From nobody Mon Feb  9 10:12:30 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+73224+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+73224+1787277+3901457@groups.io;
	arc=fail (BodyHash is different from the expected one);
	dmarc=fail(p=none dis=none)  header.from=amd.com
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1616611750874811.6072403284111;
 Wed, 24 Mar 2021 11:49:10 -0700 (PDT)
Return-Path: <bounce+27952+73224+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id b4PPYY1788612xGVTA3CNBT8;
 Wed, 24 Mar 2021 11:49:10 -0700
X-Received: from NAM04-DM6-obe.outbound.protection.outlook.com
 (NAM04-DM6-obe.outbound.protection.outlook.com [40.107.102.57])
 by mx.groups.io with SMTP id smtpd.web09.26.1616599956611292901
 for <devel@edk2.groups.io>;
 Wed, 24 Mar 2021 08:32:36 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=iVI4Tb28D4MTYmZ/jrO8tXMPfObl4r9psKEwqVJXoRG2WeibiyL56ahjAMTSsDgDliqFZVw4DP3iXgdSNF7s/IfkjMxfg2sIccWGqhaPfeyF6bVyqzGC8HVIuxIpQFzwqnVReF981AxcideFnKP9KdfKRXMio+R2VqiTQ4/MbFVngWYzyPbS52TKN6sDSV3aQ2rWrCX52hSTPkFgSVukiR+AikMKidf09iGHuqwBeTqcpyd8Qyohx2IVuKQe+dqO6nwYA18LiRc1Ko7Hl0chiQ/ChVAea4iVoAYLaEVim5hB7vQinvqG3QeJTI9+4dC62fit1ygkLkN7uKX1AVTnyQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=wvd13ULbTjXJ6PyQ2dKOPWyS6dzODAIlELrslMVuUTc=;
 b=OANWcTkx9xRvDxq8yJxYazaKhek2WeFm9bOtUI/jN/v3dQoPzoWVt5kJVEn0oXTFxtI2rlJRCANBv6/5VshjyGPFdrtaDh44FeFDTGBKJgg3tC3rOz0r/lsaFBPN8dKbbVOMThp32YNTm1m7D+t85oCy+mkOWXGndkv2Dc1FMR4GKUGZLY6gdZc3ly+PPL8NeAJA/xHpZ5W9VcsRKSM9QI4muW0QtU1MyeWYdVr6oUunZc1UDN2AsSVI4Sctk3/LoSuEpbC92Fqi5vpz3rfl+9unXJSpniVmVE+uV18S8ptzMvEpQT56o1Soqk15/VytaBL5UgzdTuGmqsE5TB5H5A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com
 (2603:10b6:805:6f::22)
 by SA0PR12MB4430.namprd12.prod.outlook.com (2603:10b6:806:70::20) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.18; Wed, 24 Mar
 2021 15:32:33 +0000
X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::30fb:2d6c:a0bf:2f1d]) by SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::30fb:2d6c:a0bf:2f1d%3]) with mapi id 15.20.3955.027; Wed, 24 Mar 2021
 15:32:33 +0000
From: "Brijesh Singh" <brijesh.singh@amd.com>
To: devel@edk2.groups.io
Cc: Brijesh Singh <brijesh.singh@amd.com>,
	James Bottomley <jejb@linux.ibm.com>,
	Min Xu <min.m.xu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Laszlo Ersek <lersek@redhat.com>
Subject: [edk2-devel] [RFC PATCH 08/19] OvmfPkg: register GHCB gpa for the
 SEV-SNP guest
Date: Wed, 24 Mar 2021 10:32:04 -0500
Message-Id: <20210324153215.17971-9-brijesh.singh@amd.com>
In-Reply-To: <20210324153215.17971-1-brijesh.singh@amd.com>
References: <20210324153215.17971-1-brijesh.singh@amd.com>
