From nobody Wed Apr 24 18:16:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74627+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74627+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619783548455508.45496880218445; Fri, 30 Apr 2021 04:52:28 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id xUTiYY1788612xwsC93DKy1z; Fri, 30 Apr 2021 04:52:23 -0700 X-Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.50]) by mx.groups.io with SMTP id smtpd.web12.10213.1619783537232942099 for ; Fri, 30 Apr 2021 04:52:17 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=T8J+Yohg2UIDQ142nZG9HlIp424T0/Sl+1p/ki9hQF52BMqEfpJlntv6UBTSFAWqbDZXIuaeS82Pc+cA1Mm5NnCb2rZ4TCgNkyYyHmc+Mx6R8jl6YcmRcOLVbTx8V2pAntiU/TAbT9i60NnIVjhDjiM7yNMVW4cCwccNiQ4Rtqzc/qoZn2QZajrazkVONniuYIZ8/RxMRVV2cum97RjTPSAM+YaEXOBnMSHWV44Cwt8tgubk0PBPS/fJKlB/F1RmaGeJRS5mx0rF8bsu20WkNMVYrbdFOntsgABGHaXCfsniyIt+sIYPcwqDrwf4LImly5eR9wrWXHTWwJRsY/XPrw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DhhT3g2/4sTKZ8qZVp3AUW88RerVeo3KeUFdhs5Jpzg=; b=X9zTeltdMuIaNAhh5fjXcPoO2QG+wbW8Mys2qx3GFiahjmkyETn+UVwKRa3U0m4y95ei2B4EX6dtcE+Vl/d5h29dtWrHfUW7Ydf/LNNGR0pFm9YAisMO5tQFnLWsBT4uUY+mfPcToc3jbBqjqFot/NY/qCNlydrN4u9xgQ6XwjtvsbkUoNlfvL/9rFPQriyYhlM6LK96DJL2gWXmX+7IRStEsS/n2OsREt6fFpKxlAT/9molZ8Ixq8e3GPQPkJXGPzLM2mpH1TAm/M/Bm2BxZxFbSe0Ni19XZQyU7upLsFkdxc2Wn0adAenuDJLj8w/twaHIiYdNBgQO05WYYzbcxg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2783.namprd12.prod.outlook.com (2603:10b6:805:78::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.25; Fri, 30 Apr 2021 11:52:15 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:15 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 01/28] MdePkg: Expand the SEV MSR to include the SNP definition Date: Fri, 30 Apr 2021 06:51:21 -0500 Message-Id: <20210430115148.22267-2-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:15 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: fa9e6762-7ceb-48e7-b1ee-08d90bce6608 X-MS-TrafficTypeDiagnostic: SN6PR12MB2783: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:813; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: S6FhKRs/b7ra00gideeOE2fa+YeCafqSRbHOTqBH5yVQpX6KyGXqbxKb/1T+q57Qg+f70Ygtt7L6xaMUFdC9z6W7SU6+PgD+APeYLOkl44XHHfhDf+JE40f8f/r/QBfdl3Hkc9k1VofNYM4X5mde8hwVwb7rLVzmGnKNFNZIrdgvPBzyV542smLIY/R19/xbMIFujL/d38oEi43iWueVke0cKnMcx/xZcsnMtTzQIvdMGxvpD8HaAsySwOuTiXMDM8BmdE8RwOBJSfEyqIaP8f4/MOPhgxT+MHGS+gpu2NvkPGxV7VDT7f3kyXP/jIIk8O/W4Nx/JIT6XkiXB7gcVWlpZGMDE2AHTAG5UG36kvFCI/9wkB9QHuCIDNJnaiqttjARRqvK4iTn2QTHWRDNLmiyt053lxrMt/Y+xDnRoIZKKRMA5LvYhJyCYMQDG2JlKvkmoqEKlLYBYgpQFIaRmgCSA3c2pnHlruMUy1+tJuOs/aB2bxf9KpNRaFBRbkmRL8Jvx2IciCAbYuOU6DDr+QPZ5vBGNbjwJg3LzaauR3cX4ah4Zieu429KXfAK+4qLMXwBVfW9kHOwcKJe6b53GMaUt5m/6HdV0IePnR9KLLpSXVHPxuP7DdFMuPSx0NCTe5Do0tuZFrJtQa85WjEJsM85a1iedCR1wc2aJHEwJbXUuCXvh8S8FEdgLhqTVtp7RsVUVCvwJYB41MwL8rLV0uZvbTZdqeTbMLob4pvPWIU= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?P/p+dUEe0mVT8p/lvItgSRuT1xz6eCqez+oJTuMYQ6buwrFMO/Yshorq0P8X?= =?us-ascii?Q?0JNFtd6QZYJXm2RUxJ7BIjPbwtzB0QO98O5BqMoZfJQU/GKG0zM7McXsgq5k?= =?us-ascii?Q?AYW3UnwzjFG8mvCH+zeGvNeLu0VVSQbz7WBUUJt10FE+YxeyNtxIiUNv/pZ7?= =?us-ascii?Q?64SeZ7CR5uTOIcvf60QjB5xvF/IBA5PwHxCkmLbmeWkMjQmiRlXVzcgEY4M/?= =?us-ascii?Q?Lc3+BaSfAbsud7DozVggU8PnFlCbrE87l8+WsD04GpscHKUIPaBae3K+oUfc?= =?us-ascii?Q?f2w2T0DHj3hUkaz2eMJrhCTHf7LseRJ2Fy1OzCWNiKyEs+s8xRTGufz/+T5u?= =?us-ascii?Q?1NfdNMa+qyimOLUITxWdTrrd19rZzeM/fI1d2Gog0Pdb/oNCZ5cI8ocb4H94?= =?us-ascii?Q?qO53e4YNl/Rk1p0vaGOOt+xdP07gFLiogHXsjAmuyDbuEnCauRDNP8Id/vS6?= =?us-ascii?Q?DOPvfXNCfZdyxLEvNBVWGAMaPJWW6re/MGLnilfJzCJO88fcdntDbAfJjQm6?= =?us-ascii?Q?AYWQTuwLdudFXguKIr8G7QUXYxVRn+QLp9CRX/5maz5+9bGVeQtmvBaiSOJc?= =?us-ascii?Q?sCgMfgZUFvZmND6HlrzVc22aQSqeG9dGsrGnlYhPTccAgiq6TSJ66ODIE3pj?= =?us-ascii?Q?AvEjAmmHcOrotmBtKbjj1KZcEkHPiC/Q9SmWEieexUw4EEkSy17lsd91kIUJ?= =?us-ascii?Q?GmVqY1a94gUUyswdNLzfeU7Kbh1tNVPEhOEYFD6q+idaF7EK5W+oOKEm06uQ?= =?us-ascii?Q?pYuLEKL0mPS7lYFaw4+LPMvXmya0EMb1mPXhw1M/CylOw4j1F+i9xyOgVhhb?= =?us-ascii?Q?wExyZpg/KVvWLO41ijMU5ni0i5iFfi3Ipz9VyvnhNDQNwz+ONU7R8+heyWSZ?= =?us-ascii?Q?PRNqoPYLC8Ob04/L7lZ7TZUuDLPQPN1VPhlhmaSWW6SjTFxRxDsPQ+ZgIgbZ?= =?us-ascii?Q?waYgoL0cxGcjv7Fj59vV2Rn8GBRcMkCCI9uO4nUHBm6UCye4SxC/XQo86dw7?= =?us-ascii?Q?1rqsHi/wd+YFEwNeoH4BbZYLx3XJ/IgQgB7SSlDtHQxFP9GmLcyoZJJZMlty?= =?us-ascii?Q?/tGqZBYy/Dwo112y+wekW99hpR1CrCDsv59s8v7/cIC+lSeQ+IYVCSPbEP4K?= =?us-ascii?Q?fVozemT971w21NZJZlaFeWqMLBx2tlPwyns1PAssiktnHlEVI1sEzpQ2QxKj?= =?us-ascii?Q?OsYAwukZ7hbS/CaRq5ObRR+ryNI/zMwydpRNfFu0TCjCyemCSWD8XKw13p8H?= =?us-ascii?Q?l+1y7pAYyYYbrwlcUtUFGhHOPVOalLYGWQJ4pljiEQ217vd1VA/7LUbDQKWB?= =?us-ascii?Q?mngYwntrYBXhk+aGORx2AiKD?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: fa9e6762-7ceb-48e7-b1ee-08d90bce6608 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:15.5248 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: E38ae2fiD3ueOEvVYE+gFlcs8wG7QFjO9kqPKsKbvW2yDo07BGEYTaO34gIBDI4JY9j/IDKKPA7hkionPmqRvg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2783 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: CcJ8zGNUZMs05WVxIxMZMGiLx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783543; bh=NbjHOQpcAdHkZw7OXwjUBXeVmlZdODQkWC7bodOUQNY=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=GeFdVAQY/wEHyrdecdEdMWcLVVRJq37u4gu5gqD6glROEB4km2ffGnEr1qpoodOeMdh zbSvcHEXBiIzkuy6XNwQLutbylYIU00HSn3fgk1soZCBuChDXh5zgHGSGpaLDD2hYEAxT 2+CTy7mlAHJlk3hAkFZb4uG+lta4UVI78uQ= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Define the SEV-SNP MSR bits. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- MdePkg/Include/Register/Amd/Fam17Msr.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/MdePkg/Include/Register/Amd/Fam17Msr.h b/MdePkg/Include/Regist= er/Amd/Fam17Msr.h index e4db09c518..4d33bef220 100644 --- a/MdePkg/Include/Register/Amd/Fam17Msr.h +++ b/MdePkg/Include/Register/Amd/Fam17Msr.h @@ -87,7 +87,12 @@ typedef union { /// UINT32 SevEsBit:1; =20 - UINT32 Reserved:30; + /// + /// [Bit 2] Secure Nested Paging (SevSnp) is enabled + /// + UINT32 SevSnpBit:1; + + UINT32 Reserved:29; } Bits; /// /// All bit fields as a 32-bit value --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74627): https://edk2.groups.io/g/devel/message/74627 Mute This Topic: https://groups.io/mt/82479047/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 18:16:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74628+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74628+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619783549075142.40452955557168; Fri, 30 Apr 2021 04:52:29 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id zHzjYY1788612xY3404IV7WK; Fri, 30 Apr 2021 04:52:28 -0700 X-Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.43]) by mx.groups.io with SMTP id smtpd.web09.10434.1619783538721945423 for ; Fri, 30 Apr 2021 04:52:18 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AVYQhcRVrWFuaBvtFHp5WIJzc4PowmhvJFBfgUzRAb4AfCUMeZhCPuUXfPiLyt3C8Mu+Wv+NZn8/9y1HeXLvnVJjNP7KxiSYfymKmZbZKrOpZ8hA4PjHOlVkKxL9EdzqpNlhUChogZsE+gcdTZkbs+LJrrbfzWjRDzDYr3A+48rWt4AFK6DkAH/9LyZSjQAzd64pVG3KwNIbw3JrzIVLdJb57PfaDc3g9aNOUBqoM7qtUHbyEibYFS4HduO1cYFTy9cv1VuOihxGFu2aPza402d01eTzYdfcs5Znl0/s62fpNruK/OIQVsFWctlzYwvtG+T7ZSkTN5au7DfsbqbvsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nVs+n994S7okaOnJQM48JSKOYf5c9852goa5UH4OXsg=; b=HitwIiNtvRwbkR6xwkTa1lh28GiqOyP0ShZmdH+zA7JxSXE1I3CzBR4p31heCQOC3UAd5gzSk5UAzidKkU214tkRq4jcU2+ImAqKY2dFXKqFlEhD45j9moraSI021YwOqhPZMnWR8QejQS7qq5BqOs1JY+1xYvoz93491m2yawRj903xuxTN+0yXJ0rondqCh0cyKzI/xVAbDx6XwkAi8Z1Obou3pH22UNx/tQbwY4PIYv5UtLFr7xjYcj9cu88JrbhFiJ33XVSr/GnL9Lv3z62U6pJBd2AM01PPSbp31hXxZBTkNP1wpnzqQt1JyUjlfP25kJSTCclJgZucxAiLuw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4349.namprd12.prod.outlook.com (2603:10b6:806:98::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.23; Fri, 30 Apr 2021 11:52:16 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:16 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 02/28] MdePkg: Define the GHCB Hypervisor features Date: Fri, 30 Apr 2021 06:51:22 -0500 Message-Id: <20210430115148.22267-3-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:15 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 73526d4e-8ecf-48e0-571c-08d90bce667f X-MS-TrafficTypeDiagnostic: SA0PR12MB4349: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4125; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: ppITOhhJKO97xKYsjGFTa+IVW2JOS5wm3nSCifs4kdcr8mnmkg1zcoQcGHhbv+AuOj4es+GfHXtY/TAZQUxfUYFxmTJtVxvUpdCSmbjt64u6nDiiRX+4uq42BaCaZBFsGaXw8uu8v0HnM5Ikx20KYlwQGIexMmEPwR2rTjivNpDKeD3utbtvX6F+kx6MHZciHk0x6XorjoJQPV6cLrr+pMom+IG6pU1fTCTPBSYgYfDeX9xubVGvoRqjQCtvXDHX9XJ2z+7kbBedyUbWSbP7/aEQSXb3FeOlebUQN+7VkBgxMFnBNSBSDEnPTkxFc0+PqQFcH0a44MAAiXFq330iyQFCq4SipFhYZhfNUvXL6ZQGfaksma4LJ2k9JrFA7yMKPfSDmEBl763dXWRI/IF+SqGFeG3WQbpH9I7vqsezXIxs/VVdfnZrrMjaYQd+Nv1C5kfNkqcRKzueNx6MwUafqLlMnitd3iCtyICqSkdNulYy9sE+IzgnVLyqTwDNdy6DyhVIxyeFwBUsAoTxKrYFAXIdHSvuzlIS6XwZimFzBIlGuKMMGF6vPKZnaVhpPBPtiHu748bc8unI1zmTQxDmL4IPWmoql55C5WNwkfO0QFajO4UMW9veHQqFBWX4w+XT5rvA7sSS2ICxT4dQT4Y1/RVU23aRnZMsS76KIhlJCRRGaHHV33fMsBh3HLonLE4+CfHdlSHv86FpCJUDMOBPb24TL5QX9kr38x+Gws4Dfto= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?IaE+E+BGp20GV46VanBrAvplV+/oogf7VGYOM+Ixvs/YNIX2fS30Mt4+uDeQ?= =?us-ascii?Q?b8c/aSgDYA4bXQDMDox/3bx6KN1cYeYdKG5sWXEProChsQirTusAuNrrHkyv?= =?us-ascii?Q?Tp1rApZQlgwXSYRd/nhjfO3r635zLjJQXhMb824+qCv25vfXeXdqP0YAeYqX?= =?us-ascii?Q?GfOrz1eyNKfhisUBCbE783Dzzv9APL9xnvwZKEkBh8rPcOAlCgXvCipIp8/9?= =?us-ascii?Q?88nVdE6ODKz0+6WDkPjxpYYJp3mStjo6D85XlHaEI/KeH4WC14vLs712hzPw?= =?us-ascii?Q?vRwRBjvkoI6U4vf03EpqULXV7kx75y24eEOLiTJ4yDPjmb00TxzwLOwwDncw?= =?us-ascii?Q?O1yw8bkt1G6Wg9D8T06bJFmfltIPyeOfp3d0JLpY+JjK6r7OhZUORUG/Hk6E?= =?us-ascii?Q?hKZgSNyMijRjNz6q+OjXnUMkzsL9gJdYmGIuBGQP+rvJDXR9Bid4ZNkS2EjW?= =?us-ascii?Q?7Gh6SIsFprBhJ2927KMwYJYwbZwWwvPsyS/tyLbGSFnriM55YUErpgHl3WtB?= =?us-ascii?Q?7G5zfUfDcWhyLkrOY2ugaNLPxkKeSe7LQFAGaC3fXzC0Na4+Qt6iIhNIk05n?= =?us-ascii?Q?SzixhwJ0NZ2p1CLb6nn2u5bSQPlVk79GPMH3XVqTG063C54Kwrt1lAI+HVkF?= =?us-ascii?Q?iY6i8kOvo7UdiJZM2G7+iB/mWw48ICwhxdIqJiL4KdZPX6RXxrkwHGTNydN6?= =?us-ascii?Q?T9fpApuUFcOl9mOzBLGiloo+lvoUuA5mYlzSkKNK0fN/INhxIybQF7PZUfAP?= =?us-ascii?Q?NyFDEM135YcC1Itqenf0IWOD1eo/09DH6jFG6qLIatpRgY3k2UmsRqcQp8tX?= =?us-ascii?Q?QkDssuJWI7LzX6fBamRhvYgZmCEnPlOvU3KqiwT1Q3hQTNb50ppzx4E3kK3W?= =?us-ascii?Q?Y3htzkrPy4+IiEOaiZdr9Ois4ZFjX3xRTUbKL6ZBtR1hywHz5my6tp1tBNRp?= =?us-ascii?Q?rmjvjg6cRvkuhSM9GBlnxZL6jdlvRHfrH0jXow+kKtbA3DySp+BN11w+SPZM?= =?us-ascii?Q?nOzug+xcARqLbUOR+EVn8BFK5bK9iV6wQNyicGcBibC5zpExVoGHy6zHELKV?= =?us-ascii?Q?52zC7fhezvcavGe6HDSZARNYzg9XulNPOXOjJzv21rnTfDL44YMZ8oR+pE85?= =?us-ascii?Q?TeXcjjosYNLGQEIQpFRNazCs+N2ql7pfMFM/XWn1OER9u4pCLX0ITxgvId81?= =?us-ascii?Q?VrhBd+55Tsfpo2C2NYf27ZP7H/DgIwwgjfysgoY1Vfolvt2dW2qyJleIWEPv?= =?us-ascii?Q?Yqi2ECX8gvf1U1pYwHRuCcAQ+froEyiXSXM2pQ2y2Cb5aFp85OlYVPdSE2tA?= =?us-ascii?Q?2OUGnzARELDq4b5ilRVlTpjV?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 73526d4e-8ecf-48e0-571c-08d90bce667f X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:16.2144 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: h3U2yywrV7wvRQx5g6E2c3JWgjuGfcVIXfpv4oZS3bXvN9u6E1b1wS0egTZ8tDNflwgGOC2bN9iaBGCdDA59Lg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4349 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: PDjhtD9fhof2rfdsP2fk5ibQx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783548; bh=67eC5pFR6TVYu4oQ6AEYb7VDA4kQj72G5w1rId0GCSk=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=EvQJS1ctx68187UTSJr8QoCI7sIImpyqzM12CGu8XuLNMpvI/wUWbla1UGASUyg9DsY dd/mvdKgMFFNlywwh6y6XeaCMpCqDBhsfj11WFoaYqp8+E+n6jBjNK/qeONT/KKSyCsO3 UNbpz8pVzg9zjlxHRKgh0dL8o5zbuKY0x/4= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Version 2 of GHCB introduces advertisement of features that are supported by the hypervisor. See the GHCB spec section 2.2 for an additional details. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh Reviewed-by: Laszlo Ersek --- MdePkg/Include/Register/Amd/Fam17Msr.h | 7 +++++++ MdePkg/Include/Register/Amd/Ghcb.h | 6 ++++++ 2 files changed, 13 insertions(+) diff --git a/MdePkg/Include/Register/Amd/Fam17Msr.h b/MdePkg/Include/Regist= er/Amd/Fam17Msr.h index 4d33bef220..a65d51ab12 100644 --- a/MdePkg/Include/Register/Amd/Fam17Msr.h +++ b/MdePkg/Include/Register/Amd/Fam17Msr.h @@ -48,6 +48,11 @@ typedef union { UINT32 Reserved2:32; } GhcbTerminate; =20 + struct { + UINT64 Function:12; + UINT64 Features:52; + } GhcbHypervisorFeatures; + VOID *Ghcb; =20 UINT64 GhcbPhysicalAddress; @@ -57,6 +62,8 @@ typedef union { #define GHCB_INFO_SEV_INFO_GET 2 #define GHCB_INFO_CPUID_REQUEST 4 #define GHCB_INFO_CPUID_RESPONSE 5 +#define GHCB_HYPERVISOR_FEATURES_REQUEST 128 +#define GHCB_HYPERVISOR_FEATURES_RESPONSE 129 #define GHCB_INFO_TERMINATE_REQUEST 256 =20 #define GHCB_TERMINATE_GHCB 0 diff --git a/MdePkg/Include/Register/Amd/Ghcb.h b/MdePkg/Include/Register/A= md/Ghcb.h index ccdb662af7..2d64a4c28f 100644 --- a/MdePkg/Include/Register/Amd/Ghcb.h +++ b/MdePkg/Include/Register/Amd/Ghcb.h @@ -54,6 +54,7 @@ #define SVM_EXIT_NMI_COMPLETE 0x80000003ULL #define SVM_EXIT_AP_RESET_HOLD 0x80000004ULL #define SVM_EXIT_AP_JUMP_TABLE 0x80000005ULL +#define SVM_EXIT_HYPERVISOR_FEATURES 0x8000FFFDULL #define SVM_EXIT_UNSUPPORTED 0x8000FFFFULL =20 // @@ -154,4 +155,9 @@ typedef union { #define GHCB_EVENT_INJECTION_TYPE_EXCEPTION 3 #define GHCB_EVENT_INJECTION_TYPE_SOFT_INT 4 =20 +// Hypervisor features +#define GHCB_HV_FEATURES_SNP BIT0 +#define GHCB_HV_FEATURES_SNP_AP_CREATE (GHCB_HV_FEATURE= S_SNP | BIT1) +#define GHCB_HV_FEATURES_SNP_RESTRICTED_INJECTION (GHCB_HV_FEATURE= S_SNP_AP_CREATE | BIT2) +#define GHCB_HV_FEATURES_SNP_RESTRICTED_INJECTION_TIMER (GHCB_HV_FEATURE= S_SNP_RESTRICTED_INJECTION | BIT3) #endif --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74628): https://edk2.groups.io/g/devel/message/74628 Mute This Topic: https://groups.io/mt/82479048/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 18:16:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74630+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74630+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619783540806764.2646552376766; Fri, 30 Apr 2021 04:52:20 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 8ZeNYY1788612xTeTLjLQfbb; Fri, 30 Apr 2021 04:52:20 -0700 X-Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web09.10434.1619783538721945423 for ; Fri, 30 Apr 2021 04:52:20 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VHSjiEAos5D1mreczn/BUUnKw3qHZoe7CyiXIH9IoE68WSBZYRUWFj9yf5KuoCE7A+BYRBay4yLzxictzyH9kjJrpOPlaD8aQpnA664Rpi+ufjktpfBfBg3RbxyIhsG396JCKfzgIM67YBae9ZjuQYIHa1LPtek8lU/GnlqByF/b0fROaAB/r67bCuaL2yK6Va33Pl+8Djp0i7dGpWBwb0HWjdqpMtu69Oz7o6mtJcpDc3S1i718z/xNZyu1plGiLvDRmPrbjvU0PsM3C2kUEMRR0iw7J1KCbM2+ORkvXkCiEWH7Z+S45NyaNvwG4IgRC9Cs/byDEdiym5ixrJs1Ww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KymP9oBjoInCaIHMVwzB6hmxMeyltOuEIFAd15te+Eo=; b=Ir6B/K1bXu3sNzv8yAJr5PBaGxvTjDsvlLKMoI5kHKXZwZIzowFcKxv0GgkfvBdAUQt1l2nTFzyxY/m3FI3LAfNfVQ32By+NUG9m1UCzoyKKBWYzrgw2BYsnX9b3j4vq/n5PA8uBlyql99bx/7FVCFZXcakFL5ILS78bJXogeEM1dq5UF+iovUMK8SOtFnRWAqEVzlp50cCTZMFw54NLMDvLSbQLf4546J5qVtH13ASxu/eXi/WDc8uC8Q6+ZneZEUr3BUhhhby/mS2kenM3k3esSSBvi4i9msuoa7HjFGPy1k/8V/R70GcKmvMqOPZMdHhbcAvHJgZKImN/rD2ylQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4349.namprd12.prod.outlook.com (2603:10b6:806:98::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.23; Fri, 30 Apr 2021 11:52:17 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:17 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 03/28] MdePkg: Define the GHCB GPA structure Date: Fri, 30 Apr 2021 06:51:23 -0500 Message-Id: <20210430115148.22267-4-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:16 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 47d08792-90b2-4335-5c44-08d90bce66ee X-MS-TrafficTypeDiagnostic: SA0PR12MB4349: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5797; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: l9QQ6+37EeWEksSw9CDalzIo+7pSXLdEQZvanWGOSQZe1rRs1+EwfucjXCT8IqdphwMErbOjel9nqAky9G5mrQs3xvzuyLsuKvtoVjbESexUN0Rs4tl7Xo44F0gxgIWeYG0dKAqTdLqFDG2WQww+QOXTGNEsTr11+eocd+gyxTIAjkEdCcJ8Y7X7x51UA3SqI2RzfirKWZYoRvxM1EDfUTYdVRWkMYjCHr5KRX3WkrMBG48U0Hjta5lz168KARskmsxZtAFG4G66l5kc92sXEDkVSKJBPBlvvyDS1hmDU1Ap9/r/gUjr10pj/Foi6/xPFXMoESSXXVMUPM3pvLB4PTsgU2KPfvBeO1m/soaQ9W+SHsQMpalxziZ+dHAdBFTuwlrLJN/ml9FKQLSSCSXr8wF8k/aQR84WLN4FTJ7TdXtnSZFznpf5YhUUbBXyFum829+ggX/NVvjuQs4ZZUnUCDRcD5Lz7XvIxBhGL9FkbJ2rgS0/O3OF4s1c3rX4+iUd7ImMmIADEW/70GI5VU4K4/gOvUU/Wlk2IU8ZbNffs13G3GfMx0/JJ/4IRj96dLxrSTJ8RynjIltmvqPUpLBWA5Sz/F2tcbUDysPeEy8kPjIGT1kZTAPrSDgZE6IPNZTt0lGdBVS8l+NPgZBheRqa9bdTcMzbsOi8tHRjBOkxkibSOu55KB2ATVaJqzx97qL4eGPdxYRM06vgtxh4e3QjEY4f+PiEqLhbIjzNMBUmuVU= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?U/uaXbLHd6A8e8BDpiVncLTpAxFK8XDBJrsshlVhxzTHVXPrQ4r/U1UQTUYA?= =?us-ascii?Q?8aD0RyP9HMqOhq8mtEauXA/04ff3FtkgRQYV0ML605bj4iL/EADgu1ScLTtz?= =?us-ascii?Q?yUq/m+VgcYs8Twryu6M8v3Rtbyf5mBp64Ja1NAb/lnzSq7u9zvOon7OJQfi4?= =?us-ascii?Q?JHtEcRweR81g8rf8MFP41zokFZe1fsbgaHsA23SzK3H9DyaJ4XUNsGlbdUEv?= =?us-ascii?Q?TK2qgY8yS0gCGj8tI/DO+a3VzOzbw5u1t296EbJ2BJo/6d99BqLBimspjJCJ?