhdTLbT84= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+72355+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 16147181475785.1838602677901235; Tue, 2 Mar 2021 12:49:07 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id VhjoYY1788612x5XdGL5FYTb; Tue, 02 Mar 2021 12:49:07 -0800 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web11.428.1614718135166558875 for ; Tue, 02 Mar 2021 12:48:55 -0800 X-Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 122KjLvQ043039; Tue, 2 Mar 2021 15:48:52 -0500 X-Received: from ppma01dal.us.ibm.com (83.d6.3fa9.ip4.static.sl-reverse.com [169.63.214.131]) by mx0a-001b2d01.pphosted.com with ESMTP id 371vp083yx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Mar 2021 15:48:52 -0500 X-Received: from pps.filterd (ppma01dal.us.ibm.com [127.0.0.1]) by ppma01dal.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 122KkqnU028108; Tue, 2 Mar 2021 20:48:51 GMT X-Received: from b03cxnp08027.gho.boulder.ibm.com (b03cxnp08027.gho.boulder.ibm.com [9.17.130.19]) by ppma01dal.us.ibm.com with ESMTP id 371qmuagws-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Mar 2021 20:48:51 +0000 X-Received: from b03ledav006.gho.boulder.ibm.com (b03ledav006.gho.boulder.ibm.com [9.17.130.237]) by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 122KmnAN8651486 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 2 Mar 2021 20:48:49 GMT X-Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1C2A8C6057; Tue, 2 Mar 2021 20:48:49 +0000 (GMT) X-Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 877C0C6059; Tue, 2 Mar 2021 20:48:48 +0000 (GMT) X-Received: from amdrome1.watson.ibm.com (unknown [9.2.130.16]) by b03ledav006.gho.boulder.ibm.com (Postfix) with ESMTP; Tue, 2 Mar 2021 20:48:48 +0000 (GMT) From: "Tobin Feldman-Fitzthum" To: devel@edk2.groups.io Cc: Dov Murik , Tobin Feldman-Fitzthum , Tobin Feldman-Fitzthum , James Bottomley , Hubertus Franke , Brijesh Singh , Ashish Kalra , Jon Grimm , Tom Lendacky Subject: [edk2-devel] [RFC PATCH 04/14] OvmfPkg/AmdSev: Base for Confidential Migration Handler Date: Tue, 2 Mar 2021 15:48:29 -0500 Message-Id: <20210302204839.82042-5-tobin@linux.ibm.com> In-Reply-To: <20210302204839.82042-1-tobin@linux.ibm.com> References: <20210302204839.82042-1-tobin@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,tobin@linux.ibm.com X-Gm-Message-State: cIbw2PZYa7M2rfjwnKHC2TEJx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1614718147; bh=iGG5h7nxbq9rCVfGfN/v5UuxeQvINEMyM7cHQQR1PuY=; h=Cc:Date:From:Reply-To:Subject:To; b=v5Th3eeaqdm/Iw5hmUcYOi2R97spBxxG3pAURcRp7MkgI26SSfS25ARRI1UMHJaRXbL dxJQA/ySoC/6xEslBjFrM0aIEwBnsRbqG/ONULLl8p1irMsIcbAfNqupnhB3Fj/FZq4Mr 24m/vAAaqfIuWlecw+HOzo4qcdf1gDuqN5k= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" Base enablement of DXE driver that supports confidential migration. Signed-off-by: Tobin Feldman-Fitzthum --- OvmfPkg/OvmfPkg.dec | 5 ++ OvmfPkg/AmdSev/AmdSevX64.dsc | 1 + OvmfPkg/AmdSev/AmdSevX64.fdf | 1 + .../ConfidentialMigrationDxe.inf | 39 +++++++++ .../ConfidentialMigrationDxe.c | 83 +++++++++++++++++++ 5 files changed, 129 insertions(+) create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrat= ionDxe.inf create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrat= ionDxe.c diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 4450d78b91..402c3b61fa 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -324,6 +324,11 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId|0|UINT16|0x1b gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE|BOOLEAN|0x21 =20 + ## Set via FW_CFG to enable confidentialmigration as source or target. + # + gUefiOvmfPkgTokenSpaceGuid.PcdIsConfidentialMigrationTarget|FALSE|BOOLEA= N|0x46 + gUefiOvmfPkgTokenSpaceGuid.PcdStartConfidentialMigrationHandler|FALSE|BO= OLEAN|0x47 + ## The IO port aperture shared by all PCI root bridges. # gUefiOvmfPkgTokenSpaceGuid.PcdPciIoBase|0x0|UINT64|0x22 diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index ca21fd6e5f..fa68143663 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -787,6 +787,7 @@ !endif OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf OvmfPkg/AmdSev/Grub/Grub.inf + OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf !if $(BUILD_SHELL) =3D=3D TRUE ShellPkg/Application/Shell/Shell.inf { diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf index c0098502aa..6ef6dc89f2 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf @@ -273,6 +273,7 @@ INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand= .inf !endif INF OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf +INF OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf INF OvmfPkg/AmdSev/Grub/Grub.inf !if $(BUILD_SHELL) =3D=3D TRUE INF ShellPkg/Application/Shell/Shell.inf diff --git a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.= inf b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf new file mode 100644 index 0000000000..a4906a2451 --- /dev/null +++ b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf @@ -0,0 +1,39 @@ +## @file +# +# Copyright (C) 2021 IBM Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D ConfidentialMigration + FILE_GUID =3D 5c2978f4-f175-434b-9e6c-9b03bd7e346f + MODULE_TYPE =3D DXE_DRIVER + VERSION_STRING =3D 1.0 + ENTRY_POINT =3D LaunchMigrationHandler + +[Sources] + ConfidentialMigrationDxe.c + +[Packages] + MdePkg/MdePkg.dec + OvmfPkg/OvmfPkg.dec + UefiCpuPkg/UefiCpuPkg.dec + +[LibraryClasses] + MemoryAllocationLib + DebugLib + UefiBootServicesTableLib + MpInitLib + UefiDriverEntryPoint + +[Protocols] + gEfiMpServiceProtocolGuid + +[Pcd] + gUefiOvmfPkgTokenSpaceGuid.PcdIsConfidentialMigrationTarget + gUefiOvmfPkgTokenSpaceGuid.PcdStartConfidentialMigrationHandler + +[Depex] + gEfiMpServiceProtocolGuid diff --git a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.= c b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c new file mode 100644 index 0000000000..6d9fe7043b --- /dev/null +++ b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c @@ -0,0 +1,83 @@ +/** @file + In-guest support for confidential migration + + Copyright (C) 2021 IBM Coporation. + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ +#include +#include +#include +#include +#include + +UINTN MigrationHandlerCpuIndex; + +VOID +EFIAPI +MigrationHandlerMain ( + IN OUT VOID *Buffer + ) +{ + DebugPrint (DEBUG_INFO,"MIGRATION Handler Started\n"); +} + +EFI_STATUS +EFIAPI +LaunchMigrationHandler ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_MP_SERVICES_PROTOCOL *MpProto; + EFI_PROCESSOR_INFORMATION Tcb; + EFI_STATUS Status; + UINTN NumProc; + UINTN NumEnabled; + + gST =3D SystemTable; + gBS =3D gST->BootServices; + gRT =3D gST->RuntimeServices; + + Status =3D EFI_NOT_STARTED; + + if (!PcdGetBool(PcdStartConfidentialMigrationHandler)) { + return 0; + } + + // + // Use the MP Service protocol to start Migration Handler on AP + // + gBS->LocateProtocol (&gEfiMpServiceProtocolGuid, NULL, (void**)&MpProto); + MpProto->GetNumberOfProcessors (MpProto, &NumProc, &NumEnabled); + if (NumProc < 2) { + DebugPrint (DEBUG_ERROR,"Only one vCPU enabled. Please start an extra = for the MH.\n"); + return 0; + } + + MigrationHandlerCpuIndex =3D NumProc - 1; + + EFI_EVENT Event; + MpProto->GetProcessorInfo (MpProto, MigrationHandlerCpuIndex, &Tcb); + if (Tcb.StatusFlag !=3D 7) { + gBS->CreateEvent (EVT_TIMER, TPL_NOTIFY, NULL, NULL, &Event); + + Status =3D MpProto->StartupThisAP(MpProto, MigrationHandlerMain, 1, Ev= ent, + 0, MpProto, NULL); + } + if (Status !=3D EFI_SUCCESS) { + DebugPrint (DEBUG_ERROR,"Failed to start Migration Handler\n"); + return 0; + } + + // + // If we are the target, wait for incoming migration. Otherwise, + // procede with the boot. + // + if (PcdGetBool(PcdIsConfidentialMigrationTarget)) { + DebugPrint (DEBUG_INFO,"Waiting for incoming confidential migration.\n= "); + DisableInterrupts (); + CpuDeadLoop (); + } + + return 0; +} --=20 2.20.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#72355): https://edk2.groups.io/g/devel/message/72355 Mute This Topic: https://groups.io/mt/81036368/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-