X-Originating-IP: [165.204.77.1]
X-ClientProxiedBy: SA9PR11CA0006.namprd11.prod.outlook.com
 (2603:10b6:806:6e::11) To SN6PR12MB2718.namprd12.prod.outlook.com
 (2603:10b6:805:6f::22)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by
 SA9PR11CA0006.namprd11.prod.outlook.com (2603:10b6:806:6e::11) with Microsoft
 SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.18 via Frontend
 Transport; Wed, 24 Mar 2021 15:32:33 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 359cca0b-5a26-4ca5-c04a-08d8eeda0b47
X-MS-TrafficTypeDiagnostic: SA0PR12MB4430:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
 <SA0PR12MB4430D5E3935AF369D69366BAE5639@SA0PR12MB4430.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: 
 4Liui1K23BPuw+h2bd3FnOAPKzvnMxkOMLZ3QBwZTFnttNk/y3oVVwJWWQOECBH1rDFE9rdQEupEw0gYLY0qwP4xmk/JQgrdWu7CJ5WaM7UA8Kb/TqU2y02QTUoMSV4/GhAum7gXmLANjZ7YDdfAMufc3WP2hc6cgXpqgHskPU+SMfxCnZ9KU55XqEJgZRt8vDD+zVOEFwxycm79moc4xX7dWgpPteL6wrybqUEaG2LOiAco9Uh69W04J4MWIh8ivrmYWtMW52ahP/IRVxDPXzpxOeQFYB4Y8y4GJ1vdkeqfsMZG8YV3PQghg2Wg2F94HhH6l4PIMbR5C2qpeaCUpcxga5RXbbEO4361QyrzftAZyjUfeJ/n1EXBjiRalwr3A7ajuk/eASjxla/LKhwLFr9+Vgy7GjK2Fz3jLMLX/btG5XFQolEOR9DRfr7tME8faHN7huSr8pOvumT3OrZrZBbHU/gVIfTVhN8U8x0Le2RLrwuYqEOPFAZbajqZpSk2SYFdJa3BwSaKOdDPWC8Z5d/+h1d0z/CKQvtM7NxkgwsH7WkveYoyBeNLtPoNpjJo5BBVmFKIIxdwt7u2i15pzXse0UOsG6c22kbl6dI0MNkP7DsCTScMfu4nUiHY7noOUuEc3fTfuEabThLiVm78CJDGvZZrcxmeIJ30IKybuH0HZxkzCNTpd4ldlMtnB6Mn70PvBcdR2nLmfAcAwc0CddV9OHgPyIZp4dpUkEs3/vkxD1CELpkgfMaaSJQCguRj
X-MS-Exchange-AntiSpam-MessageData: 
 =?us-ascii?Q?xXh0mG2PqqCOIfUFCKrsbWkEHHK+8L+vneuqwTG5lKvEn81hPR91eurCQJNL?=
 =?us-ascii?Q?eGlNaAZXHyeuZUgZ59zEifjCr1g6Jo25HusLBLlh3klf8Iw3kIc47BYDzJnx?=
 =?us-ascii?Q?KbfgWd3Ke41ND49LOvWZdLxXTlUzBdMyksgwAUVxKJM+qXbdo4600plmAXCb?=
 =?us-ascii?Q?s+veM2xOIFBgKBbrhSydL6IO0zyIdEm8PbN33wVSvcu7Cxh+csCjhRQ24vO9?=
 =?us-ascii?Q?aJ/te4NWne62QCzZaNQI99ldcJSWZATCVbzyAhHyq6Y1XyrKrvuTqmS1cbxL?=
 =?us-ascii?Q?7OdaVn2CgwQC7cdOKgZfzRuY1n+fXautwWxk97hZiJ0wPPGVo4irU145DaFB?=
 =?us-ascii?Q?TzzLkkue/IxKM1+yGoizDp4ciN3y4zPCv56lJDEbOEIFZJ3jn025RJUjDjWr?=
 =?us-ascii?Q?Zln4+dQGCNsHbvAIXNOti0Od6JND0+5IZFt9gF1PIcicl3w0jBX6c5bqgJ65?=
 =?us-ascii?Q?jGUbRKdUs+4wzFImDQz9IkSGgi048Hp3KdYvaiC81qtTb8QvILVyHt4Amsmw?=
 =?us-ascii?Q?yMqz6t/fyMEbSkHmlsntE0e085mPgdPHVtR24s76Sl0cPYZrLdOSd+cBZJJb?=
 =?us-ascii?Q?sAkJKG+W/fvtBYAa4D/BrM6tlXTVI2QoEFSfQlp2mSVUTFvEtJ4XllKS+Zd4?=
 =?us-ascii?Q?rJvXn42mtWE3nIukwCwFpkHmJ4pmjS3PsGcpo9HMqthLBImgbKHDXZXp7W0e?=
 =?us-ascii?Q?3RWC/o6jOKhPYe4slV9zKjO7wFgnjVSxuANVM0VEkhH8WXdMWsjK96gtkboI?=
 =?us-ascii?Q?fLVFc0KYuIydjNXybbtEnFZS0EyOxJCIvrEcuYpHP/FuItTcTJr6DS/u3L+o?=
 =?us-ascii?Q?Zv2ueAm84N2+gt1chEs6UCzHs9mZhchv3EeAathmkujtE4vWQmzi7QLPV+Mq?=