= =?us-ascii?Q?0cCPDZrsRWjNU8ansAyVnJcpqyJIRbzs7Z32tUjJTQelJY1/TnPsGHJFuJco?= =?us-ascii?Q?VIZ8omE0hsD7ZuAMXX/eMAy2SgMwSMei3zluvLk4XFCzR1TkIXUw0KKxZN0W?= =?us-ascii?Q?DkvOvj2ogjryviv16ZAy/zbM4j/YO0/Ne9A3obCsuROxszGY6EzozCkG0hth?= =?us-ascii?Q?IOwpryU5TC3pcnKb1Y/3BWOwYf2mtbX6zt4tpeXHwHF3vEizPV2OgiCyTZV9?= =?us-ascii?Q?uSVlshOhWenzhaRXxcXMMOfS4Bgo3x44R0TN72vFrm51ZC7qcYqftILvvzya?= =?us-ascii?Q?qobGajDDjj80+n4crKtEs5u7QiS5SkvB0MiN8oS1pOlKXXVFL7Z9Cm9L82Ao?= =?us-ascii?Q?ak1aRqAFICazkKLQWoDODZTHgDlak6+san7aPqCHiHDIZV2I6AhIwmM9nxbR?= =?us-ascii?Q?SqYa2NRRUmd0L67R6Zj3SwgdeTUF+sPm/AUYDCU4vsZceZqS33S/JYpOBJQ7?= =?us-ascii?Q?KhOk/ddQrJubdOs+kWQBwD7vu9y1U/1DEEMhRrbHvqdL6pQ44KFTrS3uDXIl?= =?us-ascii?Q?+sG885r8NLk1SJ4Rb+T6TJUY2gINa70U/kwvlFD4clvDOdwHOXr6GrsJceXq?= =?us-ascii?Q?JMMf5Fv7nTi5unQ6CG9Rb0A4OuOL63MryRDY27n9LYpePN48kTOX5r2Xt3U7?= =?us-ascii?Q?t9W+EUvHrihSfCVWT3QhM60x8mgPxhtg1a/uK1q4xPeLjM/8YRar28XLYI/Z?= =?us-ascii?Q?YLq8eUmDOt2iPjx4me48coq71BA18LdFj1/fRBJ/sg7ZCYAYDSH5RSHxxGvE?= =?us-ascii?Q?nPDey96qUW0mkqsza/RoiiUIF75L08RqTQnHRXfXziYuuvZUxrgBuSeISOXc?= =?us-ascii?Q?kNwTvX6Pj9mxKVPb9KDe45MSgG8Vi7Kn9/h9YTwhRycGue4KnreFK65VaBMc?= =?us-ascii?Q?fx/aKohuhHHD3kZOk8buMgurflObW4X2+500vCi1+N6s9TCETNuO5tU729sv?= =?us-ascii?Q?DH+dQAroZGpNr3Zjsy6GH3cvc/ueSWAsYEVegoSIkbqIuAb49gGBfe3T/Q7I?= =?us-ascii?Q?yhz8Pn6+NXVchHKSgZJDhqQY?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 47d08792-90b2-4335-5c44-08d90bce66ee X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:16.9870 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: hOBbJXOoVWTzBi6LPOiaU4pmB0IkCo3pOBVhQi6TUzaSWlh0nvOr5T4c9bxeNRB7+RSpuAn89xgEwe2C1AiPKw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4349 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: noR29FMAmRxai6bZ4DFeWHFXx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783540; bh=TZ67f5EhRhZFqQcSFluPf3KCRfamf1yiYVMTzuL17Cs=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=uR3ZJjgk78jskysta61SHdrkqfF5sWWzqk5pVqKPEb12SW2YX9LR35zcU2zl/UjiM9a BvsLUfoeT+fKEhBVsQE8PJ6urz7DT38sCpqpHJhDmJeqgaBgSWFROQswWHKTfOUxglNbb L6oGVXdCzptFrCJQ2lKMwMKfatkj6Cd9YUo= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 An SEV-SNP guest is required to perform the GHCB GPA registration. See the GHCB specification for further details. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh Reviewed-by: Laszlo Ersek --- MdePkg/Include/Register/Amd/Fam17Msr.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/MdePkg/Include/Register/Amd/Fam17Msr.h b/MdePkg/Include/Regist= er/Amd/Fam17Msr.h index a65d51ab12..e19bd04b6c 100644 --- a/MdePkg/Include/Register/Amd/Fam17Msr.h +++ b/MdePkg/Include/Register/Amd/Fam17Msr.h @@ -53,6 +53,11 @@ typedef union { UINT64 Features:52; } GhcbHypervisorFeatures; =20 + struct { + UINT64 Function:12; + UINT64 GuestFrameNumber:52; + } GhcbGpaRegister; + VOID *Ghcb; =20 UINT64 GhcbPhysicalAddress; @@ -62,6 +67,8 @@ typedef union { #define GHCB_INFO_SEV_INFO_GET 2 #define GHCB_INFO_CPUID_REQUEST 4 #define GHCB_INFO_CPUID_RESPONSE 5 +#define GHCB_INFO_GHCB_GPA_REGISTER_REQUEST 18 +#define GHCB_INFO_GHCB_GPA_REGISTER_RESPONSE 19 #define GHCB_HYPERVISOR_FEATURES_REQUEST 128 #define GHCB_HYPERVISOR_FEATURES_RESPONSE 129 #define GHCB_INFO_TERMINATE_REQUEST 256 --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74630): https://edk2.groups.io/g/devel/message/74630 Mute This Topic: https://groups.io/mt/82479050/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 18:16:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74631+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74631+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619783541401681.1257028920788; Fri, 30 Apr 2021 04:52:21 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id H8TaYY1788612x3qzryKUmHN; Fri, 30 Apr 2021 04:52:21 -0700 X-Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web09.10434.1619783538721945423 for ; Fri, 30 Apr 2021 04:52:20 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EZOpxZ+neb8wO9FnMRDt4lmiGEbQ9YbReL+zwfABGB49CIC4wDkY6GVuLi82qz9xEdMA/OMtT3I5jqKLdmq/aT1zWtoBijR6M8CV1U+5Ja0HLGC6+eb3M1hUukVucU0zjfZzIq7UVTNUdCEx2/jq73KH7jKxAAm20slLDEDOm0wXfmpIfpzuREhTw/kdsF3rkYrHvbW5KVEujSjNmvUXEb3ZMhbY87JBaX7jjCaP4CGkFj8Mey7BWqIDFJn1TyG3PvINpzGPaOLkPtScIqARd1saZ3Kgm1Cg9Sxwb8+7aWKw3MvhpiD3sH8vRdr/cIJ95qexGIf8AhXnMPRxPdG0AA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UL7nLvQbdnJPoynuSAy9xS+iUPJ00dLWqAQAMHhOxiY=; b=P6qneAK/BDqqrC+EuX1dcQjmyFubZsYaCWMNjtP4IpWb7di96ApaLnypH7VUOvaZJvNSnSeK0062APN3yfLYsG6a0xJE97AtfgKm/9VkiS7Yot3cKqCvPBZOhhU442DuQiUzKAw4DLHOwuCTnv0ZIR5jhh60jJ79r7EokvNZOUptNZNsvsijAIV8jSNUmpZiswGdl+2XsUr+NZeQaI2+0Vuur7jJdPgvVCt3SkE0b6x+rb8z9pwjNjwQdzOB/sKDwk7hho1kGd4Y3KZYqOPp4wUrQQoN9gTeL+slhpDN4kLXKFExDC+VeptC7cfq4DmMFBXCPuXMsPDMzx8lNVkBMA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4349.namprd12.prod.outlook.com (2603:10b6:806:98::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.23; Fri, 30 Apr 2021 11:52:17 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:17 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 04/28] MdePkg: Define the Page State Change VMGEXIT structures Date: Fri, 30 Apr 2021 06:51:24 -0500 Message-Id: <20210430115148.22267-5-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:17 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 634b5807-e1c2-42e6-4c49-08d90bce6755 X-MS-TrafficTypeDiagnostic: SA0PR12MB4349: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: 6iKkJ2yYpya4IcOApP+MI2MmWvu5Yw8kQii5D4mEWBtHq2ynyDMrUMIWmFbKhIaKgqR3EgIX+QGM1myVwtp0y+STbNcdV72NUZw5JLjQNAaxk63CqVE1pCjWIxUwBR0peh7GuDT1Wblt9D8KqAEtJcos6po6XV+9Fbu72iKiSRvP/SyniCWgwLXt+3shCsD88PxbHNydHC48Lrvs+cLLguU8C1GyJjH4V/8OqAPYsq4rCpi5tulaeuYw1IBBhOQF7BX9pIZaO0nb81uqWAth4JQ2zSxjW4p4STEgO3p63EuA/pNZAJ+cuQqGNFoftiCD9ljjao29hU/DTjFvbKEgc6uo7opelk6FWmDu6b/ZtfCat4232DMS/WgSAZwIQ48PZzu0+kpRNNEnTZ7k82uXgGA8U+sWul2NcXPRafSmOJa4OlEgRMKyNhN+VdhOTHdoReJjBY38iXwMnLdZ5X6bnExwCJ34uzggYDqmpdNi0bUOjqNTMoJ/nAhIisXsW6Xy+rKjDh151u7q2+stDHBke5Nn2kcf+FGRB+E0AZHgjZRSq1uGOPR6oFd5PYzfKOwZmuzQG/iwtO6caXdHD3id9RgILZST0fAoO4QJxsai7uaG44uj1Is8r7LFlIyEK/80Sc74nq85UCgFLuDRs8hmIoCqk9uIRG0jwza1ZjpmkljH+wDGtgw/g+PDI0YJLVM+VZr3BXZ/zT7pdYjdp/3kSTseMfIt7emoOn4umQ1322g= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?Am+ZsUQ2sdhhig4AhPKkccii8/C0Oe9ci9Hh2XkL8Ion3VdmpGxAkLjWqlrq?= =?us-ascii?Q?3l+pAI1NBn7ypOkKt9j6oP3msXkz+VkCr1B7elFTtYJtcCBFxQg+RfwQXnD/?= =?us-ascii?Q?6aTR6iOuX6XGOM3MIUuk5X5j5n4nsyRzWMvAK0acRHBixHLA3ohKJqWPYSVg?= =?us-ascii?Q?r8TcpKHiCHuDHrYF/Mo6gTaPjNtKgIvY3v9zOSnPTwFJE0V31tIFmtGVVitB?= =?us-ascii?Q?r96CG9n1bBHEj6FIDKgmBuV1apFKJ7pZ6SSGJ3PP+MQKO6ERKyJyrdbAZdnW?= =?us-ascii?Q?v+GGi3RBqLbEcemkU5xwnv4yyqGoYM+nvJdxqMd+AzSF8X8doJbY3NESHsAu?= =?us-ascii?Q?5LJmvPUb8oVg7XTVNCj6M+2Bug5Whw+PMI74LO5/DlH6v8etpeWme8dyk9fN?= =?us-ascii?Q?LmGCsjtWyAjsT22iuu0mKw8/UxAyphr8I94ooMRYsk066hMzTq0pyI68ZKae?= =?us-ascii?Q?uMWU75YdEWgOjq3+MFflE4N89y+SXw01/5w22hSlxj40mbsj9jEtiqVuoc72?= =?us-ascii?Q?95CVRnwFMgQ/ZrhbtoPgqsN9wNsOtKYmKrx6Z8A4ouvnKHIN7AjK597D/19n?= =?us-ascii?Q?TPWx6No16rYBozkwTV4Um+zDPZvJbYlHuUEdcg4ijPc4RhpmkcwFV42jaktz?= =?us-ascii?Q?EMxyKZKFOeOlWJJKs/ejMKz5TZJTEhn4Zi+KZabkPelXvMaIpPQ75777mCZ2?= =?us-ascii?Q?Lr9qSuUm+ZvHbQx7STmh+vdQTAx3UyJOoYEmCyWg9epp3N0sYGun+s3y8qnv?= =?us-ascii?Q?QHqnnt3bWjqx7jj8/dtfMcFACCVK1vSJ8icV2bSqxEPd5RlEaxgE8QQzpXRB?= =?us-ascii?Q?q3WHJfMcvQUiB+StHWopTB2UoYDWslrH0fJh3W2G6QcLNylCj0qs3GWDlqjC?= =?us-ascii?Q?ywFnsKauq39pD7IX6mXOIe0wGZnH/Cl5cGuRD4Eg6qpBZf4vO0CoDOfUMVqp?= =?us-ascii?Q?zt9n533hX702x2r4OAngPgsbKTul+jXmWtTWsxQv38QoWQTC810xEY2fLWO/?= =?us-ascii?Q?pSSb+RLXXmpqrVcS7UmiorzOmTxlXLZ5PdWpGNQ1qxKcHvq2avZo9jikLTxw?= =?us-ascii?Q?tUYIJsq6e60M6J7BRSQiBDb37FaJiFDj/xjgKwOiQ2r5fQCy/FtvEq83esv/?= =?us-ascii?Q?R/waKSDdqclsB8Gib/hRKwcw57n2JPuiQ9I9wgtRNWj7JfDlClHMtkvjhIK3?= =?us-ascii?Q?zgJ0/nPqLXP2drE+nqsYS73NiPKuXWktPQYonE0YZZfN8LSxMDEcc9Ua1S2F?= =?us-ascii?Q?3xcu4ov0NHObxVn3bSMOi4VwGGEtLLP4jx+Hy+nukeBfOeTdL9U/yg0s/s1c?= =?us-ascii?Q?SRcYqjUT+qflkmbfGYQtzp+Z?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 634b5807-e1c2-42e6-4c49-08d90bce6755 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:17.5876 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: /hxM0hmQJNZwPWHJiuHATZRfayvU/Q0YPm88EgS0VZWiqVq4Fyv2uHspvpJJSTscjbszSoq0g6qBzPXTjTWKPQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4349 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: 5kmmSG8h3wkbCzBU6Oxx1W9Dx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783541; bh=Y1rJb4kDrLrf4Wu5eUcdm+f6MwAPHOtKTDt/Oja8ygc=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=CKtxLBjXIEjDFzAXeNyEm6pqynLvgLZKfmKrE7+Fl6OdLJ83maFmU3wT2wPNIpCOei/ MgwNPA1RBF/vz8gpKOqiTIhma84x3kTaQgUZSbtKTaXeKMKAZ7u0XJzv4SRhY0be8By4N heBFuN7XW32A+CI3zYY457DzPKEXJwLI9g4= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The Page State Change NAE exit will be used by the SEV-SNP guest to request a page state change using the GHCB protocol. See the GHCB spec section 4.1.6 and 2.3.1 for more detail on the structure definitions. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- MdePkg/Include/Register/Amd/Fam17Msr.h | 15 ++++++++++ MdePkg/Include/Register/Amd/Ghcb.h | 29 ++++++++++++++++++++ 2 files changed, 44 insertions(+) diff --git a/MdePkg/Include/Register/Amd/Fam17Msr.h b/MdePkg/Include/Regist= er/Amd/Fam17Msr.h index e19bd04b6c..432cee2feb 100644 --- a/MdePkg/Include/Register/Amd/Fam17Msr.h +++ b/MdePkg/Include/Register/Amd/Fam17Msr.h @@ -58,6 +58,19 @@ typedef union { UINT64 GuestFrameNumber:52; } GhcbGpaRegister; =20 + struct { + UINT64 Function:12; + UINT64 GuestFrameNumber:40; + UINT64 Operation:4; + UINT64 Reserved:8; + } SnpPageStateChangeRequest; + + struct { + UINT32 Function:12; + UINT32 Reserved:20; + UINT32 ErrorCode; + } SnpPageStateChangeResponse; + VOID *Ghcb; =20 UINT64 GhcbPhysicalAddress; @@ -69,6 +82,8 @@ typedef union { #define GHCB_INFO_CPUID_RESPONSE 5 #define GHCB_INFO_GHCB_GPA_REGISTER_REQUEST 18 #define GHCB_INFO_GHCB_GPA_REGISTER_RESPONSE 19 +#define GHCB_INFO_SNP_PAGE_STATE_CHANGE_REQUEST 20 +#define GHCB_INFO_SNP_PAGE_STATE_CHANGE_RESPONSE 21 #define GHCB_HYPERVISOR_FEATURES_REQUEST 128 #define GHCB_HYPERVISOR_FEATURES_RESPONSE 129 #define GHCB_INFO_TERMINATE_REQUEST 256 diff --git a/MdePkg/Include/Register/Amd/Ghcb.h b/MdePkg/Include/Register/A= md/Ghcb.h index 2d64a4c28f..1e7c0daed3 100644 --- a/MdePkg/Include/Register/Amd/Ghcb.h +++ b/MdePkg/Include/Register/Amd/Ghcb.h @@ -54,6 +54,7 @@ #define SVM_EXIT_NMI_COMPLETE 0x80000003ULL #define SVM_EXIT_AP_RESET_HOLD 0x80000004ULL #define SVM_EXIT_AP_JUMP_TABLE 0x80000005ULL +#define SVM_EXIT_SNP_PAGE_STATE_CHANGE 0x80000010ULL #define SVM_EXIT_HYPERVISOR_FEATURES 0x8000FFFDULL #define SVM_EXIT_UNSUPPORTED 0x8000FFFFULL =20 @@ -160,4 +161,32 @@ typedef union { #define GHCB_HV_FEATURES_SNP_AP_CREATE (GHCB_HV_FEATURE= S_SNP | BIT1) #define GHCB_HV_FEATURES_SNP_RESTRICTED_INJECTION (GHCB_HV_FEATURE= S_SNP_AP_CREATE | BIT2) #define GHCB_HV_FEATURES_SNP_RESTRICTED_INJECTION_TIMER (GHCB_HV_FEATURE= S_SNP_RESTRICTED_INJECTION | BIT3) + +// SNP Page State Change +#define SNP_PAGE_STATE_MAX_NPAGES 4095 +#define SNP_PAGE_STATE_MAX_ENTRY 253 +#define SNP_PAGE_STATE_PRIVATE 1 +#define SNP_PAGE_STATE_SHARED 2 +#define SNP_PAGE_STATE_PSMASH 3 +#define SNP_PAGE_STATE_UNSMASH 4 + +typedef PACKED struct { + UINT64 CurrentPage:12; + UINT64 GuestFrameNumber:40; + UINT64 Op:4; + UINT64 PageSize:1; + UINT64 Rsvd: 7; +} SNP_PAGE_STATE_ENTRY; + +typedef PACKED struct { + UINT16 CurrentEntry; + UINT16 EndEntry; + UINT32 Rsvd; +} SNP_PAGE_STATE_HEADER; + +typedef struct { + SNP_PAGE_STATE_HEADER Header; + SNP_PAGE_STATE_ENTRY Entry[SNP_PAGE_STATE_MAX_ENTRY]; +} SNP_PAGE_STATE_CHANGE_INFO; + #endif --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74631): https://edk2.groups.io/g/devel/message/74631 Mute This Topic: https://groups.io/mt/82479051/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 18:16:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74632+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74632+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619783551469335.2088973292947; Fri, 30 Apr 2021 04:52:31 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id ncizYY1788612x0T417F7ewK; Fri, 30 Apr 2021 04:52:31 -0700 X-Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web09.10434.1619783538721945423 for ; Fri, 30 Apr 2021 04:52:21 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Q3dYMPXXIjDH5BuEbSAiTBACiZxCUJ532OqpyNxwhAY41fZiNPZ1V44KJpeZswazFhWB5zYHFDjWhYay6OjKVyojPbvlNfKFSAF8xJNlUnNDqGJnFiv4lQuFx+7mY2bkHvyAsVs2NRZNY7kVcjKaaFXXnDOvf/FJaRBX3XKm4V2d0Or52SkEpZwb8M3VJx/VcqI5P70MZTxMzTGCcPtBTtiMkVG4Xng5w+6620CBKYi3ddI+JGNl7+yYrfek/rohbfjuZpRzN0OExmrB9+nNRVajBYKfT0jxnNbJBFPtwCoZjz7YUDtGK3shTjlPWodPHB1ud44Snbumrds8CvCj1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hAnPWXrg58V4CkZ0Em68spUEBE/PSd1K5Rz1ZLF2O1I=; b=D/OTuHGQrwAJIdNU09OIoK4h+qwSpMx9k0OnbpI0x2qCYBzMgaNM6TQ8sfhSdl8mDhq8nHvw6GT97FwpOWtGUnNdOuoilNVsBanZFy4FhfPtuA+FL4548lbsX8u1Je3PiEj1RKxVojYwBE9jv5NXm2iJWO2qnmRl6gaglRpB0GpBT3kkyf0pnz10ORxe08p6Li3/SAdlPxDd9kEOoK/hSF6gYrFm507QCx7nAQnGoqD4iw5UGrtF1ocBDJhWwk8cYegkVs2vKLI1jZTL64ziQL0deuQW88tEuEHL8BLoyHQwpshP8apCQb45GSKQ5l0FvTmayN8PGWOnAv1Ixaflnw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4349.namprd12.prod.outlook.com (2603:10b6:806:98::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.23; Fri, 30 Apr 2021 11:52:18 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:18 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 05/28] MdePkg: Add AsmPvalidate() support Date: Fri, 30 Apr 2021 06:51:25 -0500 Message-Id: <20210430115148.22267-6-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:17 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: c23b56a3-befe-417b-45ed-08d90bce67af X-MS-TrafficTypeDiagnostic: SA0PR12MB4349: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5236; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: qQw/b8318W4uylgEu/ZeqIfg9h8xnSXre/cLU9UOPpYhNP2/Hp9UduRARYxQYju8wokcilZtTJNy5MeKjikxvhto91O83GTXnMrb8zjISa1RGXwNJtRhQbCO5bJHiV8L59yYOvkqSN34FydmXG6fNMTmxrt4AiIQ3vxxz+XsklSqpSzuBadBPHBFXzNzXxV7gHTN3FnpyrPF90Q5KHLN5lL3VQIoJClTUmnb3DMBzEbhbMo6WXgZYMKWfzsVittQfVqxa1CvL4TJZuyget7CslAveRj86ZCnQS+gh7ap0JStBsgyncp2W/tsC++6lkWY4OzTemlZ9F7dFg8o0yG+UIxvSV5QXG+1aLDnPpL6KnZ9N8dq77SmbkQFNMlMBYg21G0QoOHDO572kze0ItOMuak4lhxv/Dl/06lsavw5X7MEPhnklxZz7+GDaxlL+HgfFzVaWPRvl4sN9fkkLYsvjySFb5MqEtzwsS/ZKiV5KZnuaWUgdoVXxKVeAB8t7D5Cypm/1AUFmvhLiWnIJJw1L9BN8fWdnM5Tlc0kx79A4MVIK2eQdTPWVpwRgVOOTNTwaErfDKRBjzm4eqVjTSUs+djU47z/APg46bUXAFcH6BoxDsEGsRizXHEMp9UpOAyfJDrk/cqfKpIh4ZHAlVfTz/LpN2wk5qRnkac1XUICBEDleByqxy1kHe9DBdZyDwEqudqjOYPE7WnEp8tbp6v3Q3jddcaB3yNCURml0XaMPvA= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?kDP7JcRao/WPqOZFiSBoIqsFioE+UUjR5P65x9tbRRlto7IPgwexcnJnrR4X?= =?us-ascii?Q?2Wcnkvzj6yoWyAIliSPuEuSYrfxIA6D0AYuXXTxxvfs6P9ks9MJH6S1BAb42?= =?us-ascii?Q?B1Jdpuruk38SHQjapGjNOOUacIGK5SPKPdKgtSOoON1C+DC41/9IfHL2Cm8z?= =?us-ascii?Q?67I5s54GajwW5AqA1tYzsytP8Z+MwWhqFk42j5VyPJPK24H1P0108rpSEaop?= =?us-ascii?Q?mYosIHNClg1ZXZIP7uHWF+95HRmanhLjrJIPGHUVN0R7lN1sRumrMHt5JOp3?= =?us-ascii?Q?G5MMrIhDbs1IUPHdQQcb/3vRjfU3NbEoDbHzG17eDPPi1KC62fqfW5BBFqt3?= =?us-ascii?Q?wtG1YPDHo7Pa4B8WBjtb42+z8NaE4Nd+qfOLalgiYd7HPEFFlTi4ZxtTCFox?= =?us-ascii?Q?3RUWP2unv7FsolH2IjyEJ8Y5yHgiKanhzgQ5zsjKBkLnmKctXPIuz8tWUI5g?= =?us-ascii?Q?A1hdBM7w5wK/eYgY7xfdAzojQn7mg9nIssHigO19342r7G8POIGCTsKbN8oc?= =?us-ascii?Q?wsZCnZwtMG4/sIxes0WDpZk5RpA19FeEEjuVc87X+FvrDppXzvI1rTX5NXHI?= =?us-ascii?Q?ZKwOiP6KFR9A66x2Q8jG8OqvN5GGVCWT6YzkBYrNVIDn1j42GnkT+kzMbJCU?= =?us-ascii?Q?NjHOj2TRS05EYWi+S3hmOnpmLoASvlqiVQyE/i0KxtA+LzUbsOHS8pUEoBTx?= =?us-ascii?Q?4UFzyygGTs7SW2RBHHcWM3diq27i3/fEwBQmvBYbiR3CoW3gJq3C0Kc8+bL8?= =?us-ascii?Q?B1CJokFE96bEkitTSro+2vnC7ctEl+FGsvtr6fgtI2ShDj3/wGz5CDrpgDAq?= =?us-ascii?Q?W4jnxOEsk+OVvISrk7kEwpQkB/cv4CXublZsA1sVWVqPv/9O4VYj5t4/W+AF?= =?us-ascii?Q?gvJI+sRDW+aOyFJzJjq0sZw+2MRUEbTEIEYRy33YNjksc5IUsrxg5tbwuDDU?= =?us-ascii?Q?hzxMCSxYsq40tL7EW7U9PL7RfjvMOkgxuYUxjgTlQrVdf92HX+pxIdwiStxl?= =?us-ascii?Q?olRe49GCIZeBkBWIVPFrdrP7EXyXw9OBLZZ7em+WmN7GcE7jDZVhk92VSsbS?= =?us-ascii?Q?2pI0TeGjDZ13jGfI+SqbLy9BpHvtNbsXND5eGKEagsOePG9Jwzj5jkPMQw50?= =?us-ascii?Q?WckA1j7FisSwN6ARrBrL1TXkA1SpWxJhLuSkO2iRzWPXiVFG6YlgDFKEg8P/?= =?us-ascii?Q?yZoqOdP1UE5hEvWuh/rka9z9oYqiMBsLVEM9N3ltclK/AdtjpkzUV3jBp2m2?= =?us-ascii?Q?vQaY4LxaCJuGX284hZnt07WManXjEbJHUNdxotV04dsTbG48JmMl72v1E5In?= =?us-ascii?Q?LxkEh1H2tBYVGG7PJ8NFyXpr?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: c23b56a3-befe-417b-45ed-08d90bce67af X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:18.2792 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: uS6GJEZDfZejpo4moikyITDuadjroNK149oscxx3y8DAh0GyT17GgoLx7axBzKqa61W4hWFzk7Mw0UYdxKhCPw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4349 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: 7TITS8yDAk4F5j6ilnsYSRAGx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783551; bh=8mYY4PgJ36PH1ZiNE6XQ/qgFWe5pV6+aO8uOVvTz+Zc=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=QHNp/XA2VLauM5C7MrB1oZwHHIu36/kMEmd+p1GjKZLLrALzuel/bk3blJTszL9wLG9 JdiExnNjhxtrdBSs39RSfxg470SMMtuKkcASh3yHjRJwXT+WstyoeFXjYTdydj0KBznm6 FAxNpAMIVpbULyvnKC2C01mSg/nzgDcDEhk= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The PVALIDATE instruction validates or rescinds validation of a guest page RMP entry. Upon completion, a return code is stored in EAX, rFLAGS bits OF, ZF, AF, PF and SF are set based on this return code. If the instruction completed succesfully, the rFLAGS bit CF indicates if the contents of the RMP entry were changed or not. For more information about the instruction see AMD APM volume 3. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- MdePkg/Include/Library/BaseLib.h | 37 +++++++++++++++++ MdePkg/Library/BaseLib/BaseLib.inf | 1 + MdePkg/Library/BaseLib/X64/Pvalidate.nasm | 43 ++++++++++++++++++++ 3 files changed, 81 insertions(+) diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/Base= Lib.h index 7253997a6f..92ce695e93 100644 --- a/MdePkg/Include/Library/BaseLib.h +++ b/MdePkg/Include/Library/BaseLib.h @@ -7518,5 +7518,42 @@ PatchInstructionX86 ( IN UINTN ValueSize ); =20 +/** + Execute a PVALIDATE instruction to validate or rescnids validation of a g= uest + page's RMP entry. + + Upon completion, in addition to the return value the instruction also upd= ates + the eFlags. A caller must check both the return code as well as eFlags to + determine if the RMP entry has been updated. + + The function is available on x64. + + @param[in] Address The guest virtual address to validate. + @param[in] PageSize The page size to use. + @param[i] Validate Validate or rescinds. + @param[out] Eflags The value of Eflags after PVALIDATE completi= on. + + @retval PvalidateRetValue The return value from the PVALIDATE inst= ruction. +**/ +typedef enum { + PvalidatePageSize4K =3D 0, + PvalidatePageSize2MB, +} PVALIDATE_PAGE_SIZE; + +typedef enum { + PvalidateRetSuccess =3D 0, + PvalidateRetFailInput =3D 1, + PvalidateRetFailSizemismatch =3D 6, +} PVALIDATE_RET_VALUE; + +PVALIDATE_RET_VALUE +EFIAPI +AsmPvalidate ( + IN PVALIDATE_PAGE_SIZE PageSize, + IN BOOLEAN Validate, + IN UINTN Address, + OUT IA32_EFLAGS32 *Eflags + ); + #endif // defined (MDE_CPU_IA32) || defined (MDE_CPU_X64) #endif // !defined (__BASE_LIB__) diff --git a/MdePkg/Library/BaseLib/BaseLib.inf b/MdePkg/Library/BaseLib/Ba= seLib.inf index b76f3af380..d33b4a8f7d 100644 --- a/MdePkg/Library/BaseLib/BaseLib.inf +++ b/MdePkg/Library/BaseLib/BaseLib.inf @@ -321,6 +321,7 @@ X64/XGetBv.nasm X64/XSetBv.nasm X64/VmgExit.nasm + X64/Pvalidate.nasm ChkStkGcc.c | GCC =20 [Sources.EBC] diff --git a/MdePkg/Library/BaseLib/X64/Pvalidate.nasm b/MdePkg/Library/Bas= eLib/X64/Pvalidate.nasm new file mode 100644 index 0000000000..f2aba114ac --- /dev/null +++ b/MdePkg/Library/BaseLib/X64/Pvalidate.nasm @@ -0,0 +1,43 @@ +;-------------------------------------------------------------------------= ---- +; +; Copyright (c) 2020-2021, AMD. All rights reserved.
+; SPDX-License-Identifier: BSD-2-Clause-Patent +; +; Module Name: +; +; Pvalidate.Asm +; +; Abstract: +; +; AsmPvalidate function +; +; Notes: +; +;-------------------------------------------------------------------------= ---- + + SECTION .text + +;-------------------------------------------------------------------------= ---- +; PvalidateRetValue +; EFIAPI +; AsmPvalidate ( +; IN UINT32 RmpPageSize +; IN UINT32 Validate, +; IN UINTN Address, +; OUT UINTN *Eflags, +; ) +;-------------------------------------------------------------------------= ---- +global ASM_PFX(AsmPvalidate) +ASM_PFX(AsmPvalidate): + mov rax, r8 + + ; PVALIDATE instruction opcode + DB 0xF2, 0x0F, 0x01, 0xFF + + ; Read the Eflags + pushfq + pop r8 + mov [r9], r8 + + ; The PVALIDATE instruction returns the status in rax register. + ret --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74632): https://edk2.groups.io/g/devel/message/74632 Mute This Topic: https://groups.io/mt/82479052/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 18:16:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74633+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74633+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619783552507590.3286598591052; Fri, 30 Apr 2021 04:52:32 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id v3RAYY1788612x3Oghs1q6hv; Fri, 30 Apr 2021 04:52:32 -0700 X-Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web09.10434.1619783538721945423 for ; Fri, 30 Apr 2021 04:52:21 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KDJYC74QAJEiYNeQ4pmGY7IrwSofAWI22aD6KT0bYQgAToPxLhOO9RatsLmqizYVei72v+L2d8k70xOqjpK0NGPcDqUa9m2k2vnmzygpS4CqOPZPRSiVPYja5OtwDaf1NVeCmjnY57Jo7ylOq4rcKOtpBu/aT7PpA2KGK7K7qeC7DM3BKg/fS4+KdJTvChEmKuHQQubWhb8JvRvXJ1jAfqaF4ZDjuCTPKT9p+QSZroam8r2rDJv+YbnOXCDUbD4R56luv6Es5nxJZptT53lf5J0kfatp5oTHoffImKEpJnBmvfvhqSXEQ6WVCmmOE5ueJng1OU/2zIzxZNAZmsk42w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=loYcD+XSmt8gvowWGk69EVI4XXvJ4j0QQit+DUxbmRw=; b=ci8piOq48J05uJRivM1/IAyUxR3tqN3XURpFrvV32qD3hL3HrJl6FbM6nJcKhUF8+PDnUZmeXSUTjq8R3277bcisFhuCx7nNTQXwG8E8EgN32h6ul9NLcQQHGCQ0tpFLUQGSlAsreQFCZxE9dDLcjZC/lAd21jGYb6f7SzOeI38qjSHkSeS+2GTDZR4IaLPsUwYpp8mYys/MJm1WrDjQSSEhakfiSZUSKWNA7GZidhRmNFT5BFp1i5aGr6DSW9wqrdq1yTavlir7ud5KlQ32C8lQ5AX8w7dWreeGaiBZbvpbcUm8drd2ll6BQu6hXb466Pj3pGniSG6Qikhkxqr5kg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4349.namprd12.prod.outlook.com (2603:10b6:806:98::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.23; Fri, 30 Apr 2021 11:52:19 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:19 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 06/28] OvmfPkg/BaseMemEncryptSevLib: Introduce MemEncryptSevClearMmioPageEncMask() Date: Fri, 30 Apr 2021 06:51:26 -0500 Message-Id: <20210430115148.22267-7-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:18 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: cf3998f0-48f4-4557-2c63-08d90bce6823 X-MS-TrafficTypeDiagnostic: SA0PR12MB4349: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6790; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: r3tXmzhNNDIOyOOD1DgmywDPgXEuFdIRRpNT4MsY0d8hWc7RQdJ5Bakqc8/EJtH/1BZMVQGLnvTnNoB1MkQTzt8IOZVbMok4Oaj1nYwTk1wcYVexqxYOLuur22OTbxtLDL4g5c3HHwice9ceCbsL35rrIkYBAVlwQ1DLX2BI0qzCsnY/Rf3fU5trB8A4M8f24EU9r6AaUfoiaHS49CDEG9H6UgB6DrbuXd6YF9/XxA5Lhf9ji9KEhlw8nMJ2WnDvUlWsNtNWpTmUIz/owmvtI6g7cMAagYRAx+l4YwVKyDlMV1CaEpzSERM65XM53MuF4PdK2Xh1UMnym/70FlEo2G410ipm/EkniPY2wUVXvvFt5Nqx/NF1LdPURubqoBSd0mOOmfwiFDZs3HIvp3kMYm3l3K57y+TOyOK5CB5xAcivzehDnKHSNekCYQD47mXftqQeY6Ebbxf3Lt647q318x+RuZJBo/8w2zk8V+x3/K/GjvnAu40hNU/mCmUA0biM+vKqQ8YzNHb5wVmtGShIDtfZgVSdiQ1Q10VSirVcRcYp6ftW1s67vqnw9x7LLs4folv8jUDArJmtLt2hM+loygZ0J6X7rJF0mRj/4c9CLy6jJ9J/uTtO8dJNQy3wCieg6eJdtEpbHTrATDkGZKMhVeVJ19+N05kEDG4KWE7nhmI1jOcMKAMiGz6eN56Qe+fl4MWHnxZc94FCvTyFOWYJDGx6+BDgrFe/BUpvIBL/HeTd3m2zpCyLHTL7nBhphIqIVJJZ2LuYwa1NVb2zxU232Q== X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?1/Yla7NVYO+W5IELTw0qyf2vAXz5Ctfw+/8+CNyGeDlF3BgRrEF7L3geW/BF?= =?us-ascii?Q?tmRcy1gH5BZMcEs3gWFOW/JR9j3YbFZRLqf+7U3V5Mx/O5bg5KgUMTaHTmtj?= =?us-ascii?Q?aNDbm1/kYePwbcFx+TzqCYjB3ctOTlAYzKdnos97DD3AxNnYtwC5Q8HaTGXI?= =?us-ascii?Q?jVapL12MwhTPIeh9NRN3ZpOuKD3M70XhxKt/qQlF8xmCzSpnLe9xqQ5HAAOa?= =?us-ascii?Q?DjJEdk17zT659LOZwUOpQFO/DN9KDsBWpD9P3JI5/WIv5EEZwnlrb5zdKpt6?= =?us-ascii?Q?StNsXFBoK1ibX1R5uPnAqIantXvqSdNFJFHK/q0xiAD+gcvrDJkDMNGGWyMF?= =?us-ascii?Q?gdMkl7teFp117WtX0/LbH+Z4qoNMS1SN3pDfLq2fLN4+WPOjpP8QPVADtr4S?= =?us-ascii?Q?kdEkjH/lAXpz/hCXZsquQ30FfGdvIq8kD5sleI4znyBmJ5/nKtuq6aB2NZOb?= =?us-ascii?Q?DEb9cgjeloBYRI9j6/DqLkJeB6auxqjlNPuh6y0rmzX9maXqyeFU8yLAzPg5?= =?us-ascii?Q?4AxOU0ZxzF6QRIPXXF7DtKbMayxg4UFB7zazu230YHeCCT3EtLr/PEDioAB/?= =?us-ascii?Q?7kViI3obDeoFX4hZNlzJbpzzu7rzhXwqilTcqx5FwxXU3GIfrn2cwqE3VFcN?= =?us-ascii?Q?iTe8vtJ5KYzPp2RgzdQgMfp2ypSGo2BaZMIM/1XYEOa0RytgKk43iN3Z7W+c?= =?us-ascii?Q?qxCYS8rLRhIgVxdvLeDiu1NlbzYIa7T/abJJ+BTrotb6UgODSfXB/WwAUYwV?= =?us-ascii?Q?xAv4d/JnpxixyFn5dUo7B+WetZG+wNgVW//FJDjM7eY6duNqHQ7ECzpCIPJm?= =?us-ascii?Q?kfKdHBxdahHWtKtgUUMlosiTL1yQM0DaAsDRVVz6jV0ydRBY5ktZP6vZOtjv?= =?us-ascii?Q?Sc8VNr93pGmj2501x8efXi6g4wq3xf9j90LBEn7G9s2c/czXLz7It419F70R?= =?us-ascii?Q?LaiZ8RmGYlm1j1Bea6Y4ZGMh/by4mxqBYx0n2iIlSKLA0A/hnKpgGFKH/lDT?= =?us-ascii?Q?GmzfldkrA4NEpOWlyZIYa5pVKJKB4dme9Ulpo36cDAqyOH8BBTerNEiP9/6K?= =?us-ascii?Q?U1mZwQXbCOLvDXLVfcmruZQ1qzcQ3w9jOkw8ppHuDBOg1DeTP9D154u/9Yej?= =?us-ascii?Q?6LIYUFQRFkrfBlMJYFGmqBx6RkduokLznGG9gF/6VXPba7sHVPeIu0doIInJ?= =?us-ascii?Q?4Ol3gb7JeZ9gudaE2hKB9VwMJL6ucwuLA88rodsg78r78lqkqO/Be105MjKk?= =?us-ascii?Q?5FDBo4cCzl0A6veORNYvauJ/m5yd1TJ25bFtb0a/IPLHmesmHHSO+zTfirwA?= =?us-ascii?Q?qbyii4P/vOiiGuf/mHvE7ajw?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: cf3998f0-48f4-4557-2c63-08d90bce6823 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:19.0058 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: FkzuXnHA0P44Nc6eG77WPWZ37YuR8zwQKbhgoVS3PmyPx0YjJ5xQJopDIMnjzbgNiPpeIIbnGZs/O855iBr5Uw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4349 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: xNxiScA3DC58k92TKeFjU3B3x1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783552; bh=X3evxvVhwApQDSJoPPSH5cc2bhHd/zC4R5tjbaMa5Rg=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=m6bfxFr87Kd04ibxPMmCLMOkQAZGum7V367ID4SP1kLN6itZRQggJGR9vtuyrEDgquS vMtg5AkXQDXsyzn8hsZOyny94Go8mp5IWlA0e0pQHCfTkeotoQNXRTkSFmeJnAkHkx21Z n51SbNcv9cgouRdn21FDhLpuOB3v2IqMgnU= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The MemEncryptSevClearMmioPageEncMask() helper can be used for clearing the memory encryption mask for the Mmio region from the current page table context. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/Include/Library/MemEncryptSevLib.h | 25 ++++++= +++++ OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c | 31 ++++++= ++++++++ OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c | 33 ++++++= +++++++++ OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 44 ++++++= ++++++++++++-- OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h | 23 ++++++= ++++ 5 files changed, 153 insertions(+), 3 deletions(-) diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/L= ibrary/MemEncryptSevLib.h index 99f15a7d12..c19f92afc6 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -203,4 +203,29 @@ MemEncryptSevGetAddressRangeState ( IN UINTN Length ); =20 +/** + This function clears memory encryption bit for the mmio region specified= by + BaseAddress and NumPages from the current page table context. + + @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use + current CR3) + @param[in] BaseAddress The physical address that is the sta= rt + address of a mmio region. + @param[in] NumPages The number of pages from start memory + region. + + @retval RETURN_SUCCESS The attributes were cleared for the + memory region. + @retval RETURN_INVALID_PARAMETER Number of pages is zero. + @retval RETURN_UNSUPPORTED Clearing the memory encryption attri= bute + is not supported +**/ +RETURN_STATUS +EFIAPI +MemEncryptSevClearMmioPageEncMask ( + IN PHYSICAL_ADDRESS Cr3BaseAddress, + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages + ); + #endif // _MEM_ENCRYPT_SEV_LIB_H_ diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c b= /OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c index 12a5bf495b..4e8a997d42 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c @@ -111,3 +111,34 @@ MemEncryptSevGetAddressRangeState ( // return MemEncryptSevAddressRangeEncrypted; } + +/** + This function clears memory encryption bit for the mmio region specified= by + BaseAddress and NumPages from the current page table context. + + @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use + current CR3) + @param[in] BaseAddress The physical address that is the sta= rt + address of a mmio region. + @param[in] NumPages The number of pages from start memory + region. + + @retval RETURN_SUCCESS The attributes were cleared for the + memory region. + @retval RETURN_INVALID_PARAMETER Number of pages is zero. + @retval RETURN_UNSUPPORTED Clearing the memory encryption attri= bute + is not supported +**/ +RETURN_STATUS +EFIAPI +MemEncryptSevClearMmioPageEncMask ( + IN PHYSICAL_ADDRESS Cr3BaseAddress, + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages + ) +{ + // + // Memory encryption bit is not accessible in 32-bit mode + // + return RETURN_UNSUPPORTED; +} diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c b/= OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c index 4fea6a6be0..6786573aea 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c @@ -118,3 +118,36 @@ MemEncryptSevGetAddressRangeState ( Length ); } + +/** + This function clears memory encryption bit for the mmio region specified= by + BaseAddress and NumPages from the current page table context. + + @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use + current CR3) + @param[in] BaseAddress The physical address that is the sta= rt + address of a mmio region. + @param[in] NumPages The number of pages from start memory + region. + + @retval RETURN_SUCCESS The attributes were cleared for the + memory region. + @retval RETURN_INVALID_PARAMETER Number of pages is zero. + @retval RETURN_UNSUPPORTED Clearing the memory encryption attri= bute + is not supported +**/ +RETURN_STATUS +EFIAPI +MemEncryptSevClearMmioPageEncMask ( + IN PHYSICAL_ADDRESS Cr3BaseAddress, + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages + ) +{ + return InternalMemEncryptSevClearMmioPageEncMask ( + Cr3BaseAddress, + BaseAddress, + EFI_PAGES_TO_SIZE (NumPages) + ); + +} diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c= b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c index d3455e812b..3bcc92f2e9 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c @@ -557,6 +557,7 @@ EnableReadOnlyPageWriteProtect ( @param[in] Mode Set or Clear mode @param[in] CacheFlush Flush the caches before applying the encryption mask + @param[in] IsMmio The address is Mmio address. =20 @retval RETURN_SUCCESS The attributes were cleared for the memory region. @@ -572,7 +573,8 @@ SetMemoryEncDec ( IN PHYSICAL_ADDRESS PhysicalAddress, IN UINTN Length, IN MAP_RANGE_MODE Mode, - IN BOOLEAN CacheFlush + IN BOOLEAN CacheFlush, + IN BOOLEAN Mmio ) { PAGE_MAP_AND_DIRECTORY_POINTER *PageMapLevel4Entry; @@ -852,7 +854,8 @@ InternalMemEncryptSevSetMemoryDecrypted ( PhysicalAddress, Length, ClearCBit, - Flush + Flush, + FALSE ); } =20 @@ -888,6 +891,41 @@ InternalMemEncryptSevSetMemoryEncrypted ( PhysicalAddress, Length, SetCBit, - Flush + Flush, + FALSE + ); +} + +/** + This function clears memory encryption bit for the Mmio region specified= by + PhysicalAddress and Length from the current page table context. + + @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use + current CR3) + @param[in] PhysicalAddress The physical address that is the sta= rt + address of a mmio region. + @param[in] Length The length of memory region + + @retval RETURN_SUCCESS The attributes were cleared for the + memory region. + @retval RETURN_INVALID_PARAMETER Number of pages is zero. + @retval RETURN_UNSUPPORTED Clearing the memory encyrption attri= bute + is not supported +**/ +RETURN_STATUS +EFIAPI +InternalMemEncryptSevClearMmioPageEncMask ( + IN PHYSICAL_ADDRESS Cr3BaseAddress, + IN PHYSICAL_ADDRESS PhysicalAddress, + IN UINTN Length + ) +{ + return SetMemoryEncDec ( + Cr3BaseAddress, + PhysicalAddress, + Length, + ClearCBit, + FALSE, + TRUE ); } diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h b/Ovm= fPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h index fe2a0b2826..99ee7ea0e8 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h @@ -126,4 +126,27 @@ InternalMemEncryptSevGetAddressRangeState ( IN UINTN Length ); =20 +/** + This function clears memory encryption bit for the Mmio region specified= by + PhysicalAddress and Length from the current page table context. + + @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use + current CR3) + @param[in] PhysicalAddress The physical address that is the sta= rt + address of a mmio region. + @param[in] Length The length of memory region + + @retval RETURN_SUCCESS The attributes were cleared for the + memory region. + @retval RETURN_INVALID_PARAMETER Number of pages is zero. + @retval RETURN_UNSUPPORTED Clearing the memory encyrption attri= bute + is not supported +**/ +RETURN_STATUS +EFIAPI +InternalMemEncryptSevClearMmioPageEncMask ( + IN PHYSICAL_ADDRESS Cr3BaseAddress, + IN PHYSICAL_ADDRESS PhysicalAddress, + IN UINTN Length + ); #endif --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74633): https://edk2.groups.io/g/devel/message/74633 Mute This Topic: https://groups.io/mt/82479053/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 18:16:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74634+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74634+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619783542956470.15726126314564; Fri, 30 Apr 2021 04:52:22 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 1A4bYY1788612xvujii8b8LR; Fri, 30 Apr 2021 04:52:22 -0700 X-Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web09.10434.1619783538721945423 for ; Fri, 30 Apr 2021 04:52:22 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZmmpjELLc0Y4FG+Z95c/+F0KTkc06LQNBNFYY+4f+xkjuTS+ZvUVKEyUbNTmBPXZj0jvNi4vdLM8irkyHE4/zZgjHWw5If50vM2c50Eqbt++K2XC1gVNQtVhugBCq8g+xnvC3jM8nM7WAC4GgqaIkOflJ1f81Cmzt0/lara2NHYwHfgRVo+ot55i74igV2K7+Nxg+TU7nbeYmyurhDnCV1qg99NN73uEgicbYXiYlhowGUNBHFxDCW08ql+Gterex0I6QQDap79oJqix88yJPQCIFKaIR7bvm0wOQKhlurSy5c1MlxeQ8NdQhFVkdhaXtYr0u5UilDB5mf1+U5rcuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Byhfge6Nvsxtftjtpo0JvnbTd2aoR7vZz2tST6qCeG4=; b=b5vSUg6QH/OEBQqYm8M9E6Pw1/7eDxR6P9S2zOEMDaXXbGmqBW16eMsWfL9PzWoYO0kWQwpE8alQiGSFYf83ZyuGeWhjWoeY+iSxgXpZH4jNA9o0nZe628slDAws9wwGWJqr2Rr3tb+eVluU2P/hEu5HgNfdHQ5RsgBpQaTOEWyDOgrbikcz1qbqr9fXW2Q7zAYLzDvA3LAWWWXvhevfMxFMnIew8pA3FipTp2rSvaWFsrjPkQYgEAk2b6VrWmEW6aDp0C6TvqgRWs6ZFdlyKKkR/u9g8TX1zJBWVe1r8+6aWb7uv7JBB2ENRiz4niG9Vm/PZhXif/Ap7yU9XeK12Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4349.namprd12.prod.outlook.com (2603:10b6:806:98::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.23; Fri, 30 Apr 2021 11:52:20 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:20 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 07/28] OvmfPkg: Use MemEncryptSevClearMmioPageEncMask() to clear EncMask from Mmio Date: Fri, 30 Apr 2021 06:51:27 -0500 Message-Id: <20210430115148.22267-8-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:19 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 9580fd44-269f-4e39-34cc-08d90bce68df X-MS-TrafficTypeDiagnostic: SA0PR12MB4349: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: K+KKX31megSKJy1piVJETgsS+3qvLJPtbR+tiAsksnmxcLXy0/Oizy3z1JhzMrEXKo63HrdcFqve79d9ZdTQEhRnt3d3XaPoUM3IuaOWOvx36+OX9DiTBsZabiv7n+5CgTuFh/BJSbkIjD2Q7iP28/FUydbVLbDYHfNffprnzd90n7unM1K+LoiI8TZvgv4ao45r4TyydTJWWCNmRXpGXXSoJrGmd+RjRQbMkxj8zLk+XficxaAcPB7+w4wEV/UScTEkUn2vKfJO5JPfI6Bl97iaO6wpHvdZjm21gheqBZZ8AzcxK5FNTZ8SFvJQ+iJnoGOEcAw7W/qyZlAbDPrUnvlaY6Ww5fMgJig7t6t0LypL2ghVQNOa8QjZmzygCxaNnZNsGSuGFh9Zu4ekwmO3iYY1A/ws5qqft1p31RmqC8nQAq+nKbfx8GgtOrxJrQp8lVJBiwiNpICwEHL7qTwldE+np4Xe8cNjO03DqD32arU1B6Kx0V3Hr0s7j73hj6SCay/2DUpzi2yrLgs3I8Laf6NKrrksqtiA09X0ggZP3PB2LAeYEFhatRwkm9ZUskguBJZ9giwwtoEnXrWHdnfuzCsHgzk1sYlyJWjQYGD5d7dzu132E3suE7Urb6cvoJwiOX9gHDUlq8Xmgoq6+lTrENBVUtJ7xyJaA4u6gbx72XPCQZYIQUxA00WiDlxrpU8Vy03zuWn4fk6Sv5vrS8THSC7s89lCn5mgbwyVOz6eQw4bFFiCwoawTY8C3ZuzmKc1N9YvV0FUmLyIsKmlACz70Q== X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?CWyiIWOKANzInLM0z7h8uuFdpuGIPTy5pDcrJuAOe9OATOd3yzrhp0JxK19F?