 =?us-ascii?Q?8s+UcHIxc+6ilqf+9piJvzWfBUmrFklqrpYgSbB6FnV19SlzeEx96WXkMswi?=
 =?us-ascii?Q?3GE4cAhNUxlKBufSYsIOKBX86eLIWC6gdSJ+7PWS2omYTHzxrfEW+w843ekD?=
 =?us-ascii?Q?BL9R2rYeMDhty8IhWK6uUcvzsdyA1wKhSn5rFlZuZ8an7ElGWJB/+ELptIEJ?=
 =?us-ascii?Q?THsvDxOpOjqaAzKDgWwrDHTHeK5p4cGVxwGpGw6LDu+lCfJdqH8S9s1iXvG6?=
 =?us-ascii?Q?0fLT2+FKwmB6LluxSMpPcfvEmUs6OlFpzoF6a1RImpVVqGtJK+X++0Mfl+Cn?=
 =?us-ascii?Q?cePdSouJskkFLM9Q38GMgHyr4Stkoq0IMAg6Tx+Kjc1hAsL74Si/B2RhkSjB?=
 =?us-ascii?Q?xRvofy1oH/rLaiGRfyfBr0GANdvmB15o2I8y7eM3OFFmvZrP5rr6oUq4pth6?=
 =?us-ascii?Q?MmMf4/c84w4WIyJGesaCe71Q?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 359cca0b-5a26-4ca5-c04a-08d8eeda0b47
X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Mar 2021 15:32:33.4496
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 7xrWq/1oYWM1K9wZMNwzys8sK2tuW9ZXS0Szbe73XFNxChgonwXCShbqGjGZ518Bq+FTLAE8m8NQHnqC1l9SnQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4430
Precedence: Bulk
List-Unsubscribe: <https://edk2.groups.io/g/devel/unsub>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com
X-Gm-Message-State: 9XVNllNfx7IPUW39T0Q10b05x1787277AA=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1616611750;
 bh=98qHIIv6pV/kXhpG4zbGuDfOIjsz3H2ra0FPDfmCLEY=;
 h=Cc:Content-Type:Date:From:Reply-To:Subject:To;
 b=EVV6wY86XFvtP0dmlBhpAO5eM6sDmL2J2QRoE8WgAh+Ge6pmGHt7nj6zVSv3b0QaBqF
 9/4PSeDigaMCRUqv+DTEYRhyh2t4KnGRB18KbW4jn43I1NgoXja1K/VLjK7AWYfwxhQoq
 yJygxaELrew0TWNfxwQhVymN/KdCQLB9q1c=
X-ZohoMail-DKIM: pass (identity @groups.io)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275

The SEV-SNP guest requires that GHCB GPA must be registered before using.
The GHCB GPA can be registred using the GhcbGPARegister().

Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/PlatformPei/AmdSev.c        | 11 +++
 OvmfPkg/PlatformPei/PlatformPei.inf |  2 +
 OvmfPkg/Sec/SecMain.c               | 76 ++++++++++++++++++++
 3 files changed, 89 insertions(+)

diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index dddffdebda..95c5ad235f 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -14,6 +14,7 @@
 #include <Library/DebugLib.h>
 #include <Library/HobLib.h>
 #include <Library/MemEncryptSevLib.h>
+#include <Library/GhcbRegisterLib.h>
 #include <Library/MemoryAllocationLib.h>
 #include <Library/PcdLib.h>
 #include <PiPei.h>
@@ -110,6 +111,16 @@ AmdSevEsInitialize (
     "SEV-ES is enabled, %lu GHCB backup pages allocated starting at 0x%p\n=
",
     (UINT64)GhcbBackupPageCount, GhcbBackupBase));
=20
+  if (MemEncryptSevSnpIsEnabled ()) {
+    //
+    // SEV-SNP guest requires that GHCB GPA must be registered before usin=
g it.