= =?us-ascii?Q?yxGEctOjJx4vf2CBgydwVZB/hNrQmokFM3vFFNIN5yyPbOvBF0DY+QBzv+8j?= =?us-ascii?Q?9ZRpoModJx6+GyRPu4Wz5Ckx69QyR70LgtxhIHDzysCkTvOgIgpfA5utFHpO?= =?us-ascii?Q?Aieoo8v/YYPVn1gX0AqLgBUiYJmht/08tLzXyYkT2EW+alkFZLzcFV5ofcdG?= =?us-ascii?Q?CwBHh/I2XuRDpVIyfVaDu5Ky13AcQk7ur96wX3HI/cIZuRw1xJRgjd773whu?= =?us-ascii?Q?Oq7Xm89VDqc1BQ3gbUnr9Zyn0VkIP42nCms9j5Z7jic8GvvWPK00YB0Ot48Z?= =?us-ascii?Q?m9Lzz27JkXK4TgZdACtygqUuEQARPRFoOEIInVs1MvN3T7mFSM8dAILLqBlI?= =?us-ascii?Q?QMKrPJTswzzha2uLrS5mOt/3Y+QYavWoyl3GEhZTdOQ4LGcWx7gpBcbUzGK6?= =?us-ascii?Q?BJ7ciPz8H0MLNHlagsYHVprnqelqJB4wzdZ703xax1SBmITxdgnTv+A5TXRA?= =?us-ascii?Q?nJaOtgI7mUzvQqjOX8Tv74nH9P2vy6pgXJAgNd12lCYjCAvvZLRsQU1CLq1C?= =?us-ascii?Q?jcHw5A8dvC+RLNgK7P78x23L+mSxP4G5ZbfdZCvxNmWlbAz1IoX7uwsw7gAr?= =?us-ascii?Q?FEwot9Z07Qbn0s+/Q5k+FfQ6ptDQxqMEwS8fX/i8xe9afTRe8yqDvQdloUxW?= =?us-ascii?Q?RWDiNZSZ8aHaXP0w5KlNk390WgKke7grU8c8gGsB54rAiyC3xZu7L2NSia0y?= =?us-ascii?Q?WLcHjFwSrNNk44a1Tmpz3JdwwN8eP+UOy44cg92fgvoc6ipN9Ebr8Dp2FpcB?= =?us-ascii?Q?OXIa+Ga0QvOdqLbWG/FxtREnBvIgTN0JHdtGZJd4BkXstsBevfAz/5pKH/Y+?= =?us-ascii?Q?YfR5yBxbny6d6pcMALvTlb5eTljvceYRYQaI8o7bfkbd1dRElJaNrFUCaEi1?= =?us-ascii?Q?ALajmumUg7Scycs2lgBlOgzh6fvpQDmpIcltNw2LGnvT+DmqcdbyrzPUPMeZ?= =?us-ascii?Q?HPH+EareUmhNWwzzuJXoMu/wGsidJ0yuYcr4fiLD+7aX4iiDoRqikfxE5wwu?= =?us-ascii?Q?SYr8E3XnbUFP68McBlN+wIwRkm2i5oq4Jv443zHqoTgTJU6Sty+PWkEFcz5c?= =?us-ascii?Q?DRYmVOI7e4CYKmC0UMGQhr1ecURnFoDlg5fPRIju7ijPWramEyxdE1DZlfwA?= =?us-ascii?Q?grONKsU1LM6djrrXkx3NPdNMyphTRyrBbuO1g2lEGHeO7SIG2k/loFC47PYe?= =?us-ascii?Q?Cyar0Hul6P5aKrEi1l5jsp6l8W+Tp+C/GgUVcOOrqZCAw3QgCNb267+gsNX1?= =?us-ascii?Q?/QiLsbBxV7VsgH4khze8Rytz?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9580fd44-269f-4e39-34cc-08d90bce68df X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:20.2111 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: EsFWt1bFP9RXl1Xft1amRXvzJcRVWl1R7e6G1rwkW44ktgP3jC9ptGM3usGPIlf4sJuM5tM3YsmGIGpBHrkKeg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4349 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: LUMWaNHpxyk1EQGI1wPTTLhDx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783542; bh=FPJfTij6Vgi7Klfn49HwvV3/UOwaadFp0x+txjUlWTQ=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=KwYTIv1ME42RTb01OJzBTFvTqpp1QAHiKBiwORNPV7vdF2zp1/6+uvYQ/2Xhdc9mrNZ FtCT9jm1icmSvk9ZmW53ByDO5aCPesWhDsY69rphYee9PfkNibQ4CYebWTrzoHM9Q5698 4vDwi3OeeMw7WdNjkZ6IKOccWImxYPjICfg= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Use the MemEncryptSevClearMmioPageEncMask() to clear memory encryption mask for the Mmio address range from the current page table context. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/AmdSevDxe/AmdSevDxe.c | 10 ++++------ OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c | 5 ++--- OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashSmm.c | 5 ++--- 3 files changed, 8 insertions(+), 12 deletions(-) diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c index 689bfb376d..80831b81fa 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -53,11 +53,10 @@ AmdSevDxeEntryPoint ( Desc =3D &AllDescMap[Index]; if (Desc->GcdMemoryType =3D=3D EfiGcdMemoryTypeMemoryMappedIo || Desc->GcdMemoryType =3D=3D EfiGcdMemoryTypeNonExistent) { - Status =3D MemEncryptSevClearPageEncMask ( + Status =3D MemEncryptSevClearMmioPageEncMask ( 0, Desc->BaseAddress, - EFI_SIZE_TO_PAGES (Desc->Length), - FALSE + EFI_SIZE_TO_PAGES (Desc->Length) ); ASSERT_EFI_ERROR (Status); } @@ -73,11 +72,10 @@ AmdSevDxeEntryPoint ( // the range. // if (PcdGet16 (PcdOvmfHostBridgePciDevId) =3D=3D INTEL_Q35_MCH_DEVICE_ID)= { - Status =3D MemEncryptSevClearPageEncMask ( + Status =3D MemEncryptSevClearMmioPageEncMask ( 0, FixedPcdGet64 (PcdPciExpressBaseAddress), - EFI_SIZE_TO_PAGES (SIZE_256MB), - FALSE + EFI_SIZE_TO_PAGES (SIZE_256MB) ); =20 ASSERT_EFI_ERROR (Status); diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c b/O= vmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c index 1f285e0083..ab40087a84 100644 --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c @@ -205,11 +205,10 @@ MarkIoMemoryRangeForRuntimeAccess ( // memory range. // if (MemEncryptSevIsEnabled ()) { - Status =3D MemEncryptSevClearPageEncMask ( + Status =3D MemEncryptSevClearMmioPageEncMask ( 0, BaseAddress, - EFI_SIZE_TO_PAGES (Length), - FALSE + EFI_SIZE_TO_PAGES (Length) ); ASSERT_EFI_ERROR (Status); } diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashSmm.c b/OvmfPk= g/QemuFlashFvbServicesRuntimeDxe/QemuFlashSmm.c index 7eb80bfeff..ea75b489c7 100644 --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashSmm.c +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashSmm.c @@ -38,11 +38,10 @@ QemuFlashBeforeProbe ( // C-bit on flash ranges from SMM page table. // =20 - Status =3D MemEncryptSevClearPageEncMask ( + Status =3D MemEncryptSevClearMmioPageEncMask ( 0, BaseAddress, - EFI_SIZE_TO_PAGES (FdBlockSize * FdBlockCount), - FALSE + EFI_SIZE_TO_PAGES (FdBlockSize * FdBlockCount) ); ASSERT_EFI_ERROR (Status); } --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74634): https://edk2.groups.io/g/devel/message/74634 Mute This Topic: https://groups.io/mt/82479054/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 18:16:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74635+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74635+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619783548893260.6131382931778; Fri, 30 Apr 2021 04:52:28 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id whKNYY1788612xpWA8YMyJls; Fri, 30 Apr 2021 04:52:28 -0700 X-Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web09.10434.1619783538721945423 for ; Fri, 30 Apr 2021 04:52:22 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bq077Z0NLTlmGr4p+bhkyu5b9T5M8JQIjlZ7yvilUF25tu0vgSTqsUP+cNF2Eiu0N2SKMaIms1bsg0QmbDDnAFD8pU2DqhsQIlnCJWdvQ2ckzIXuygxvWMhp0/q+jRlA9sHmiG0o46rHXwESIOHMltlKWkO2juRqVi2iGyrJe0B+B+kOEna+USQzItLUBZYMce2g0P+sTd216rRIebX3KcA/4IpiiO+ZUcWYQ/QCKJyZAusJYYjK6Dk31cVwIjgPEOUBrKgY9CC3jsq784VyYVE40Wv7WDg4/mIeBzueQGCDSdsZaGw4lS7Z/VfzjdlFu31iZ4pi6oRiBdjTJMElYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YFMowrhnR2HwSvz/CptjmjzY0cJJl7kh/1O4tNKcwNk=; b=c/qxQkXNjQwTDdF86BEtW2uBp9EVpKKiZ2oAhz0zzfXsIJdyZfiChvX8b7/AaI+Qyfkpccpm21pJUd+W1SM9/OdLg5oTKj/iMML1cHprRY1bktmFuzJv5dUTjRswMzTiwrZftce2BUHes+xSi3bsOrWvbJvpFPfa2iI0jVJBxlqPOwHNKr1Pe8lTZ7QGCBnxC+/CHuEccbHCoSVtNt6ZWD3Pk2EtEesxfnn4cwXvCKtP6uWwRtZqZ8AnAw0RXm70nCgd2/FzlXAxbRKA+kuhZtmEiJUfMje4x7DZs4c13tQsEDRS1rUn6/pY64yve/sIzscxZ3tBrngeXVGq44v0MQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4349.namprd12.prod.outlook.com (2603:10b6:806:98::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.23; Fri, 30 Apr 2021 11:52:20 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:20 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 08/28] OvmfPkg/BaseMemEncryptSevLib: Remove CacheFlush parameter Date: Fri, 30 Apr 2021 06:51:28 -0500 Message-Id: <20210430115148.22267-9-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:20 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: a48aec71-cc77-4c99-9619-08d90bce693f X-MS-TrafficTypeDiagnostic: SA0PR12MB4349: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: hIHA4tgU7llxZ7ET58MBUeg2VE2xm9SGBPWVf4O5W8Gddfylx3Lnrgn+RIrD20UCVoBdhwnKR76R6kP6+sR41MUKAAFKyWAaAOgHQCrWZhlPQETJOYrY9Gj/5v5z5eW0VCgmWtvfiht9bXvGSG4hygFBWF000X/+LAzJDSgltFyHxcvajTK3PVuAtBJ7WEmfiWK7Z4UAN6rxfWLT33/18C1V8lEtrWEMcwGJXT29KM7lr+pY58APqsmfiPf0EeO9wq7PsIdO1MHkSZ7LFXNQ7GXwTWsWzmfpfl9K1TO+x4g2eVnGxXjsM0VAePCI8jMQJ36C75kSlGvDCb60bRlgqFXaLCYs0TMxlJ3sR/BuZlcaYSOOKFQwTZA3ocjt/L8Mf0+Sa8c8Ib4r7vfRk7OovsDO4WrAgOQ1wXjwdQCSlhUYFli/HSsOfeCe16sWYHR6iOdOhhTyzdw2/OFKJnJiRgXyOU6evQmkhxWpElTfJcEhR3iXnXq65oEu+8EaBYXMIFjFw/fpekPfKDj3oJYxWpdllpTpHAbfsDJ/6y+ktrF6C+XfgkKdrd5NmWDuwatQKYKV+A2IqYDUJHX8IDrbbiqwxlZEzdpD2ZzmWuj/Rf3Py/DuAK36CqqbRBGQL0RMHukOQZAEaBd9bL09Zzt3WMz8SEA8YVgO6jQpjYE+GQRKH8k3SwDkLd1TkbrjHUAT59pik3f27hYujoE6BZhYylS80sF1EwpbSjSvUge/96LJODyIAqNXb+mtRRtfR+QWFAHIGQY7vnjZ9Q4phbvq3Q== X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?5+JZBDDDHNjEJfM7Pw+XTgn/SbcT7JEYeHPAZvX9gNKTcvr/oxmh4zoGTwxY?= =?us-ascii?Q?QHd5XqS11aIMNWuq2VsSN8gCyC0GRQo7FvghcEy8YT9FiCDA2t8iozfPROuz?= =?us-ascii?Q?htWkgO72VgBRS3bYx95Jw63LRn8dCiFd7M8ylLbUNjOui67fRWq1losqmdNP?= =?us-ascii?Q?Y11bR/ygIJZbhfbBAKEqUwIz8zjFge8cUtu7EXwEDpQ2Dh4slbXkPAOBKRmP?= =?us-ascii?Q?qnTX17DA2BldK0wKeUzJK2kRnrFeW6HAAHC+27WEzFcXB1IqE5pHdLuArK0D?= =?us-ascii?Q?k1+/zyzVMc7kiRQYojjOcjBwYyqCqzhKgK83rXwJR37nNHmAtKpiqmuJ8HiX?= =?us-ascii?Q?5za/wpAEB14VHGm1JEJpUm6gZEEwGYEbHB/WS9jl45AOFUdhIGveg25+9u6d?= =?us-ascii?Q?7zY4iYMuFtFrdM5NyVqx49bnEhScQSZmrjhg5JOc8Rtd2cvTYQF1nu8cUbgn?= =?us-ascii?Q?0hDwfdYqjgYsZMpOFW3aDW6BwameZP7DOjKv2GH0dOkHnFpfeWtuIrwWVNJL?= =?us-ascii?Q?4eEwgd9N5CCaQoV6cyhSUzC1k9DyC157rjhTcLkb1ihfqLQZ2Q5FenVZSzS2?= =?us-ascii?Q?tJkfZalsQTj4JxGbPGC/hTWlRy/7dIDm71UI/hbV5hYWPiFlK4wtsPpa17eO?= =?us-ascii?Q?t7gh3YXkf6PLZ9pceXbj+tndWSvsbGopUDXSaOYaVrqSQWIn0qmSeivlkOX6?= =?us-ascii?Q?6icL6xSYU9ft2ydi2n4YXaCHRV0kN5SAWxn83543L/PoGtTdp4YZ6sPZK1dh?= =?us-ascii?Q?a3spAfjiexw/vTIVZ7ryD1Yih0m1o/QuPOjKfVxv+lwgHFATVPXj6lH7SIpQ?= =?us-ascii?Q?tGgHod14dNxxIPS/6XDwzFfFTrTpyuShjY04PVVJl1Fbc9r+skyEFa9G4l8w?= =?us-ascii?Q?q6q+tfQ2hhHRM9WWqK6sqHepffSupLoZmzDmekm/AlhmCUA9Ikj5ElXtXOO+?= =?us-ascii?Q?aeY8JKZUisWSIl3CNaYD81nk6S/t5fkubYMjIhL7qR3VKWd4VjhbDATMzi7a?= =?us-ascii?Q?+Heinl6GBHLGbZprOt1/CCjj2uVpfw7JV17On1W4lGYEmYAXBKAc0aUuBP7q?= =?us-ascii?Q?5lGbeH+uAs1of2iz2r0kVMdI2AnoUh7bH+kvUeQxmZDT14wqpUXHrh3XxWBB?= =?us-ascii?Q?X9R0bSGJtWcg4efOvmWZYpNUzym4auGDqNl5z63EqxVZ6SG4pOIG2J7foU8x?= =?us-ascii?Q?3jsP+O+8ZxJ6lxg8tcKX45OEHu1jLiucYxcDZSFiTH3Zy1NhY1fmIIYrsqqy?= =?us-ascii?Q?EtVu1rzLh/IMq0crVUnqgodfspAgrFDj7x50hTK5GMMhVCFtgkyPSOTUQD//?= =?us-ascii?Q?veMOKQPhR6y5tvEW8zJ4ga0C?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: a48aec71-cc77-4c99-9619-08d90bce693f X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:20.8358 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: nwejc44sOKbm2uIkAyxj71agDO6Id2S6QPg0yk53EntkBAueoLu5RxW+vql/tagydItCyk41XbSGy9KVl1twCw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4349 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: bA5fSEMiQw3eRxxesI6yTp63x1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783548; bh=SZRe0q83dkiAxO8V3h9DxfoReHrnkhl9PdQzAGDOrk8=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=BCkmEjSpvz3IVisyOY4uEODPIMwE+dSbl/rV5sCHH/nn0Dk/rMpaC0Dkwq4uZsw6x54 rI1E7kAZEvBZfqwvl3BiM7317wCb6xey8+dAKROlk40OUS1ShtBdzm0emwB4FCURxwjRS AVzI/UHv40lv66Hq1vNIKhjLRk72Rn+/9Dk= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The CacheFlush parameter is used to provide hint whether the specified range is Mmio address. Now that we have a dedicated helper to clear the memory encryption mask for the Mmio address range, its safe to remove the CacheFlush parameter from MemEncryptSev{Set,Clear}PageEncMask(). Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/AmdSevDxe/AmdSevDxe.c | 3 +-- OvmfPkg/Include/Library/MemEncryptSevLib.h | 10 ++----= ---- OvmfPkg/IoMmuDxe/AmdSevIoMmu.c | 6 ++---- OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c | 10 ++----= ---- OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c | 16 ++++--= ---------- OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 14 ++++--= -------- OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecVirtualMemory.c | 8 ++----= -- OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h | 10 ++----= ---- OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c | 3 +-- OvmfPkg/PlatformPei/AmdSev.c | 3 +-- 10 files changed, 21 insertions(+), 62 deletions(-) diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c index 80831b81fa..41e4b291d0 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -120,8 +120,7 @@ AmdSevDxeEntryPoint ( Status =3D MemEncryptSevClearPageEncMask ( 0, // Cr3BaseAddress -- use current CR3 MapPagesBase, // BaseAddress - MapPagesCount, // NumPages - TRUE // Flush + MapPagesCount // NumPages ); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "%a: MemEncryptSevClearPageEncMask(): %r\n", diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/L= ibrary/MemEncryptSevLib.h index c19f92afc6..9b15d80931 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -100,8 +100,6 @@ MemEncryptSevIsEnabled ( address of a memory region. @param[in] NumPages The number of pages from start memory region. - @param[in] Flush Flush the caches before clearing the= bit - (mostly TRUE except MMIO addresses) =20 @retval RETURN_SUCCESS The attributes were cleared for the memory region. @@ -114,8 +112,7 @@ EFIAPI MemEncryptSevClearPageEncMask ( IN PHYSICAL_ADDRESS Cr3BaseAddress, IN PHYSICAL_ADDRESS BaseAddress, - IN UINTN NumPages, - IN BOOLEAN Flush + IN UINTN NumPages ); =20 /** @@ -128,8 +125,6 @@ MemEncryptSevClearPageEncMask ( address of a memory region. @param[in] NumPages The number of pages from start memory region. - @param[in] Flush Flush the caches before setting the = bit - (mostly TRUE except MMIO addresses) =20 @retval RETURN_SUCCESS The attributes were set for the memo= ry region. @@ -142,8 +137,7 @@ EFIAPI MemEncryptSevSetPageEncMask ( IN PHYSICAL_ADDRESS Cr3BaseAddress, IN PHYSICAL_ADDRESS BaseAddress, - IN UINTN NumPages, - IN BOOLEAN Flush + IN UINTN NumPages ); =20 =20 diff --git a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c index 49ffa24488..b30628078f 100644 --- a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c +++ b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c @@ -252,8 +252,7 @@ IoMmuMap ( Status =3D MemEncryptSevClearPageEncMask ( 0, MapInfo->PlainTextAddress, - MapInfo->NumberOfPages, - TRUE + MapInfo->NumberOfPages ); ASSERT_EFI_ERROR (Status); if (EFI_ERROR (Status)) { @@ -407,8 +406,7 @@ IoMmuUnmapWorker ( Status =3D MemEncryptSevSetPageEncMask ( 0, MapInfo->PlainTextAddress, - MapInfo->NumberOfPages, - TRUE + MapInfo->NumberOfPages ); ASSERT_EFI_ERROR (Status); if (EFI_ERROR (Status)) { diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c b= /OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c index 4e8a997d42..34e7c59e2c 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c @@ -25,8 +25,6 @@ address of a memory region. @param[in] NumPages The number of pages from start memory region. - @param[in] Flush Flush the caches before clearing the= bit - (mostly TRUE except MMIO addresses) =20 @retval RETURN_SUCCESS The attributes were cleared for the memory region. @@ -39,8 +37,7 @@ EFIAPI MemEncryptSevClearPageEncMask ( IN PHYSICAL_ADDRESS Cr3BaseAddress, IN PHYSICAL_ADDRESS BaseAddress, - IN UINTN NumPages, - IN BOOLEAN Flush + IN UINTN NumPages ) { // @@ -59,8 +56,6 @@ MemEncryptSevClearPageEncMask ( address of a memory region. @param[in] NumPages The number of pages from start memory region. - @param[in] Flush Flush the caches before setting the = bit - (mostly TRUE except MMIO addresses) =20 @retval RETURN_SUCCESS The attributes were set for the memo= ry region. @@ -73,8 +68,7 @@ EFIAPI MemEncryptSevSetPageEncMask ( IN PHYSICAL_ADDRESS Cr3BaseAddress, IN PHYSICAL_ADDRESS BaseAddress, - IN UINTN NumPages, - IN BOOLEAN Flush + IN UINTN NumPages ) { // diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c b/= OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c index 6786573aea..5c260c546e 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c @@ -27,8 +27,6 @@ address of a memory region. @param[in] NumPages The number of pages from start memory region. - @param[in] Flush Flush the caches before clearing the= bit - (mostly TRUE except MMIO addresses) =20 @retval RETURN_SUCCESS The attributes were cleared for the memory region. @@ -41,15 +39,13 @@ EFIAPI MemEncryptSevClearPageEncMask ( IN PHYSICAL_ADDRESS Cr3BaseAddress, IN PHYSICAL_ADDRESS BaseAddress, - IN UINTN NumPages, - IN BOOLEAN Flush + IN UINTN NumPages ) { return InternalMemEncryptSevSetMemoryDecrypted ( Cr3BaseAddress, BaseAddress, - EFI_PAGES_TO_SIZE (NumPages), - Flush + EFI_PAGES_TO_SIZE (NumPages) ); } =20 @@ -63,8 +59,6 @@ MemEncryptSevClearPageEncMask ( address of a memory region. @param[in] NumPages The number of pages from start memory region. - @param[in] Flush Flush the caches before setting the = bit - (mostly TRUE except MMIO addresses) =20 @retval RETURN_SUCCESS The attributes were set for the memo= ry region. @@ -77,15 +71,13 @@ EFIAPI MemEncryptSevSetPageEncMask ( IN PHYSICAL_ADDRESS Cr3BaseAddress, IN PHYSICAL_ADDRESS BaseAddress, - IN UINTN NumPages, - IN BOOLEAN Flush + IN UINTN NumPages ) { return InternalMemEncryptSevSetMemoryEncrypted ( Cr3BaseAddress, BaseAddress, - EFI_PAGES_TO_SIZE (NumPages), - Flush + EFI_PAGES_TO_SIZE (NumPages) ); } =20 diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c= b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c index 3bcc92f2e9..707db5a74a 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c @@ -830,8 +830,6 @@ Done: @param[in] PhysicalAddress The physical address that is the sta= rt address of a memory region. @param[in] Length The length of memory region - @param[in] Flush Flush the caches before applying the - encryption mask =20 @retval RETURN_SUCCESS The attributes were cleared for the memory region. @@ -844,8 +842,7 @@ EFIAPI InternalMemEncryptSevSetMemoryDecrypted ( IN PHYSICAL_ADDRESS Cr3BaseAddress, IN PHYSICAL_ADDRESS PhysicalAddress, - IN UINTN Length, - IN BOOLEAN Flush + IN UINTN Length ) { =20 @@ -854,7 +851,7 @@ InternalMemEncryptSevSetMemoryDecrypted ( PhysicalAddress, Length, ClearCBit, - Flush, + TRUE, FALSE ); } @@ -868,8 +865,6 @@ InternalMemEncryptSevSetMemoryDecrypted ( @param[in] PhysicalAddress The physical address that is the sta= rt address of a memory region. @param[in] Length The length of memory region - @param[in] Flush Flush the caches before applying the - encryption mask =20 @retval RETURN_SUCCESS The attributes were set for the memo= ry region. @@ -882,8 +877,7 @@ EFIAPI InternalMemEncryptSevSetMemoryEncrypted ( IN PHYSICAL_ADDRESS Cr3BaseAddress, IN PHYSICAL_ADDRESS PhysicalAddress, - IN UINTN Length, - IN BOOLEAN Flush + IN UINTN Length ) { return SetMemoryEncDec ( @@ -891,7 +885,7 @@ InternalMemEncryptSevSetMemoryEncrypted ( PhysicalAddress, Length, SetCBit, - Flush, + TRUE, FALSE ); } diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecVirtualMemory.c b/= OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecVirtualMemory.c index bca5e3febb..24d19d3ca1 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecVirtualMemory.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecVirtualMemory.c @@ -42,8 +42,6 @@ InternalGetMemEncryptionAddressMask ( @param[in] PhysicalAddress The physical address that is the sta= rt address of a memory region. @param[in] Length The length of memory region - @param[in] Flush Flush the caches before applying the - encryption mask =20 @retval RETURN_SUCCESS The attributes were cleared for the memory region. @@ -56,8 +54,7 @@ EFIAPI InternalMemEncryptSevSetMemoryDecrypted ( IN PHYSICAL_ADDRESS Cr3BaseAddress, IN PHYSICAL_ADDRESS PhysicalAddress, - IN UINTN Length, - IN BOOLEAN Flush + IN UINTN Length ) { // @@ -89,8 +86,7 @@ EFIAPI InternalMemEncryptSevSetMemoryEncrypted ( IN PHYSICAL_ADDRESS Cr3BaseAddress, IN PHYSICAL_ADDRESS PhysicalAddress, - IN UINTN Length, - IN BOOLEAN Flush + IN UINTN Length ) { // diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h b/Ovm= fPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h index 99ee7ea0e8..832ff10a33 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h @@ -58,8 +58,6 @@ InternalGetMemEncryptionAddressMask ( @param[in] PhysicalAddress The physical address that is the sta= rt address of a memory region. @param[in] Length The length of memory region - @param[in] Flush Flush the caches before applying the - encryption mask =20 @retval RETURN_SUCCESS The attributes were cleared for the memory region. @@ -72,8 +70,7 @@ EFIAPI InternalMemEncryptSevSetMemoryDecrypted ( IN PHYSICAL_ADDRESS Cr3BaseAddress, IN PHYSICAL_ADDRESS PhysicalAddress, - IN UINTN Length, - IN BOOLEAN Flush + IN UINTN Length ); =20 /** @@ -85,8 +82,6 @@ InternalMemEncryptSevSetMemoryDecrypted ( @param[in] PhysicalAddress The physical address that is the sta= rt address of a memory region. @param[in] Length The length of memory region - @param[in] Flush Flush the caches before applying the - encryption mask =20 @retval RETURN_SUCCESS The attributes were set for the memo= ry region. @@ -99,8 +94,7 @@ EFIAPI InternalMemEncryptSevSetMemoryEncrypted ( IN PHYSICAL_ADDRESS Cr3BaseAddress, IN PHYSICAL_ADDRESS PhysicalAddress, - IN UINTN Length, - IN BOOLEAN Flush + IN UINTN Length ); =20 /** diff --git a/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c b/OvmfPk= g/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c index fdf2380974..c7cc5b0389 100644 --- a/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c +++ b/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c @@ -283,8 +283,7 @@ SmmCpuFeaturesSmmRelocationComplete ( Status =3D MemEncryptSevSetPageEncMask ( 0, // Cr3BaseAddress -- use current CR3 MapPagesBase, // BaseAddress - MapPagesCount, // NumPages - TRUE // Flush + MapPagesCount // NumPages ); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "%a: MemEncryptSevSetPageEncMask(): %r\n", diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index dddffdebda..a8bf610022 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -72,8 +72,7 @@ AmdSevEsInitialize ( DecryptStatus =3D MemEncryptSevClearPageEncMask ( 0, GhcbBasePa + EFI_PAGES_TO_SIZE (PageCount), - 1, - TRUE + 1 ); ASSERT_RETURN_ERROR (DecryptStatus); } --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74635): https://edk2.groups.io/g/devel/message/74635 Mute This Topic: https://groups.io/mt/82479055/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 18:16:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74636+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74636+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619783549571984.7830253020821; Fri, 30 Apr 2021 04:52:29 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id CX7lYY1788612xsK4T6xaYIU; Fri, 30 Apr 2021 04:52:29 -0700 X-Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.42]) by mx.groups.io with SMTP id smtpd.web08.10381.1619783543755812561 for ; Fri, 30 Apr 2021 04:52:24 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MFjmtlUPkUjD6XtoBj7ZNM5xYTd5POv9eA0aWPNbr4iQ0Y667REiLqMZEsMNg51P2XU/DO5jJdkEPWMK83RN/dtAP3dHjvG01ixN8tF03JyBB5z5N3YahZf0CBNUlMpxeYnsTwDMrfERfN0qUd29KIlfPxHBk5Ae8U45YeZqVsGzjoPTeBpqDvmyYf4DgsBDsJh6R3cuL5NcJ99/nEw5Lx44on8eLkVPZCAine680O95CbAZ4pYFXm+ni7u/ugQWNOvb+pQGWxI6Fo5YvjhWRbszKFPyjOAY4VXrpA4XhfTTQfr8vFmkSrOqPlckwawPL+pyQBOkI1Dibkq2+ZYVUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WUEWYYr4RpwNijcGY6eM9kia2WrgjEzH4dUbFpeoWDA=; b=h2YbVx/ABmToc77flvNVAa1P6EsxvpONBuIHglwifJ+2P3TsTRHltM74X8Sfcno/Q1qBSDgeitnsnutsPjU0V+FAcqHbQKKnoVEGFxWwVfSkac1+XK6PLmfltXfGng7czQ752rBh9WYv9cMcE600rGZJQLtyuncDFag0lvBvKle9xqmPyA91Ii5KZ7TE2a39I+PeVSByJtTwU5i7ULNHSEPju1QLAf8genfhAwY3cPgiNjHoNr5yKiBWKsdxFtTm+TbJS0xm32KhY+x1F7yVokX8E/7Pk25kN9qQ/VO3YP8frMdkBR6MiPizFrr9fasbeqe6+vn2NMa+2MYYGfaI3w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4349.namprd12.prod.outlook.com (2603:10b6:806:98::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.23; Fri, 30 Apr 2021 11:52:21 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:21 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 09/28] OvmfPkg/VmgExitLib: Allow PMBASE register access in Dxe phase Date: Fri, 30 Apr 2021 06:51:29 -0500 Message-Id: <20210430115148.22267-10-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:20 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: a159adf4-5dd8-4378-c817-08d90bce699a X-MS-TrafficTypeDiagnostic: SA0PR12MB4349: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: g9j0O7vBcTQU5+DIQoA9quJk1olNrtlEIZGDsxxi9Q5vUb+Niz3W08yyFe+H6E3+0I8+9k+WD5IIjnkkLjpdk6KKNUTuSsQJPTGpVucVGvoWyil8z07JxAqbyZOtReHYj7VZ+cd/NwGJ+xvTJsHb1SKTxN3AxYUSwTynIkbJSTNh/9HI/Zxg17Gko+0vFvPLAo8DM73maqhyLWkcP9fahSICJGxhXP5FQYpWXzNaAu1d8SDxeTiZYtm3NoyPASQoKmRRgq8Q44XdigxwMAuYCuOAHeSTJKyI3NNj3O7iVBGTl4AUBiLKe2ZAf0ORs2HEvVaqhPNDO6aP0mG6aTXA/nnToz4pOtcx6DlJ03LigJfBP9oQ3mtWQQSHIuNzKUa5pDd24nXFPRlUSZJtqEgKsYTxACz3+f/agwmjoJeYHH3kjszr3wTgXa1O8YW/qPuYT0Iq9lReUC/gWevAwMzhpYu/kDkERtIxOKvdkMPmMbXuZdStvA1eo+O2k8SB1+X1QsVF5+EmfZDRSBfT3DaqGvpUKzZz40+kNGR7SQR5PCkQBH0WYJEm+b6H10eBuF52vF5yZiaAPMr5/Qi2J4dWHgIyaTDmkyn8n7q6IqcPmvwyEvEPF9H31ULOYYWflEJuVv0N45ZAWtEaS32Vjj3Hb9EhrORwJXeTzLgw7Fmk2zWwZdWCAxw4f785jrQDO5JbVPLgUV7EB+SCgI+iHV9hOm5oJrhOeMdU4ZbJmGKwaAM= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?c3p+ZKmttOOOnAv348p4r/Ju5X/ABDM4Bdy+nMrNNt28gMuUfkAHjvXMk0JK?= =?us-ascii?Q?Uv6lCVt5om/giKqPBtHxRrFlpjB9um5qzN+syMDFJNgvlq/3Hti9ciTx2Cl2?= =?us-ascii?Q?CdtCjbkjbRHGZHItki0SDS7P5qrmRH7+A/aKtt5Fwo6ut3G4zIQTz1+V+SLC?= =?us-ascii?Q?fy1mjWhcIfSwiTuSWzT1Vzd/8q7mApYuBTejXwGhGpUXNOubv1r/2k2jtQmH?= =?us-ascii?Q?8SIYJ00nPseoljJ/HoCk8v0HYJ2cp1eC/Aju3AAvEdZOHWbVjhyWLQPGIgTC?= =?us-ascii?Q?EoUn346sIsLT5eGlawK3aTh7mL0GVlaQLqc040T51q+vOW3Sdj0+ZxwCIcfZ?= =?us-ascii?Q?oybdSj5jP9dwm8BdKDEUEGM1K5mRJK3syOoXPe64yV7AfrcGlguwu4rYH0+c?= =?us-ascii?Q?OlVbZhlnd57UOi1WpqSZkI+zrw0xMHbWFr/md58oYLvUWcLaj/e0xhDgP5QL?= =?us-ascii?Q?v5Jvw/uwAXE+lFCeM9+woJrlGOI8uQNY4e1uwq644dV34Qq0l6W+osMJkGD9?= =?us-ascii?Q?sKdhwoN0QK/Vr4CZ3hf262WC4Hdk0FeRfLWSEimZlQ4o/v9N8Sbxs6le/ywh?= =?us-ascii?Q?paI++h3AaUTOzissMGthIaPfiD6q3i6tXyS0RAbbY/IO5fF7T9nyvV5ZZdwV?= =?us-ascii?Q?rfbO9qW0OzY0F8gREpNeAfNDqm3/6zDifcSgzqZZyj2hBVM+VkQSAHT19NTI?= =?us-ascii?Q?KPlnozELU36G01CCEQYQop56/+ByD+i4Yc8Uen9/oLZJpJNkznZKgRV8Sw32?= =?us-ascii?Q?Ub8wu6Kxs6QBOaDJEu6b7TGjQF2H3/f44FreEmkK6EItv0VugQMubudnZ9mw?= =?us-ascii?Q?F2sAL0TxsKEA5PoefVOBeLI7xxp1sq4rnf7q3EFBm0IdiFPTJKHZmKZH4Su4?= =?us-ascii?Q?Yn6DtdH3pj1SpxPR2ZSJICJUMvTP+hh2shaok3mbj85zu4wi/qLVKVw4WgJv?= =?us-ascii?Q?9Ui0VuFwZFJOIn5iQvixeMlwu3Cs7wC1WDjvVj4fEHU12fAmdUpbSEf/8W5h?= =?us-ascii?Q?iRsGQ5ySIr7u1kWNrZWEu+AGizB+/MjSKgCUIOmRKGAynJc/r8MAZpCuCTWv?= =?us-ascii?Q?trjy8tPhcl/06YEB8kZWPVJ7lz6OE5q5kHIrSwnx8OPNgoOxnVMjriaS79kJ?= =?us-ascii?Q?wBsks6cEUh2BwIPWlOi6byxcj+EGChWjhzlnmAFXXZnIlVG4A1iXLQ49YRJk?= =?us-ascii?Q?MzuZxM2kEsEVPXARbwZJKnpO16IPncKtNcxSU8NIpnm/bXcWxXvXeGjeTOi2?= =?us-ascii?Q?mkfD/E98YLrqNqxHLuO8BgiY7IDninFqb5YcrBwIQCTQ4blYhvNFjnkIymGm?= =?us-ascii?Q?NoDVQbfHR62q8i122gn+xhux?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: a159adf4-5dd8-4378-c817-08d90bce699a X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:21.4664 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: J+5l6OL1yUa4EMjU0ual8nP6PPaUQhKtuTJHJd1Ia3HZP/ZrZIDneCu5L3gNC5WKzZ0H/CYxlmtdAG0MTaucLw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4349 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: KatkTauBNxLlBsQmVhcD7z3xx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783549; bh=fKFD49fFVxEnb2ZvM/5dK/Njq8gwpmULwvTaqQNvqPI=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=TMze6n6nEud+E9HIzXn0vmQdYCWE5zUTFuHH4f79UVdGTDB5m5/49i2oTP3blyhNi7c rDS7Sfm6lK8kA0XAburk7XZMRHfJlEnxHjuD7A8/QPp4njk/VhbN0b5i41+eR81lLg6hE puoTetOGOnYJe0tyBwr0NtkAHQVbXEzK6SE= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Commit 85b8eac59b8c5bd9c7eb9afdb64357ce1aa2e803 added support to ensure that MMIO is only performed against the un-encrypted memory. If MMIO is performed against encrypted memory, a #GP is raised. The VmgExitLib library depends on ApicTimerLib to get the APIC base address so that it can exclude the APIC range from the un-encrypted check. The OvmfPkg provides ApicTimerLib for the DXE phase. The constructor AcpiTimerLibConstructor() used in the ApicTimerLib uses the PciRead to get the PMBASE register. The PciRead() will cause an MMIO access. The AmdSevDxe driver clears the memory encryption attribute from the MMIO ranges. However, if VmgExitLib is linked to AmdSevDxe driver then the AcpiTimerLibConstructor() will be called before AmdSevDxe driver can clear the encryption attributes for the MMIO regions. Exclude the PMBASE register from the encrypted check so that we can link VmgExitLib to the MemEncryptSevLib; which gets linked to AmdSevDxe driver. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf | 4 ++ OvmfPkg/Library/VmgExitLib/VmgExitLib.inf | 7 +++ OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c | 45 ++++++++++++++++++++ 3 files changed, 56 insertions(+) diff --git a/OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf b/OvmfPkg/Library= /VmgExitLib/SecVmgExitLib.inf index e6f6ea7972..22435a0590 100644 --- a/OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf +++ b/OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf @@ -27,6 +27,7 @@ SecVmgExitVcHandler.c =20 [Packages] + MdeModulePkg/MdeModulePkg.dec MdePkg/MdePkg.dec OvmfPkg/OvmfPkg.dec UefiCpuPkg/UefiCpuPkg.dec @@ -42,4 +43,7 @@ [FixedPcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize + gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress =20 +[Pcd] + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId diff --git a/OvmfPkg/Library/VmgExitLib/VmgExitLib.inf b/OvmfPkg/Library/Vm= gExitLib/VmgExitLib.inf index c66c68726c..d3175c260e 100644 --- a/OvmfPkg/Library/VmgExitLib/VmgExitLib.inf +++ b/OvmfPkg/Library/VmgExitLib/VmgExitLib.inf @@ -27,6 +27,7 @@ PeiDxeVmgExitVcHandler.c =20 [Packages] + MdeModulePkg/MdeModulePkg.dec MdePkg/MdePkg.dec OvmfPkg/OvmfPkg.dec UefiCpuPkg/UefiCpuPkg.dec @@ -37,4 +38,10 @@ DebugLib LocalApicLib MemEncryptSevLib + PcdLib =20 +[FixedPcd] + gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress + +[Pcd] + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId diff --git a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c b/OvmfPkg/Librar= y/VmgExitLib/VmgExitVcHandler.c index 24259060fd..01ac5d8c19 100644 --- a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c +++ b/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c @@ -14,7 +14,10 @@ #include #include #include +#include +#include #include +#include =20 #include "VmgExitVcHandler.h" =20 @@ -596,6 +599,40 @@ UnsupportedExit ( return Status; } =20 +STATIC +BOOLEAN +IsPmbaBaseAddress ( + IN UINTN Address + ) +{ + UINT16 HostBridgeDevId; + UINTN Pmba; + + // + // Query Host Bridge DID to determine platform type + // + HostBridgeDevId =3D PcdGet16 (PcdOvmfHostBridgePciDevId); + switch (HostBridgeDevId) { + case INTEL_82441_DEVICE_ID: + Pmba =3D POWER_MGMT_REGISTER_PIIX4 (PIIX4_PMBA); + break; + case INTEL_Q35_MCH_DEVICE_ID: + Pmba =3D POWER_MGMT_REGISTER_Q35 (ICH9_PMBASE); + // + // Add the MMCONFIG base address to get the Pmba base access address + // + Pmba +=3D FixedPcdGet64 (PcdPciExpressBaseAddress); + break; + default: + return FALSE; + } + + // Round up the offset to page size + Pmba =3D Pmba & ~(SIZE_4KB - 1); + + return (Address =3D=3D Pmba); +} + /** Validate that the MMIO memory access is not to encrypted memory. =20 @@ -640,6 +677,14 @@ ValidateMmioMemory ( return 0; } =20 + // + // Allow PMBASE accesses (which will have the encryption bit set before + // AmdSevDxe runs in the DXE phase) + // + if (IsPmbaBaseAddress (Address)) { + return 0; + } + // // Any state other than unencrypted is an error, issue a #GP. // --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74636): https://edk2.groups.io/g/devel/message/74636 Mute This Topic: https://groups.io/mt/82479056/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 18:16:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74637+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74637+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 16197835502601008.7893451697622; Fri, 30 Apr 2021 04:52:30 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id cNgTYY1788612x22E4dT0SfP; Fri, 30 Apr 2021 04:52:29 -0700 X-Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web08.10381.1619783543755812561 for ; Fri, 30 Apr 2021 04:52:24 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aX0J5xqKtu2LQP3LpByyw9JXA6cwJXbbWT3JNPBR2kY0qucCl9/Z3AjBHVOoQks/F7inKcyGmns4hsoc6xJG+x3kbWLaJlPT6H9EgqxyS3YtLjKLA8lsLkDaI9Xf6USyAJ1i94kEQKkTgfKhk/9jgDqsMx3WnWZBfrcGUUpP7EHWKzc+4xXRndkPLeuE2mXbIaJb/G2zN6Z0PbEmCCfaYUOUkI8SCWNDZ5CNMuHFWf6mXRfP427dRFNCsKG6KwG4790+JelvCoh62i+wUjtRrQSmbLW9hS+TPHhsu8oL+APqzyp0nNrQnP73itmV7stlHMCz5z6tVd7v2JZnevAlOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WBOAd+yJk+xRJ0sLPu8R6hypFuWKGPySczlfB4eqd7E=; b=kvDKaiEbNhD+5QjOt0RrDVZiLCloZhzV8GbvlKgGFOUjG/D3bNzD0jm/cOXAaAG7t3MwLbpeySoxEVUA/OLL3R4xl/s9W7VW9wFbzYuF2eUBUzvIUPvdt9QMB08Kfe/NusRAZBqBlqIh2fxp1ro4IEhYj5q2nVqNfpsJ4q7oMK56gakb2MIyt1XTGHY2JIVbkHadWPMSpG202WPkIbijY23kpU5JEG2CEjFZTSOHl1gwDxsBWoRUQxpvnPu8rN1+a1iuNZYEIUWF5ZC0te2vgDF+YowFulZyUWiYf3gA4LsnnF2KaAySiDLp2GfNvOKmnoDYTLVoNE05OrQxJKQWRg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4349.namprd12.prod.outlook.com (2603:10b6:806:98::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.23; Fri, 30 Apr 2021 11:52:22 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:22 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 10/28] OvmfPkg/MemEncryptSevLib: add MemEncryptSevSnpEnabled() Date: Fri, 30 Apr 2021 06:51:30 -0500 Message-Id: <20210430115148.22267-11-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:21 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ec45cd58-e362-41cf-24e6-08d90bce69fd X-MS-TrafficTypeDiagnostic: SA0PR12MB4349: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:196; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: kKZLXeb7exl2U4l5/yJZUwcOSBdTjJeQUNtM90V2E8gO0IlRo2d4whhj7FlQQw6dKk7xV77CD/ZOoVhVcRZvPCtVOc9sgKTp8hRpl17z8aKpmJ+t8qX8mE6g5nqzDy8LGUY/so0foe3iOl7viFyyXZfAemE8VtiHILP7oT0yvxN1GLAAywMZZrnr8/lTv3uz5/EX5buC8JqMOoKkUxvfYZW4ljOj/uuK45Uv27EumyXb3LBoa8CP1N8yiPJHgdy9TYJ4TYugVuozLNiBtjUJPQo3KfZ9/H00e63/4EIqKjK28R5CBRZsTL6TqiyLozUfHi2xfDtfIRI7QDxl5V6OTFEedwYA1BFRm0WXqkMSAdIrxy1dDl48rHNASuCWYDVdl8/TfSSC8RCbg2NE4DQVvx7rAFl191xFjqCipgs4CVj/lCCRuiKZ7/7A/7QyjzxPyuLj6em81URFmYpzwMYKKuPXwJvRZVoTrB1ZWhKlZKCpMcdRACHyJX7MnmnEwAsdNFWktqlYtRIdEeJO/zxhpywfLE9EjSiwuHmzV6eUJrwkwn+UsQfsnJj0wTKb5P828H8FUZip4qTFcJE5dNVHT5dQ3MXjWkiFIUE0WwbnVDlxQnEaeYPhVhEEbaUs4jCXWYv7bOKw5dFJjrXp+3+6JGP3ECQPMQYIyUBKcHMg35oPJUhJXTZoW6813G4sfEjOPOzOmemWWmoHeM3OQM58eyGqpsnTkwlkerYXwvFeNXqMnSc2NchGBHZ8e8fFWwUumEQ1FlbJviLUZ0pnUbIm0A== X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?H+vv6hoZbKmy55iUB8gw8rH66tHcbAfK4dcotc9lbjUNERTwxVqFjsw4f01f?