+    //
+    GhcbRegister (GhcbBasePa);
+
+    PcdStatus =3D PcdSetBoolS (PcdSevSnpIsEnabled, TRUE);
+    ASSERT_RETURN_ERROR (PcdStatus);
+  }
+
   AsmWriteMsr64 (MSR_SEV_ES_GHCB, GhcbBasePa);
=20
   //
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat=
formPei.inf
index 6ef77ba7bb..cb6f5ac091 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -52,6 +52,7 @@
   BaseLib
   CacheMaintenanceLib
   DebugLib
+  GhcbRegisterLib
   HobLib
   IoLib
   PciLib
@@ -110,6 +111,7 @@
   gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber
   gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize
   gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled
+  gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled
=20
 [FixedPcd]
   gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress
diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
index 9db67e17b2..df6722b546 100644
--- a/OvmfPkg/Sec/SecMain.c
+++ b/OvmfPkg/Sec/SecMain.c
@@ -750,6 +750,76 @@ SevEsProtocolFailure (
   CpuDeadLoop ();
 }
=20
+/**
+  Determine if SEV-SNP is active. There is a MemEncryptIsSnpEnabled() in M=
emEncryptSevLib
+  but we can not use it because the SEV-SNP check need to be done before t=
he
+  ProcessLibraryConstructorList() is called.
+
+  @retval TRUE   SEV-SNP is enabled
+  @retval FALSE  SEV-SNP is not enabled
+
+**/
+STATIC
+BOOLEAN
+SevSnpIsEnabled (
+  VOID
+  )
+{
+   MSR_SEV_STATUS_REGISTER           Msr;
+
+   Msr.Uint32 =3D AsmReadMsr32 (MSR_SEV_STATUS);
+
+   return Msr.Bits.SevSnpBit ? TRUE : FALSE;
+}
+
+/**
+ The GHCB GPA registeration need to be done before the ProcessLibraryConst=
ructorList()
+ is called. So use a local implementation instead of including the GhcbReg=
isterLib.
+
+ */
+STATIC
+VOID
+SevSnpGhcbRegister (
+  UINTN   Address
+  )
+{
+  MSR_SEV_ES_GHCB_REGISTER  Msr;
+  MSR_SEV_ES_GHCB_REGISTER  CurrentMsr;
+  EFI_PHYSICAL_ADDRESS      GuestFrameNumber;
+
+  GuestFrameNumber =3D Address >> EFI_PAGE_SHIFT;
+
+  //
+  // Save the current MSR Value
+  //
+  CurrentMsr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+  //
+  // Use the GHCB MSR Protocol to request to register the GPA.
+  //
+  Msr.GhcbPhysicalAddress =3D 0;
+  Msr.GhcbGpaRegister.Function =3D GHCB_INFO_GHCB_GPA_REGISTER_REQUEST;
+  Msr.GhcbGpaRegister.GuestFrameNumber =3D GuestFrameNumber;
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress);
+
+  AsmVmgExit ();
+
+  Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+  //
+  // If hypervisor responded with a different GPA than requested then fail.
+  //
+  if ((Msr.GhcbGpaRegister.Function !=3D GHCB_INFO_GHCB_GPA_REGISTER_RESPO=
NSE) ||
+      (Msr.GhcbGpaRegister.GuestFrameNumber !=3D GuestFrameNumber)) {
+    SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL);
+  }
+
+  //
+  // Restore the MSR
+  //
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr.GhcbPhysicalAddress);
+}
+
 /**
   Validate the SEV-ES/GHCB protocol level.
=20
@@ -791,6 +861,12 @@ SevEsProtocolCheck (
     SevEsProtocolFailure (GHCB_TERMINATE_GHCB_PROTOCOL);
   }
=20
+  if (SevSnpIsEnabled ()) {
+    //
+    // SEV-SNP guest requires that GHCB GPA must be registered before usin=
g it.
+    //
+    SevSnpGhcbRegister (FixedPcdGet32 (PcdOvmfSecGhcbBase));
+  }
   //
   // SEV-ES protocol checking succeeded, set the initial GHCB address
   //
--=20
2.17.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#73224): https://edk2.groups.io/g/devel/message/73224
Mute This Topic: https://groups.io/mt/81584584/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-