= =?us-ascii?Q?BogOr+94m4oLMA0B6ZnhgyyTo2Y1BC+poePvIFJo4IUTcV9isB0/zJbWZagf?= =?us-ascii?Q?LTdxCcgYW8MfelFoL3kcsLyzwpYBZhqf6S714UOe0f9C7q/1L+DyQ83hsDmi?= =?us-ascii?Q?z4kGlZSxfjtPBoMYjdy4WWLudUw0a5ucB2AU3z9wXYG+I1TgXvEeJLNq+T3k?= =?us-ascii?Q?lj46JdkdtLR68iExpmpRIhTjeyj3E3JoBuU9RDHj7/L/2bT968p+Qab+wT3V?= =?us-ascii?Q?oQK37vgmFZ+G560rMczbX3elOp0mgozbaE+gDm+v6ckY5i1J+g+CF03hrw5d?= =?us-ascii?Q?roHH+AYzn6NLQmsitDyA/HtqaW2+OUGMKTTKfgrXPw+8Enmsl22EIFE729jH?= =?us-ascii?Q?sTPUWHdObdGZZ8YnvGnnnQBcOJS0iJ6ylPAovs5rZlVyrTXV2Q9v5rdMgoC0?= =?us-ascii?Q?hN3Kr/eQlIzF3i0LQa7cvRKkRaGafQmL/KpK6+X0doEDISHv+RRU0UthQHdP?= =?us-ascii?Q?A8Z2jnwckFJgE/MJy6b0SxLcRN2zzG3joEuNPX1PBauVJPBg0irveRkRLZWz?= =?us-ascii?Q?WDjiEn4kSzcLQUWbKTbzESDR0tpK8xptaK38MIS4Dxq1lamyapNviftB7m2X?= =?us-ascii?Q?iRjzuPmuERo4JpcCZvUDgrSwPKYLtzUtG5Z9XctjDeXWJR5anNNL8dXGNe92?= =?us-ascii?Q?XiNTae6T0aodnSv95GjRWc6RmYbo1g/0ISvmkyaxwIkbF8pVE9BpP2i7VIr/?= =?us-ascii?Q?7p3jpaAQLXLcwZVYCWlSHg1rLaCW9ijVoWkgzpNrvjVId6g4P5CcEalRNovX?= =?us-ascii?Q?89oHhc5i5cByGymRUnldnfuiJFGgnno6TLx58oYAn2/cUmIU4IeTxVj9gCYy?= =?us-ascii?Q?sm/mo9nsPEQh0CX3lbaKLhfRSFDiZldNLf0VJvHotkKpwL9pcmfovHgJSrPo?= =?us-ascii?Q?OQWC8gZ4seIMwbgiSLL7xoqx420qJRHk2oLusby/0AUXh6WrSt6YWt5eQ3Gt?= =?us-ascii?Q?P90FuXsP+FEY1qcyPVH2+L9rp3QumbEIUWRYxWB5AuR5++4jeaWHrB4o7Csm?= =?us-ascii?Q?mwq6TUGDWH5bAlSiTrDItF+oaBA3EQdycFahE6eyf0josEYR6uimTKPkJIlH?= =?us-ascii?Q?q0S3pT6khcnJ/86kzk58hyF9Ln1oMSwvAtLITN50dJvOQ0YPxX3yFL5pjpng?= =?us-ascii?Q?7KQdmEEKe5XNV4Cns660WAA2UAfKA7mMhwKVAmf3VD+otzmZKMRJdVxtDN+S?= =?us-ascii?Q?qHDqbp2Z9tw9LYwVXX3yKauIgICFjab1Te41tKIdOtEAKWAMPL+hr3Tfjh1q?= =?us-ascii?Q?iFXxJvVYF1Y6wOPzm82hfW6N?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: ec45cd58-e362-41cf-24e6-08d90bce69fd X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:22.0631 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ePlQxzbd/KJ88UuviyUUAAsnWtHe7qkoodGHHZiRbHqyTXaL/4cHP9V7N4GfCUXE272vPX/F5yoeN/j4iPvZ0g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4349 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: MiY5ZyJpLXvfRuh5yrX7pXXdx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783549; bh=maV5UFtTErjStidh6pS/FA9ptAUGHbR8ygaYCtNi9rM=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=iSzHonr+1YBYZLra8Y4p6ei9VJTjdJ4pvxB9kTD1wsaIyzw0Zxh6JUhpa596tpiuou6 ToOBCgmOAwRArjZVH0oyqLdlwjcc0ynTFTxEh5OGyVlyK1Ip4cxXGMU+yaDqYJBB/4oXh 76tEtUJOzJ8rreLv4obtGaP+J1ueH7afFdY= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Create a function that can be used to determine if VM is running as an SEV-SNP guest. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/Include/Library/MemEncryptSevLib.h | 12 ++= +++++++ OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c | 27 ++= ++++++++++++++++++ OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c | 27 ++= ++++++++++++++++++ OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c | 19 ++= ++++++++++++ 4 files changed, 85 insertions(+) diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/L= ibrary/MemEncryptSevLib.h index 9b15d80931..3868376dbf 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -66,6 +66,18 @@ typedef enum { MemEncryptSevAddressRangeError, } MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE; =20 +/** + Returns a boolean to indicate whether SEV-SNP is enabled + + @retval TRUE SEV-SNP is enabled + @retval FALSE SEV-SNP is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevSnpIsEnabled ( + VOID + ); + /** Returns a boolean to indicate whether SEV-ES is enabled. =20 diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibIntern= al.c b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c index 2816f859a0..0571297238 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c @@ -19,6 +19,7 @@ =20 STATIC BOOLEAN mSevStatus =3D FALSE; STATIC BOOLEAN mSevEsStatus =3D FALSE; +STATIC BOOLEAN mSevSnpStatus =3D FALSE; STATIC BOOLEAN mSevStatusChecked =3D FALSE; =20 STATIC UINT64 mSevEncryptionMask =3D 0; @@ -82,11 +83,37 @@ InternalMemEncryptSevStatus ( if (Msr.Bits.SevEsBit) { mSevEsStatus =3D TRUE; } + + // + // Check MSR_0xC0010131 Bit 2 (Sev-Snp Enabled) + // + if (Msr.Bits.SevSnpBit) { + mSevSnpStatus =3D TRUE; + } } =20 mSevStatusChecked =3D TRUE; } =20 +/** + Returns a boolean to indicate whether SEV-SNP is enabled. + + @retval TRUE SEV-SNP is enabled + @retval FALSE SEV-SNP is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevSnpIsEnabled ( + VOID + ) +{ + if (!mSevStatusChecked) { + InternalMemEncryptSevStatus (); + } + + return mSevSnpStatus; +} + /** Returns a boolean to indicate whether SEV-ES is enabled. =20 diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibIntern= al.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c index e2fd109d12..b561f211f5 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c @@ -19,6 +19,7 @@ =20 STATIC BOOLEAN mSevStatus =3D FALSE; STATIC BOOLEAN mSevEsStatus =3D FALSE; +STATIC BOOLEAN mSevSnpStatus =3D FALSE; STATIC BOOLEAN mSevStatusChecked =3D FALSE; =20 STATIC UINT64 mSevEncryptionMask =3D 0; @@ -82,11 +83,37 @@ InternalMemEncryptSevStatus ( if (Msr.Bits.SevEsBit) { mSevEsStatus =3D TRUE; } + + // + // Check MSR_0xC0010131 Bit 2 (Sev-Snp Enabled) + // + if (Msr.Bits.SevSnpBit) { + mSevSnpStatus =3D TRUE; + } } =20 mSevStatusChecked =3D TRUE; } =20 +/** + Returns a boolean to indicate whether SEV-SNP is enabled. + + @retval TRUE SEV-SNP is enabled + @retval FALSE SEV-SNP is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevSnpIsEnabled ( + VOID + ) +{ + if (!mSevStatusChecked) { + InternalMemEncryptSevStatus (); + } + + return mSevSnpStatus; +} + /** Returns a boolean to indicate whether SEV-ES is enabled. =20 diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibIntern= al.c b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c index 56d8f3f318..69852779e2 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c @@ -62,6 +62,25 @@ InternalMemEncryptSevStatus ( return ReadSevMsr ? AsmReadMsr32 (MSR_SEV_STATUS) : 0; } =20 +/** + Returns a boolean to indicate whether SEV-SNP is enabled. + + @retval TRUE SEV-SNP is enabled + @retval FALSE SEV-SNP is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevSnpIsEnabled ( + VOID + ) +{ + MSR_SEV_STATUS_REGISTER Msr; + + Msr.Uint32 =3D InternalMemEncryptSevStatus (); + + return Msr.Bits.SevSnpBit ? TRUE : FALSE; +} + /** Returns a boolean to indicate whether SEV-ES is enabled. =20 --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74637): https://edk2.groups.io/g/devel/message/74637 Mute This Topic: https://groups.io/mt/82479057/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 18:16:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74638+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74638+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619783550974563.2468906090837; Fri, 30 Apr 2021 04:52:30 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id b1ysYY1788612xheRfQ5iSUV; Fri, 30 Apr 2021 04:52:30 -0700 X-Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web08.10381.1619783543755812561 for ; Fri, 30 Apr 2021 04:52:25 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QBMRJSrVT6QH9rlSIOTYAYoK8Fh+r1jwpglERsYB3z9QpqGCDmYD8ykK4mMzJ9CAftvXn3NKtDmYJmoLg68svoJu3kPFLMU3fggSWD0Gwf++x6vhaYkbHjtw3e1UtD/se2a0nLhTuKwRkSJfgnJsOwxJWETx9jYgYbdO4rGmnpWoipSsJ4u0rpMyuNUkV2dxLkNBJ2SxsTKq5rK9MhOvu2T512vtndmzKnwuZDzfOTijBY/uT1be9i4yjH5m1iXyHhqRTrA1Q0MaFMCjhXorLJPsUJgctVaD4J/xRY4lS/Ley0f1sNfVN8FgKMqUrbrDVvILZgKYEtXesvI5u0w9bQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tcTRFz3hV9bG30nsmlvks68/TuBkbKM+hNbPVqlLii0=; b=bh/kyOm04KaEJrnOhBuZMKGdPbcMk/JNQsalwpWTE1wgUL1h0fHufZyCrIRv/7SP7XBekDe9cYlNJE3GsrfsNMRd2K4ETPhxxXt50PwIMoQNJwijVKg00npTvBjw7BwmrHcwoLqehpkclPCCmhMhsjNA3pv8LUZUPBNblo4ikvyJGnMA/cFTn4ceT+7NyaDGn8Kghn0iwPwZmUQo1iUA0sq41ZssZ+YKKl9+N+jarPlj42fvh35vn/BPO8ynfpzLZAZQalmx73Nc5GNUeDgeLNIu4dhrfOioTg4d2Jrk4AHRV6XDPiVt2a0Zk/2mH33SDzbovxBHpJ2sSlH3Col9GA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4349.namprd12.prod.outlook.com (2603:10b6:806:98::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.23; Fri, 30 Apr 2021 11:52:22 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:22 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 11/28] OvmfPkg: Reserve Secrets page in MEMFD Date: Fri, 30 Apr 2021 06:51:31 -0500 Message-Id: <20210430115148.22267-12-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:22 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 96cd4276-00ba-4398-e635-08d90bce6a55 X-MS-TrafficTypeDiagnostic: SA0PR12MB4349: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: ljqx04ErVASjtTwAJ0kbzNAIyXMnELd1XJJtExz3JE7zQdRuCWwAQZnWy/MhkGRIHfDOGikiuGJH7raKhBfRsK4ukNn0BhPdT+XzfYzQbd9cwICkTaFejp+sEi2loswKhUWpne5WSKEJ2oC8dXRNyEZRSqYfNlX2iWBqZWj7E1sxANPiEh+8OX2HatzBaRAY8LdvfRJaWJ3whBzF+iGflB1lUYPrrVPI4/xCXsx5wI9LNJl0tG3CLkUo6ACh/LtZ/bi00UCx1T0v00FK9++9ePrLcPG9RCvdiPClJGXQuIPpSpZ7IxEtGttBvmaTDaFAR8dS/fao6ACmCBA1sWESOadtmlXZK+EhNmvh1fDXz0eIbCErDv9j3ii4L3FbbQQXz3wtCXvP6VWz40c+2LKprLVT+DUgL/RfGpvZVsO6rGzMmSk0EjHMs6O4Eak59XBSLOwzCpTnx3uEqBaxROrgVvfZH7GHLBtI6OThD3IdEQE4d+g6kMqIW2NHf7ZStLSalZjAA/YSmf+CgsC6LL1bvSQmh9JNSQ/d+Cy9+KiQ8gOVBZCh9cfGMeJlxddOKqrFzyl41pu6Ke2o953jk/qgmiJPwtunJLe9/HB9Sg0k6y4jcZPXpbIey1lYc/6MIXpcKkVQHZar7fMds0dEDpm+3TuhMBjfZAW0EGIbkoRPGm02O8CljEaxE8bwtTgG9bkLL//umV7fytkvMQhXUbrPquEacufKnvVEXK3GAnCTjQo= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?rQIFeDI9jFPsc7MO+bUpSJ1MK1ms8Nnz4+qHgOylYTKlWtqlbqO38StYmDCh?= =?us-ascii?Q?wtV2NNDmIaT0KQEsQ3r/Xu0C4/hDoneKBrHQOvdKQuevoZUzdwIIZNJ8kfKN?= =?us-ascii?Q?cC7zD/2seXtJDGOBFC4HGhNVMooU/wPeVORtn+uDKS/Bep5sPyvhfKZDptmC?= =?us-ascii?Q?5y7aXU0oinr41VQwrCBut/xSjGLRndyihod4CHJhFIxYaacmkioxrEQJpoli?= =?us-ascii?Q?jecIQ70HEK8GV5Qi0svPPVIVJOdy5KxllRJ1CedhSZW1bYR2ZSmqNFOiVEg0?= =?us-ascii?Q?ItP8fqNsV+iv08ggT3G9NkUV8SatAHNdKi5h6Aermsgd2gAB3hipvE7Tv/67?= =?us-ascii?Q?IRFRNRY5DooBz9qs2kPzOBwcFblJR3RryDcTzv699QabAy4HVsKMU6+LFeba?= =?us-ascii?Q?2s+WNEohxFObrTUvjCbQCx6Qd16Qs4dbEKtOKU+0l3iDvSZ3tdZm84fnLQJ2?= =?us-ascii?Q?56DqjouKdU3jqcM3Eh1YzXfwVYh4iv3OdWzpkeAVlmcZ167Tfz2nPsHCrZOA?= =?us-ascii?Q?9t3O/LqVMcuDQblCOo7UPcKvHRoNIFAw9tNHAVvMp0GZROFsiib3UqCtSNyp?= =?us-ascii?Q?0CNDvtWrEcKV6JuedsSkXnofI/xuuiJREJKTgjlLaQaIkvGcqRBFytsGjizU?= =?us-ascii?Q?NwUnXQDblLqVR9y7WwrKCHjvYuwAOMTdLm9isqI7hZ99l5Kfu/NdCt5KVmIm?= =?us-ascii?Q?3gdyZLwSjspuTMSQ07tOhI5c++5kOa67lIlsJfVDFnzSTbOS6ZhkmHCXK1pE?= =?us-ascii?Q?SvKdhOjndt3823CevzP0QVqDUEVoJAJOJcO2nBteWr5szWiqPTIObqFoP5zR?= =?us-ascii?Q?VCj0wijlPXHQavHsKJrGtwEUCe7jy/bxTEAld3WV5J4tpStYn/nq6EbUVrMt?= =?us-ascii?Q?r/EZ3TGg/sNNfOJFiLgat2TjtoV5Ipq3vdc5J0gL42K6avV/yGZIhSZ89Kn7?= =?us-ascii?Q?TWojdTcMXMcq4r1P4LzU/NbZwXQ1I7GFw4+QWDN5JEN8zWoBK8I+X4Z9yErP?= =?us-ascii?Q?R5CM1QVrkuTndauz1ko9vLc8fVBSOZ64JcprGfFaS2Rcfe8wMSr1puF8RJRb?= =?us-ascii?Q?R7SToAUwD2XpeMNyKxAQPggC0uRs7K7NgEQ6HL2YSpgqp7p/an4Bg18ht5EV?= =?us-ascii?Q?+/EImtwB4N9fNZLFIWtnu2Rl9IBJFVDuuBDCxNLTN/zUYh4wPuh9hzauDHFK?= =?us-ascii?Q?zWs0JmpANQDj5hvHqzkugXcnIj7zFO8Imutqq+PouKkkDtei6pdtLigTEUO2?= =?us-ascii?Q?sIwg+mGP80FRhNwScUYpuzRk2Q+YpvycQlnNy/LOJzFpOv6QtU4aXAOcjI1Z?= =?us-ascii?Q?ZY1jWbAuSxi3CP9W3j68EPMv?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 96cd4276-00ba-4398-e635-08d90bce6a55 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:22.6357 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: hoWXZ5yTSUsJ9EoMIIG++OIq1NTAMmxlAZbixi17tSpRb/YQl3soVtuuWKxyV0P7FiOyTvvIYnt+C3Y2EYb2Zw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4349 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: sAU5oK0tqe99Ww7kn9RW2fiYx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783550; bh=YFJAqizYychmQorCOqasbH+5DKkvkfbZdR4bclb3YRI=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=FdhF4z1kdaXcxjpYmGYRQTdcUE4sW7gfcwtAZP47zx8bCKxq++3a0yQmp8h42vgAww/ J+BqYghkFenaWhRD+0m9bMb++m7IYZO/Df/l+fBthE76cCrJExQiOjrl7pzaSxtkEsEKK cNBDhAbiwyUyWvHN2FTQi35BiHgJKekZBb4= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 When AMD SEV is enabled in the guest VM, a hypervisor need to insert a secrets page. When SEV-SNP is enabled, the secrets page contains the VM platform communication keys. The guest BIOS and OS can use this key to communicate with the SEV firmware to get attesation report. See the SEV-SNP firmware spec for more details for the content of the secrets page. When SEV and SEV-ES is enabled, the secrets page contains the information provided by the guest owner after the attestation. See the SEV LAUNCH_SECRET command for more details. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/AmdSev/SecretPei/SecretPei.c | 16 +++++++++++++++- OvmfPkg/AmdSev/SecretPei/SecretPei.inf | 1 + OvmfPkg/OvmfPkgX64.dsc | 2 ++ OvmfPkg/OvmfPkgX64.fdf | 5 +++++ 4 files changed, 23 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/AmdSev/SecretPei/SecretPei.c b/OvmfPkg/AmdSev/SecretPe= i/SecretPei.c index ad491515dd..92836c562c 100644 --- a/OvmfPkg/AmdSev/SecretPei/SecretPei.c +++ b/OvmfPkg/AmdSev/SecretPei/SecretPei.c @@ -7,6 +7,7 @@ #include #include #include +#include =20 EFI_STATUS EFIAPI @@ -15,10 +16,23 @@ InitializeSecretPei ( IN CONST EFI_PEI_SERVICES **PeiServices ) { + UINTN Type; + + // + // The secret page should be mapped encrypted by the guest OS and must n= ot + // be treated as a system RAM. Mark it as ACPI NVS so that guest OS maps= it + // encrypted. + // + if (MemEncryptSevSnpIsEnabled ()) { + Type =3D EfiACPIMemoryNVS; + } else { + Type =3D EfiBootServicesData; + } + BuildMemoryAllocationHob ( PcdGet32 (PcdSevLaunchSecretBase), PcdGet32 (PcdSevLaunchSecretSize), - EfiBootServicesData + Type ); =20 return EFI_SUCCESS; diff --git a/OvmfPkg/AmdSev/SecretPei/SecretPei.inf b/OvmfPkg/AmdSev/Secret= Pei/SecretPei.inf index 08be156c4b..9265f8adee 100644 --- a/OvmfPkg/AmdSev/SecretPei/SecretPei.inf +++ b/OvmfPkg/AmdSev/SecretPei/SecretPei.inf @@ -26,6 +26,7 @@ HobLib PeimEntryPoint PcdLib + MemEncryptSevLib =20 [FixedPcd] gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index a7d747f6b4..593c0e69f6 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -716,6 +716,7 @@ OvmfPkg/SmmAccess/SmmAccessPei.inf !endif UefiCpuPkg/CpuMpPei/CpuMpPei.inf + OvmfPkg/AmdSev/SecretPei/SecretPei.inf =20 !if $(TPM_ENABLE) =3D=3D TRUE OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf @@ -965,6 +966,7 @@ OvmfPkg/PlatformDxe/Platform.inf OvmfPkg/AmdSevDxe/AmdSevDxe.inf OvmfPkg/IoMmuDxe/IoMmuDxe.inf + OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf =20 !if $(SMM_REQUIRE) =3D=3D TRUE OvmfPkg/SmmAccess/SmmAccess2Dxe.inf diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index d519f85328..b04175f77c 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -88,6 +88,9 @@ gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPk= gTokenSpaceGuid.PcdSevE 0x00C000|0x001000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecGhcbBackupSize =20 +0x00D000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|gUefiOvmfPkgTokenSpaceGu= id.PcdSevLaunchSecretSize + 0x010000|0x010000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPeiTempRamSize =20 @@ -178,6 +181,7 @@ INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf INF SecurityPkg/Tcg/TcgPei/TcgPei.inf INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf !endif +INF OvmfPkg/AmdSev/SecretPei/SecretPei.inf =20 ##########################################################################= ###### =20 @@ -313,6 +317,7 @@ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrd= DynamicShellCommand.inf INF ShellPkg/Application/Shell/Shell.inf =20 INF MdeModulePkg/Logo/LogoDxe.inf +INF OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf =20 # # Network modules --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74638): https://edk2.groups.io/g/devel/message/74638 Mute This Topic: https://groups.io/mt/82479058/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 18:16:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74639+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74639+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619783553640365.6375092538859; Fri, 30 Apr 2021 04:52:33 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id Px1EYY1788612xU5b1wy2tZ0; Fri, 30 Apr 2021 04:52:33 -0700 X-Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web08.10381.1619783543755812561 for ; Fri, 30 Apr 2021 04:52:25 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=k0Pj/EWo/Y7c28xkU5bq0mpMW6ZNPjeWVEDf2zu+xqLr+cGskR0a2Z3cQMlSOFwW3GZQM2hzuPiZxV0Mnobsx6N9TULU09/Hb4//1I1wrP6/ERQ2jLqvk7XLyJPVcQzREvI+VsQjU6sunVLVlwpR1aguSaAWxRxwN0Wp9q/87qd9bj+NG4uxCda7lURbZnNcoZ8uCuX6QfXE8sq+vJsQicjxy+XABsvR2vIbrpWJqexFPwhMHR73JS0X3aosfy6yv7JfvRA6GNRxWACMCiCrufdSzPXsjdTGr1JZJcz0Bp2xpThykWzml3K8Pw8NB+BfZ8unU7zr/boXvruvU8+6pw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8lba/8wuuSoPhOgXb54ZbVEYSWp+ZpMag1F9XZ1VmpY=; b=k3KakuW80g65A+40BoJ53IrhBZvgKE349SGE9900G0nsA1ybd7VwjUVYn9OTFQrXcdQy1fe+wexbdviRd3Fsb2XqbSpQqkZ5XD5QcqAxGtCiMIAYSQPOLktncp2j/TkLcxPtcUCu7HPiEDrSxaeLLx9nykUPUBOz3K81/A8uPf7SwNlW/ybGguMSzRD0RjQttPoWvizK1z8ym2a1iMi58v1B6D3W9xOnV3ReE4IK2lWz0nzTv07R5kY2sPS21q8R8asV21L8PPejoqQQuAVYZ9WQgnNfxS0fVUyOVmnO0YJDH3Dkv7oZ3z6UdSjlD6X0mXNOHxKGdq5uO0KcEns5XA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4349.namprd12.prod.outlook.com (2603:10b6:806:98::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.23; Fri, 30 Apr 2021 11:52:23 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:23 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 12/28] OvmfPkg: Reserve CPUID page for the SEV-SNP guest Date: Fri, 30 Apr 2021 06:51:32 -0500 Message-Id: <20210430115148.22267-13-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:22 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 2e29af18-9caa-49e6-ce96-08d90bce6aae X-MS-TrafficTypeDiagnostic: SA0PR12MB4349: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: bnegS2FW5yhIIlJUU4C9XDuMVUOXUFDIw/gT2jlbP80DlYoTu7PiMkNKUI/+cRD0a4OKLpg9TcngqSKAvaqrU/ZOH1Di222Reh706QH51JpiHu0gh2sdSktvli7Sji8P0GVRWz2fD+oWF69oJy9W+a1HyV/1V0kbByJr9M0Uz3KjO3XQVp7UskjgBycLfJkQqNZkFD7uuw4uMRLCuHyAQLVmUSe6VpAK+0v7CsNz8q0ZgmJE0h/8wlxQw0gDX0CLIxQ8no5hBUMzrSr5d/zKEDsD+xA2WohNzfe1oSf0HVCKKsTYI56sirEvOKhUYjO74Uc2VTPyC8ZaFKFPjEDlpTlQXLWKeB7HrVilu83jhpVHMjdVOn8nFYHl8W15OcH5kgmm6z8xEQUD8YkDW/QovI4my/MYoBJ1zXYFlEe8yw5g50RkfL8uznuDs+c2BvdsGvI63EoZsuE6T95hpLX/NfmVYC7EVzE+znxXT0JaPvj+HBgVM7NaTNxzqTQTW9xnpGFJL0owtL6hGrwXIHUC//1nZwZalIQawW3jYxn90PETKkxQLHME2XV1yEZoiAMjsrDa/QBERLr3S5ywUVUZkVE5DvPJfybCFRNksh1okO3ifjcyXHikJ4RbncukG7KZO+wFdITQ/UaiEPJnNx5LScrwlPRbwXpHXKTuAHtP6VVHindPZR/yCXj/xH3U7zYljmQbC79izI4WiTkzEOvL8YCK2XNej6E3JR3dPy1KAM8= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?mE7V3MHZ0JvOWSVJV7stDryxzLIxkmXIHGq1qloUMppUyRnRh3Ql0YOYke+W?= =?us-ascii?Q?D4o6acU4AuT7Cvm2MTqiDFZYJl93+a8q1OpR4fAkYjbGVqBzIFcR0ltYLhaD?= =?us-ascii?Q?7SDjdkKNcL8uMzcMG/F+wdENCzZLHY1F2M92DFH4hBOqgb8UKBbMMBd3bmIp?= =?us-ascii?Q?JOPIWYqkSVW9UdDiMiSm3NePaHTDUX9cjwwhq3AsbrsCgOyXEverqNtE3Xhb?= =?us-ascii?Q?eoC/Gz7vG4QRtfWVNbMB31U3jW1AQh32Ob60FZsY42K9Ywkrj10fSiwFtokB?= =?us-ascii?Q?l59+sHx5r3QLrZjAoE9Hj6dpxICX0RiRo7WdwglUMH3Ctc/SD6V2s2btdJhk?= =?us-ascii?Q?eMmwpHaUbz7Gf8IK3hKTJohiaMrozjM2oi3qtpE063MOg7H5G7O+PS6+2ihU?= =?us-ascii?Q?m9tAo9/XcdU7K/Gtj/pWsHLg7BEsfs+dM6wahtJ+57yYURc7dVjF/UvSaZwL?= =?us-ascii?Q?zbxus5Lc9+dI2nryTqNfGZ75Hz0za7v4Wln7XT+qZhjcN77ikVRm1I5gVVsf?= =?us-ascii?Q?LKip4vAMtVJupBY7pZc+Scr0QTDmHO1BVywLsLfWHcM77YfJ+oXV1eod8hsT?= =?us-ascii?Q?l6AzkUe+G672rz0P/sLHNSGPou01uf4xP4y1JJjP4+SZSstFt7FaAnDbslX0?= =?us-ascii?Q?qSG8YICJXy6tIsMBviCX64gdotU61t9u8Dc+ejlpOC9cA0LBfY4BTPC3Zlvs?= =?us-ascii?Q?aPllgiHLLoEOgD4tYZMrJ1BVFqUGCChTJ1AcDTpoK0hlNj1heLyue+k2RQJ3?= =?us-ascii?Q?00lBjwt38mUxGuv9Fv5Psii7Pq8ITiC/VMgJf6ji49GbH9MVHDRtvmhQUHxE?= =?us-ascii?Q?s0KwX1ccfmMZcILV1bnhY0LXGyExAnF7WWA5uO/EI/pVGHWv5VqDJU9i8pAc?= =?us-ascii?Q?+FdGBjH0ftUM/Vip/DloP2MPgd/+1gf0HVLKerUOk66nf10XHpKU8ZAJIoy9?= =?us-ascii?Q?9YUTRbNuRUJBCEWr1T4qCjlKdsa0lCikhhk42NQEhNXDa2LLJN9kAlMtxskT?= =?us-ascii?Q?aVtZmpn/FN+0ebL2wwrlmGDI2vRItb8HtZcIawYu8VfG1Em7kkDSfo/RFoLi?= =?us-ascii?Q?tI9NDdxhqtJXCA2jiEZvrGh2hdiR8o2MJdy5LGj6N59NoYZK7DRkRJLdbGHJ?= =?us-ascii?Q?J4rliU3LMXV3G8qpk0whbSHsjRfQsN7dqaBjxcSb1NgayWkjOAuLn1Wl6wrD?= =?us-ascii?Q?I7sSo628NW6HVk5OoCsraKnIlAz10DD0YMtyeLcAWEMeP/Zn7itp4qwUyuvL?= =?us-ascii?Q?+UW/NvR32ngCmojMI8+QkTP+FO3UUMY0zW+LA+a2tvk3KjHzm1oGeIw8TGN2?= =?us-ascii?Q?pP/S0wSFarGHHVAVdmJFB0yE?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2e29af18-9caa-49e6-ce96-08d90bce6aae X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:23.6292 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 2Pu6d1xCnKiFYPBOYbhGm6C1Q6EMoW/2odBi6Y20UPNwVlHdmGtpN7irtvIi9YXjodeRSU5yHLmSzkJvs/SW7A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4349 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: wpDqcpEYmQXYdqPnDXJqqMbKx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783553; bh=pxMlOJwL1YYKMz4ho0Afe3FvDditpuc2l9PVW7RJz8g=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=HvRbNnpFhMIZ/nc8lxviWESx5ac8+9lXRigHnSoZk/CISVCwdmzJe6CoGG2awK9fKvV plZEQyO9U7QfK4xj6S7C4WASCc9RHBZxJZhfirdnkq9zLqyZj+JJ4bHlDztcdQjB8dR0c RoSIdRdlfhBQX0fVk+PXJkjxwD1P60uIY7w= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 During the SEV-SNP guest launch sequence, two special pages need to be inserted, the secrets and CPUID. The secrets page, contain the VM platform communication keys. The guest BIOS and/or OS can use this key to communicate with the SEV firmware to get the attestation report. The CPUID page, contain the CPUIDs entries filtered through the AMD-SEV firmware. OvmfPkg already reserves the memory for the Secrets Page in the MEMFD. Extend the MEMFD to reserve the memory for the CPUID page. See SEV-SNP spec for more information on the content layout of the secrets and CPUID page, and how it can be used by the SEV-SNP guest VM. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkg.dec | 6 ++++++ OvmfPkg/OvmfPkgX64.fdf | 3 +++ OvmfPkg/PlatformPei/MemDetect.c | 13 +++++++++++++ OvmfPkg/PlatformPei/PlatformPei.inf | 2 ++ OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 18 ++++++++++++++++++ OvmfPkg/ResetVector/ResetVector.inf | 2 ++ OvmfPkg/ResetVector/ResetVector.nasmb | 2 ++ 7 files changed, 46 insertions(+) diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 9629707020..dac5fb1653 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -317,6 +317,12 @@ gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|0x0|UINT32|0x42 gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize|0x0|UINT32|0x43 =20 + ## The base address and size of the SEV-SNP CPUID Area provisioned by the + # SEV-SNP firmware. If this is set in the .fdf, the platform + # is responsible for protecting the area from DXE phase overwrites. + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase|0x0|UINT32|0x47 + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize|0x0|UINT32|0x48 + [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10 diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index b04175f77c..5cc1da425e 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -91,6 +91,9 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefi= OvmfPkgTokenSpaceGuid.P 0x00D000|0x001000 gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|gUefiOvmfPkgTokenSpaceGu= id.PcdSevLaunchSecretSize =20 +0x00E000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase|gUefiOvmfPkgTokenSpaceGuid.= PcdOvmfSnpCpuidSize + 0x010000|0x010000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPeiTempRamSize =20 diff --git a/OvmfPkg/PlatformPei/MemDetect.c b/OvmfPkg/PlatformPei/MemDetec= t.c index c08aa2e45a..02584123c1 100644 --- a/OvmfPkg/PlatformPei/MemDetect.c +++ b/OvmfPkg/PlatformPei/MemDetect.c @@ -894,6 +894,19 @@ InitializeRamRegions ( EfiACPIMemoryNVS ); } + + if (MemEncryptSevSnpIsEnabled ()) { + // + // If SEV-SNP is enabled, reserve the CPUID page. The memory range s= hould + // not be treated as a RAM and must be mapped encrypted by the guest= OS, so, + // reserve it as ACPI NVS. + // + BuildMemoryAllocationHob ( + (EFI_PHYSICAL_ADDRESS)(UINTN) PcdGet32 (PcdOvmfSnpCpuidBase), + (UINT64)(UINTN) PcdGet32 (PcdOvmfSnpCpuidSize), + EfiACPIMemoryNVS + ); + } #endif } =20 diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index 6ef77ba7bb..6d18b0be9f 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -118,6 +118,8 @@ gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm b/OvmfPkg/ResetVe= ctor/Ia16/ResetVectorVtf0.asm index 9c0b5853a4..05c7e32f46 100644 --- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm +++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm @@ -47,6 +47,24 @@ TIMES (15 - ((guidedStructureEnd - guidedStructureStart = + 15) % 16)) DB 0 ; guidedStructureStart: =20 +; +; SEV-SNP boot support +; +; sevSnpBlock: +; For the initial boot of SEV-SNP guest, a CPUID page must be reserved by +; the BIOS at a RAM area defined by SEV_SNP_CPUID_BASE. A hypervisor will +; locate this information using the SEV-SNP boot block GUID. +; +; GUID (SEV-SNP boot block): bd39c0c2-2f8e-4243-83e8-1b74cebcb7d9 +; +sevSnpBootBlockStart: + DD SNP_CPUID_BASE + DD SNP_CPUID_SIZE + DW sevSnpBootBlockEnd - sevSnpBootBlockStart + DB 0xC2, 0xC0, 0x39, 0xBD, 0x8e, 0x2F, 0x43, 0x42 + DB 0x83, 0xE8, 0x1B, 0x74, 0xCE, 0xBC, 0xB7, 0xD9 +sevSnpBootBlockEnd: + ; ; SEV Secret block ; diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/Rese= tVector.inf index dc38f68919..8e52265602 100644 --- a/OvmfPkg/ResetVector/ResetVector.inf +++ b/OvmfPkg/ResetVector/ResetVector.inf @@ -45,5 +45,7 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize =20 [FixedPcd] + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re= setVector.nasmb index 5fbacaed5f..57f01aa7c7 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -88,5 +88,7 @@ %define SEV_ES_AP_RESET_IP FixedPcdGet32 (PcdSevEsWorkAreaBase) %define SEV_LAUNCH_SECRET_BASE FixedPcdGet32 (PcdSevLaunchSecretBase) %define SEV_LAUNCH_SECRET_SIZE FixedPcdGet32 (PcdSevLaunchSecretSize) + %define SNP_CPUID_BASE FixedPcdGet32 (PcdOvmfSnpCpuidBase) + %define SNP_CPUID_SIZE FixedPcdGet32 (PcdOvmfSnpCpuidSize) %include "Ia16/ResetVectorVtf0.asm" =20 --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74639): https://edk2.groups.io/g/devel/message/74639 Mute This Topic: https://groups.io/mt/82479059/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 18:16:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74640+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74640+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 16197835520361009.3961712459692; Fri, 30 Apr 2021 04:52:32 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id HMcUYY1788612xKg4jNNdMqq; Fri, 30 Apr 2021 04:52:31 -0700 X-Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web08.10381.1619783543755812561 for ; Fri, 30 Apr 2021 04:52:26 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=V4cf1KXeV47iLw3NslDRpTvtFMt3GfVQ2+LtVEi9xCSr8sXQS3CgMP6ehZDKakTaB90y3A8SR6KgpFvMWdwFbcNzpJqPGV1zK1YGkEq2spc+B1Fs5xkJf/llPq/+cghhXcrG1GDm3NT73GeTCzQ8FUsCXK5y98tKlIKoQqbC61AthCQHRtWIlLN8EwVDV3bcYC2rm7WLk4EyYFE6LSQLX8O7E9A7flNFNJLqJlSZ1HH0azFtrdjzcN4DXuRiTeQv0teSs1iz7+tzoI1lpKl5HflROiDfHb7SBjvjWF21eZBkYcG7BriRJQAduf1vXofYwR6tLq/ZxljSBysbvhzdTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=F7Wqe9L1xntceWrTyfwhv/Bnk/Gwd7yh6aYYel8NmUY=; b=PQFnZEz+d+NRcQeKVl2OLcZbyGQmxCIOlI6RgvgoWc+cbQa/sJkt7GbIdSFsZurPMSf1KQnAImcnALqXXV5E/XeUK8bob2+HdEJ9k7Rztrz9oWfAukZ7LyC00toEEzx6vJCVy6R4RwF341qNuhFK4ykc4xAJA0c4yb7KCvl11p4aIoQf1z4JXcZM8Rai9giBq/Pc7OMUlvv4CyVUJXqGqY4Q3aGFs2HURpmOBCYd4J1bORRQPy4Dar/FK5oysmu8ZTHM/TJfgUb8Dup4LweKDB49zMyOLnF6bRRDpxzWqtDRvB8DS3YNZjeNLD33/4hyEbJ7mZGW2vm3RnL170Khgg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4349.namprd12.prod.outlook.com (2603:10b6:806:98::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.23; Fri, 30 Apr 2021 11:52:24 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:24 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 13/28] OvmfPkg: Validate the data pages used in the Reset vector and SEC phase Date: Fri, 30 Apr 2021 06:51:33 -0500 Message-Id: <20210430115148.22267-14-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:23 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 3fa5eb06-ccbe-4ba8-7e02-08d90bce6b4c X-MS-TrafficTypeDiagnostic: SA0PR12MB4349: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: FKthBj+uZIOoCmZY1MD8i8l+co5Oni9uzV3IWx/4ytodc5mMK/JVzfd5H0act30dvzEfZ/aSZqwsaXlBWjD3u76lv9SSylgCys9t1vFv71OG9N84X196q+rq+QRd3/UsQu8EUYDmF16Ao0vYiiLiMH8elAQtzlRKGIKzGxacs5HXrB4IPHaz6IDNcP+OXKBdQPtgOKBZ1XK1QgDqFBpGECHR9s94/Fjg1jYK1xeSQoQk6KGhkZlXVHNxJSyjg8qvMOlqE5McjNGDxzF21l2/81Mk70HpWKcrFL/yPXjoW6vpgwNss3rtncMsZ6XungycAd63H2B6yUGX1mR0kweXvZbkScB1pSzPeaNNfxNowH1YY8Hxap4vNSsULY0DiOr8Bm3KC/7ifRHn0N0HipbXPvVc9BqzS8hABs7KTfOnrouHOfBOl6KF86841d4YgJYGtunU7yI4iuuzfYzCaMrxjC3tR0iE7oveGPMd7X2ZEzw2cbzcvrLNKWikzHrS2LIThXIuchNbQ2lUBPXq/vMW+fyGkWfbcgkgitJmxrTxWK22wNBGiojaWIHq2IRX/5fOwBjpaXZm0KkD+nIAYWa2dF11wbZyLuWFGhay2jXfvfz4RzP3EYtnzBuo/Lb80Zo9xLlCDZ+C62xlCjpAAW7qGxMi4KkighVCMCvVD8gO6Sprnk7qzhhPXbfgzRdq6Zr05lntL/wvWen4fdFmNzXbCt7602FuckymVYbpst1jC6w= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?UtNOyfIbMKLhV2encKAY02tZMM9mQoZs1xWDwEZ0zml/VlqdD9CiZKjR98Ch?= =?us-ascii?Q?z6F+9VOnmSuf5oS7Kbk3EB702eNapiwBkiVSmDEOc0l4Ag4b8buqiR0Qab68?= =?us-ascii?Q?L+As/0WQxhJ/NnogqoRAZrnxMxCf/jrij6sMkuVgHFVocazme1CDPvqevOPV?= =?us-ascii?Q?MeIiwIIAom5504GTxkFGf9y3OK3akbvTXjC1MbbgTY8oC+CD0CUjEVH6OXPR?= =?us-ascii?Q?Yh2Oq0yh34bq+L2XTBbY5xOqM0OjdbTO8JPFhcFcodSbaJtrEwe4JLKg/zia?= =?us-ascii?Q?Fn+30T7lUf7KYIC5Szi798K25O/r9O+SU31XfKxr5Rg4D97AsN2ptTIEhhv8?= =?us-ascii?Q?qLosTjnH7kLvOjNPUnSc8l1AbWBuVTFNeTRMLTfyahsIkIJsKcX8n0ILnont?= =?us-ascii?Q?LnLrBQmNd158gyqGbWK+FN6jp1ZulEQY3BkxODN2SZRG+dzwO01INLXTBJDM?= =?us-ascii?Q?dSkOd3y7l+g/rnWz/7J/K2DsmBujqr7TdD5teP+qD3fNEY/YU1fGlYd02B1z?= =?us-ascii?Q?OA5Uud7kDgTWWbys+uKvaCjAdS82qjDLP628VQ9VvU3lnCnuP1uLFrUOZGMH?= =?us-ascii?Q?A4/ChqyDOJ4eRz0ve2Kd7E/20Cmffe8aQNgMW0aqxKsrgNeN9CkyYvR7EIRb?= =?us-ascii?Q?1NoiNFp7p5Bo6vVkhKCzDqMvImisyij1Zaiwfzoz3K2BeCV/d05mLbT1VlFR?= =?us-ascii?Q?3AGFjSIZ+ttTWRKiJENadMIGsnoNsZbSPb7TUHEOaGXXrOybIZGHflgQffG3?= =?us-ascii?Q?UfKgPZSaPCmw37R3XC0zFlU3pM3jj9Cgd+dXgZq8m46bSQ38T6YHqix0aX1Z?= =?us-ascii?Q?nKFPvMCovkekeTCX4BirfZRiWlXaUxzmVj9tHXUGAJanckPfseBO/S+4Ame5?= =?us-ascii?Q?7J9llU0PGz0QLKnHegM+l/AeSOOyvVKFgKCpX9srU1KzFlQXhmFvDxPg2YS+?= =?us-ascii?Q?plKZL68yYVvT5b3Kwv2W6q+jfEtf1SHRgjOowQHZPs/AXUz5H3MPwm2lZMF2?= =?us-ascii?Q?68ZKk976ex/hCIPOUuJS2EXnA5Q0KijMh7AEX8BUG4bOp+BQjf9IB8wZEdaM?= =?us-ascii?Q?VyKllXLK+aW2p9dULyvFxbp3Db/PncR5az3BkmIMMk5ew3nqSbg7auspTZ1C?= =?us-ascii?Q?0QFQzFKCrJXsNhryPGE/p5p/eesr5NrIW6ZojnBOaxR5s3QYBZDg91OzU2iu?= =?us-ascii?Q?+RyrGBuBBvqXMg6EUOpN/bjdyp20+hmzIbtD6xbRDbyx4zTVZzUeNK/czNeg?= =?us-ascii?Q?kfgyLPp2n6f5pzZ0H7mzwd/ExDbXH7CmjevctTWJGnVrOozgymQjJw42zOP7?= =?us-ascii?Q?7012vZ4Va5kxJ0cJB0ibeMDq?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3fa5eb06-ccbe-4ba8-7e02-08d90bce6b4c X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:24.2548 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: xeq5eqe/utAJEVElVln2HjmHxqQnBetOlMFMxGWi9uspHqNWizhK0qFNyzq6DVOb7zXlgF6s2UmMGphiimPzyg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4349 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: bnyDBYEzDUC2bkaoAtmA7FQTx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783551; bh=T31TnJARLNN8WtL4KnKb9otprWn1HhGKlTkmRYIt9r8=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=BXjfzK+75FXdEa+H1s/wiD9+bQ8h0ZBojMoD9+cCIwVNXzF9I0jXlL1mYTulR8ILu8P SgygmDJn8l0+g4a4FV9xGsUtGRcjWInR2OIRRG52TylOQYmQAZ+25zytWd7c+uQJubXoz nHPCmlP+ddeBHGH7NbdeuH/50JmqFyYlCjM= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 An SEV-SNP guest requires that private memory (aka pages mapped encrypted) must be validated before being accessed. The validation process consist of the following sequence: 1) Set the memory encryption attribute in the page table (aka C-bit). Note: If the processor is in non-PAE mode, then all the memory accesses are considered private. 2) Add the memory range as private in the RMP table. This can be performed using the Page State Change VMGEXIT defined in the GHCB specification. 3) Use the PVALIDATE instruction to set the Validated Bit in the RMP table. During the guest creation time, the VMM encrypts the OVMF_CODE.fd using the SEV-SNP firmware provided LAUNCH_UPDATE_DATA command. In addition to encrypting the content, the command also validates the memory region. This allows us to execute the code without going through the validation sequence. During execution, the reset vector need to access some data pages (such as page tables, SevESWorkarea, Sec stack). The data pages are accessed as private memory. The data pages are not part of the OVMF_CODE.fd, so they were not validated during the guest creation. There are two approaches we can take to validate the data pages before the access: a) Enhance the OVMF reset vector code to validate the pages as described above (go through step 2 - 3). OR b) Validate the pages during the guest creation time. The SEV firmware provides a command which can be used by the VMM to validate the pages without affecting the measurement of the launch. Approach #b seems much simpler; it does not require any changes to the OVMF reset vector code. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/OvmfPkg.dec | 5 +++++ OvmfPkg/OvmfPkgX64.fdf | 9 ++++++++- OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 5 +++++ OvmfPkg/ResetVector/ResetVector.inf | 2 ++ OvmfPkg/ResetVector/ResetVector.nasmb | 2 ++ 5 files changed, 22 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index dac5fb1653..3d5574364b 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -323,6 +323,11 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase|0x0|UINT32|0x47 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize|0x0|UINT32|0x48 =20 + ## The start and end of pre-validated memory region by the hypervisor + # through the SEV-SNP firmware. + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart|0x0|UIN= T32|0x49 + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd|0x0|UINT3= 2|0x50 + [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10 diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 5cc1da425e..806c86bb3f 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -105,7 +105,14 @@ FV =3D PEIFV gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.= PcdOvmfDxeMemFvSize FV =3D DXEFV =20 -##########################################################################= ###### +##########################################################################= ################ +# +# The range of the pages pre-validated through the SEV-SNP firmware while = creating SEV-SNP guest +# +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart =3D $= (MEMFD_BASE_ADDRESS) + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase + +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd =3D $(M= EMFD_BASE_ADDRESS) + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvBase +##########################################################################= ################ =20 [FV.SECFV] FvNameGuid =3D 763BED0D-DE9F-48F5-81F1-3E90E1B1A015 diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm b/OvmfPkg/ResetVe= ctor/Ia16/ResetVectorVtf0.asm index 05c7e32f46..769dd0bccf 100644 --- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm +++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm @@ -55,11 +55,16 @@ guidedStructureStart: ; the BIOS at a RAM area defined by SEV_SNP_CPUID_BASE. A hypervisor will ; locate this information using the SEV-SNP boot block GUID. ; +; In order to boot the SEV-SNP guest the hypervisor must pre-validated t= he +; memory range from SNP_HV_VALIDATED_START to SNP_HV_VALIDATED_END. +; ; GUID (SEV-SNP boot block): bd39c0c2-2f8e-4243-83e8-1b74cebcb7d9 ; sevSnpBootBlockStart: DD SNP_CPUID_BASE DD SNP_CPUID_SIZE + DD SNP_HV_VALIDATED_START + DD SNP_HV_VALIDATED_END DW sevSnpBootBlockEnd - sevSnpBootBlockStart DB 0xC2, 0xC0, 0x39, 0xBD, 0x8e, 0x2F, 0x43, 0x42 DB 0x83, 0xE8, 0x1B, 0x74, 0xCE, 0xBC, 0xB7, 0xD9 diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/Rese= tVector.inf index 8e52265602..2a75e909c7 100644 --- a/OvmfPkg/ResetVector/ResetVector.inf +++ b/OvmfPkg/ResetVector/ResetVector.inf @@ -49,3 +49,5 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re= setVector.nasmb index 57f01aa7c7..f936870b81 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -90,5 +90,7 @@ %define SEV_LAUNCH_SECRET_SIZE FixedPcdGet32 (PcdSevLaunchSecretSize) %define SNP_CPUID_BASE FixedPcdGet32 (PcdOvmfSnpCpuidBase) %define SNP_CPUID_SIZE FixedPcdGet32 (PcdOvmfSnpCpuidSize) + %define SNP_HV_VALIDATED_START FixedPcdGet32 (PcdOvmfSnpHypervisorPreVal= idatedStart) + %define SNP_HV_VALIDATED_END FixedPcdGet32 (PcdOvmfSnpHypervisorPreValid= atedEnd) %include "Ia16/ResetVectorVtf0.asm" =20 --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74640): https://edk2.groups.io/g/devel/message/74640 Mute This Topic: https://groups.io/mt/82479060/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 18:16:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74641+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74641+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619783555513143.10491663247387; Fri, 30 Apr 2021 04:52:35 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id hy4eYY1788612xLxbuZGyYUI; Fri, 30 Apr 2021 04:52:35 -0700 X-Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web08.10381.1619783543755812561 for ; Fri, 30 Apr 2021 04:52:26 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PRpx3RJD2EHxUCbBGdaPWB1Po4ZRPzwogMlFsuECePiu1x1L58ZOI3RMPp8ysvUCGbuxTEwG9/WwwEYRWHPyoB1SMoIEN8fmReoRrG+vuTki3/tQb3YSv52UZBRIkWPdZok4rszMAmQdj410a3aczYnDQv9xgzz4Rh5b4627PAZNkbthjyiAsIKwsxtiGksWC3+wvS9+V5LSJi3L776ZuXkQZxUAbJX82SBf+QremLBccVMh17NdN8GbBymq4MjiUmOY0c1JpbzZwVfQYDiurw7R33VHfFabtNoDb+Nd9Ygalf2yofRw1agPp+NcylBFo7zayMyMWTDcC650pJuw0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VYoSZC7KNLa8LCZ5+YOr+9vsIFa7GZtoPkD5+jOjyPI=; b=YaEscsNULa7ffhbrnA9mFSKiv7GU7TrerF9NfTsCo3ozEHif8MnakyfJRmbIV0vWt4E8lkHyWiDEZdc+sOqcaCxX/rQRnAIfjJVRa7W4Nzk78kc6wQJqv3Q4OwxCzRRsrwKIX4mlcDx9UgR6oB+fMhAuWqTI8xkAgJmq2ejGgMfwTxTf8DunML/XSm16hnjJvHjNck5HZbK4IYdfuoiA2nOrkdCi8vze9k7mP9SZLYg5F7nqH5H0/ulp85/5YDLQG+cC1vw86uuN2hkbylaRaQnw0yifskKtTASF5Po8DpB3vrLQa/mfmF+aGtuelEoP2vK8zHwx/q9hKZxIdZCqcg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4349.namprd12.prod.outlook.com (2603:10b6:806:98::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.23; Fri, 30 Apr 2021 11:52:24 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:24 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 14/28] UefiCpuPkg: Define the SEV-SNP specific dynamic PCDs Date: Fri, 30 Apr 2021 06:51:34 -0500 Message-Id: <20210430115148.22267-15-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:24 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: f1ca3608-c52f-4fc4-7ff6-08d90bce6bab X-MS-TrafficTypeDiagnostic: SA0PR12MB4349: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3968; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: qB7lmWR/Yy+QWqSao2nZ+04gHO9IdbvZtYEgdIFgbSUJgH94K071z2gcS/DsB45nADjWz5rVIzonsntV9WbNI+O3T1njMPlOqiHgxmMnm7BTOwyj9vV2LfB9pwpjGnr73beN2O2SnDuUuTPZd51piMVEqhLRDhulsmXY9LwT5X7Cj8DM7LieoS1uMnHr7iXlqqaqNDaFzXPc6RbFJqN85aP9NvxWDi2cWQxnuUE89pYXi8Q+YvyFleNd4Ak6AIczqZEzuXfkyXHrka1gl/FyFGVbksb1/caYcgjhGPCV4V+Oes27wLuRUyn5W0Mn/5Y9Xhf4jzwzFxsnRka020eQsto7w6mf3EuomjnPPIdkmEBmnM6WKyt/cljDCcAPVAtaPHmY47d2ZvbXQ/NYmjkNMURhMb/7gGOtjttS5OhZuVII/DI0BaTBnEu+mx+fCSOCc3zkFzX2bT60S+k+8rTTJStY6jWOXoG9jRORJ0jIRRs9V1F+SZYvt/cN7OLgHvV71Dxj/DizUeSvmWLaWPbelnLR3mmAsMniP1EFiRV6wyHNfiGMNIuB9S8x1mn0gfM4FxtVDnyr6oWpHEdpOzUZIWnbFY6kTVSGPhCG2brkOIdAHdLeZmbEKtqVk3wb5Z15zvMll0ijaV7pakAOkLpMAasHOAOXMcCUDsF/UaoHtTnDZuAt2vRMncFlB3OA0o7p43Ibk0PSuVnBl/psVvbvsRDsasKt0OTd5sdT6Z94nZ4= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?6y72GYKMdwIAjbijSILgzyuympYPqF8/tTOw/8jqwO+ABzSustaz++qDY3dD?= =?us-ascii?Q?r2q0J+7J7H3B24k5zb599lqPSZ2st2N7KRt+w1jtxHfZb0XnMI7DTYQIZf8k?= =?us-ascii?Q?+TGkdZDHPlB9aMQUkRGx9OY2VTeGm9SFYKdDRABwmiAsUsGJGvg9AkFSFuId?= =?us-ascii?Q?3SJ2CRC1UpH+bu9hV6zaNXHSOR/RbU6CsPVvf5MrWx+iyJG0gPc9jyYBluSx?= =?us-ascii?Q?gjAIcnql2p2ha0YXHumw3sCpQvJzt7dTiQlaqMr9v0TTnc6yzNa+fu/uqN5c?= =?us-ascii?Q?8g3+SWtrzi3Q+mbMkOfUfQOhvPLN/SOIQn4USswP25Kq6GWVUBSUR/eYtucW?= =?us-ascii?Q?ZtrKe2RKKRuYK2veOTKvu7x+u2vh6zwV+4ylMte8xX9YmsYZ1Yfa+zHA0aRp?= =?us-ascii?Q?R4OhpIeJ8TelYW8IIqHNG0Mg8XfSmBPrjrjNIRlVHt5mVWHSpIBs2KYlEWLR?= =?us-ascii?Q?hg+Y9lfCYO7Qn3l4DA4mbxaI4a81DwydL4sE0bivTAYvkUMWRV/YMPZPyZ4P?= =?us-ascii?Q?K9CSYLwaIdApNUKwOly0LuIf1j3airc65ltHvv4R7LFnIABWmq/TgPixP9x8?= =?us-ascii?Q?6fFQVgaci6vxu7rYpcm3z08Ui8wzNSKL9PfdUeBcBWb6dGWAdsWViDuvPuHW?= =?us-ascii?Q?E4eCcWll+k5HRziANtvvCRgGgZzOgZd6eLK4sHTcbyLV3BI48d2E03SNgm2F?= =?us-ascii?Q?GMyMltYICw4LQ+rhMCs99ZkyXnyn/Op+KtXuVJNoMfy/mJJ6R/xB3PdSPv1X?= =?us-ascii?Q?Be5VWBEY3LaluS4J5ZY4OSjdDPnEOo/di/A8sItlfM/nwojRMdWgEn8ZDA4b?= =?us-ascii?Q?c+ZtS+7r7vz/bAMPmYRRdv9OpUQZuYpAnGIQdLI/HxYaf05CNVcqyh/5vbcK?= =?us-ascii?Q?oZHI+CymvGo4dK3IvJvC39w2UOiuyhEaP0UxWH5MZ4htB1HaKvzUD1fkAlYo?= =?us-ascii?Q?UtsduB7tMUKTxXPEe8fgybwMHvexu1d6Rm1MQzT+2jykpII0ykTWkhtG0qki?= =?us-ascii?Q?A02bLnJZsDdiC8R5r79RkPxdM8ixlIIBWuCfo/ycZJfxpuu2WvqR5WIEZ3sP?= =?us-ascii?Q?ef6h45hZmEMHtgW7idbFc9Qk4/54mGBM4u47P8+J/3ZV67Ygk96CYWbL8TPE?= =?us-ascii?Q?PhgjmrNsfNRtHJUoXyoPrlBfPuwQZVC7deq6eBw2XcsXg+7HU5QsX6h78QcX?= =?us-ascii?Q?l4mUmiM3vdotIkmkPwCXHTtaHUkBoFwWcfqOTK4mbw5HXKaKyWNk3Hg7jzZM?= =?us-ascii?Q?qNqDzYX/YRbG7nbc2W1uPWjyamxvR92yboaSAiDGxMZWSKo7XzSq+hlRis60?= =?us-ascii?Q?GFu/faNUot69H4DU0EZOEZAu?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: f1ca3608-c52f-4fc4-7ff6-08d90bce6bab X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:24.9164 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: mgPmDR991kyUIT8t3o60ufrJGFnEoOOfkuQbcp8S9vReSYjlBmYNx8u+j+EfSfDiWIkJEb5VojCANoPzr9aZlA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4349 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: YlkrFiziPWOUtJfuBUEQOOlex1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783555; bh=s3Xe7VDF1WYFmUgRH7SGOi4KjBxO/EUk6P/Mrc1FCzU=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=iEoyM8EzoiV9815HDZy/4Gd0tzHJs0cVdtJ2iL5SxbceFgHwFkM1JuJ5mFBkLjniXat HdeiGSkcQisn5XqAZFj5QT/1Ttcz6qIFpkOcnrrxWeWWgEg3wjA1k7MNfJYW2UKypgJG/ 2WKsAC6cn2HUFZjnJnTmo822oBp+WJEvxG0= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Define the PCDs used by the MpLib while creating the AP when SEV-SNP is active in the guest VMs. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- UefiCpuPkg/UefiCpuPkg.dec | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec index 62acb291f3..1793769439 100644 --- a/UefiCpuPkg/UefiCpuPkg.dec +++ b/UefiCpuPkg/UefiCpuPkg.dec @@ -396,5 +396,16 @@ # @Prompt SEV-ES Status gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled|FALSE|BOOLEAN|0x60000016 =20 + ## This dynamic PCD indicates whether SEV-SNP is enabled + # TRUE - SEV-SNP is enabled + # FALSE - SEV-SNP is not enabled + # @Prompt SEV-SNP Status + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled|FALSE|BOOLEAN|0x60000017 + + ## This dynamic PCD contains the hypervisor features value obtained thro= ugh the GHCB HYPERVISOR + # features VMGEXIT defined in the GHCB section 2.2. + # @Prompt GHCB Hypervisor Features + gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures|0x0|UINT64|0x60000018 + [UserExtensions.TianoCore."ExtraFiles"] UefiCpuPkgExtra.uni --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74641): https://edk2.groups.io/g/devel/message/74641 Mute This Topic: https://groups.io/mt/82479062/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 18:16:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74642+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74642+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619783553112385.4492698275642; Fri, 30 Apr 2021 04:52:33 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id oTTVYY1788612x4SofNha3FL; Fri, 30 Apr 2021 04:52:32 -0700 X-Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.81]) by mx.groups.io with SMTP id smtpd.web10.10087.1619783547085642226 for ; Fri, 30 Apr 2021 04:52:27 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=I0q7Uto/nAIm/GrLv/BH63WrJhI3Xv0G8rTks4dFVENQk327QxFARXPmv3VjY03KYhA2B5H07uTRvuhVnp5a/bhrDtDQ3JWLgciF/cWy1nIUvUjg7vZRJVJmfsiFZr6b7h6gZjElXJFvF16izOXE3Q1/JrIaf/9LrTl5uyYombka+2BnlUaioQmR2slnrShwIJ1xmY629tdvdtU0ErtzZQ3vWvyK5uxSpwZxF78SH+68l8TsJFYOLE9E0rb9docIOXDgd5GZqef5O5fdURVBKWwYrZ8t4v7Dpx6E6q/yaOvKUF98Lt443E5M06aLtH8GeqYUKidgAeAUw3jgUle9/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HLUrMCcTgoQVqsHkyx7rlhImlziwHkbOdKVE0QYPO7k=; b=B+Wc1b1NQPnUckqeXWd1xKoBvlOsW0atEGr67QGUekfY08DYemYJoFu/01VDAFPIVarNaR+7a1thoULWAsBHuyQEdJlOpEVjbeJqRUfKl83LoUL3JOvW2ej7fCEchHQ0Vyc+bpMS3azmtPouMyODN8CK5f8e3mSFNge0A1+Hk8ABofI89wv/8y+RtxiKmcUjXfx7cfNSlzyZLpYUoaWKjtBKO/tBOR8XrBn5/zAWnAoKgRMRHTbMUHIi/5mIx1tZFxMBOBfoSX34JBQpilTK0uqtbnuTfIf9GZOR/9XEkFQIYB4tJX0niCbr2hA9AzGzMQsxs5oI7UCsFkaX3W2mew== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2783.namprd12.prod.outlook.com (2603:10b6:805:78::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.25; Fri, 30 Apr 2021 11:52:25 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:25 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 15/28] OvmfPkg/MemEncryptSevLib: extend the workarea to include SNP enabled field Date: Fri, 30 Apr 2021 06:51:35 -0500 Message-Id: <20210430115148.22267-16-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:25 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 3153a158-adb2-45d9-f709-08d90bce6c0a X-MS-TrafficTypeDiagnostic: SN6PR12MB2783: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2043; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: uamJTPhISZ30iKRKgIgRuBR+3q/YvfGyM9JkdUOOlJX+VX8hYQPo36l2K63qJZYLAJ4f1KFTyn1xOdUby2gg5YaV3rlq4slJdtIv/Us8y/ZL1eGgV/on8povZIxxtDCkR4gfu3Y48oPH/YZPSrjw83tkXZhwl/QaTS6nNxeFeHTXQRcMGrkLsjBC1TbOWHu1YX2dZgmkGmza+EDq0X4PLwfMowS8A8a0VbKfUnMKzI9nsqvajsg3iTzzDQ9YBi0c737WGK2LsFzATL8eIr28A+bVbskWv8snhG7JhLJjhGGNLFQ/xe7Q22MR7euIJGUG87+2dzREd10+DurXxZrOEg0L+4O4uGXMUhvVk9umxLiHoWW8mSeLeJRelMmmOxDK1c4PdEWK1TOd3Pz1ivPkGWOpqhIXqRwyNBbAC/eC7xPWKWXoz8v5KvQov0UVsfEnv4c+sx1PLx7ovNFdyRxgX4SQNIwF10rbsXIafT9tfiN4dzxd2ssQMw+s5679RmBTKch/1q9NAuzA3BRRL3MIcNFFTTh1ozsd/93rXff4MEv7W49ULgoKsNSlxBjLaTrejvwmoWW6ouHU4ynFVhhIBETFd7dpkUhGfAa9O557tNv+PCO0RqhdBw39n8okZ5ilDDKaipWFx1VF96LrNfAnF28LNBqyfGghZtTsK3K7ROhwV+yA1ftjubTGpZyUxzFy3wlZImW4E7quyExLiG747mYMGgTveXAVwmy0iUIsKac= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?pwoDF6NNoDGmhGo8wxYx/efk69bH16259dbotSNktr3EfEBs/qHaJydGBZFb?= =?us-ascii?Q?p1f72N5ZW5LuksuLzUYFpcVxWzmEs5s2huBfTdgv0GDQ3oPR6C0huvUa3QuA?= =?us-ascii?Q?XAkJ3cjtgPZo5F/XNW+/gF1SzlIZvMzlHVrEQ41/nWRK/0PeSmAT2p9FRdWf?= =?us-ascii?Q?7KZEu1ONkZn0u1KJE9YJ5ZA6ckJ3VQ0qiL6M17nvWB2XZ4rm+tqgZTbh3E54?= =?us-ascii?Q?kHnfuqcCbzYimJbUt2P787ZqGoUIahiqhJAP7Mr+DeX4iweKGNeAZGvRFuHX?= =?us-ascii?Q?7Qv4+xVkbr4sIj3Ip7VHzFVTeOAiympeYAclRLjX9aU8El1uTkEFeFkjEMp+?= =?us-ascii?Q?ec6VrCQaBmascFr4pOIjKYXqkeJxxDyygizUlAmXsRrvJm58W4Es6LVLh8E9?= =?us-ascii?Q?xJt4Uew1SBgXwQdD41bflmBn5S8SpbRwyCG48NLS+lgRT7D9Sn4NflQxBRGQ?= =?us-ascii?Q?DPotrjWxnnfy5SRjNOTc9iB+kRYe95fqL8BjM8/A9ZEJoq5Kkwv4Zei83+lf?= =?us-ascii?Q?lfJdMG8Wt/puhPWTQzPssjqC388jGWxb8McuP0o+vt8TWmtJVOgalCje+Kkp?= =?us-ascii?Q?zuM9YGYDAUdtguLyVpGJnKqV5JrAjMjJfltw8YkvPBtTkcniAZnRleFk39DW?= =?us-ascii?Q?uK42wNxdswM4BUQqHjC+RmfdWkzWF3B+2H17G0n1I21RCcL1xG3Krw0euS2x?= =?us-ascii?Q?hWeK/k+c2L4n7jSnTYLzH45J2IvIj8tSlKKqlDFPkDkxOw1CJ9h3pFtTFCek?= =?us-ascii?Q?WscYA5FhguWHw88Gbw/52NMezGnVrRXYHg5BKO8vY+cVQMCYmYNokgBeWMMv?= =?us-ascii?Q?27CXkY+vbrWSoERPcypu+QK/sMrGhgmUyZqmCbOn3b3XtTe3nLwdWoyYDgDe?= =?us-ascii?Q?Fp5VQ4DQo0WkYMlibZz/ZspHpSfquEQpRW1TV4yz7M9J3UH98OcWene1uR8H?= =?us-ascii?Q?Lo58RJpaGsKDBX8AsnwB1UfzNkVMByH722GqfqBw8v4ZwKCubda5AOFExDdm?= =?us-ascii?Q?X8/beXSiB3cauI/pPhzJTZP9xDcjwkH3D+h4P8Nj/54T7/5emHz/KAvOjseq?= =?us-ascii?Q?rxtDDMo7s/TSG5wh1O2BAgQkg6wB3ulXeVvvN7KpCmIU0IHfJBfv/Q41THC4?= =?us-ascii?Q?uOaxEim2nltwk9EyOZ6c2IytJsKeUgokg8ml925KS2ogZdSh4AEqU8COT8bu?= =?us-ascii?Q?i6SXUcB83WJOnMN2WcyStQGpnr6ZywIdaJOmM+V94VeScRZa1aqraqZ2oAoS?= =?us-ascii?Q?6ohkQvZ68TPQIu3TsVYRa0ZBZBpnG05Ylk8sWJySOeAE81uOfuCPEQc3JHfj?= =?us-ascii?Q?TAfUTlU6wR4X+2wpoOiF6Dym?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3153a158-adb2-45d9-f709-08d90bce6c0a X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:25.5461 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: JAtH/V2JJxEdIzD8A1YKS+f5uxPaJiAFN4sIF8KWxqQFRMlTegV1prKC2mzSvQuePPrMeH+MVwJuKopHnhBocQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2783 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: GhWljwdQgpJwTfRpFaLBPCyHx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783552; bh=iIfBgDH/p6IsjyjjnWMHUs1j4xKnj2lijtbmLL6rGLI=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=R93OMNFL8EnOUdEbFnbkZBuw6dyYFgcw/FduQavXSQMzKZHZBR1vfWkA2cKoc2U8K9q NNmFZ55TXH83o5Q/10XBQDs0ohgs74fysTb6Tp/UBXU971iN7YxosIppuz6ph+2DANpzo lgq5jQka+3futyAs6GILupI1csdc7JzvFcQ= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Extend the workarea to include the SEV-SNP enabled fields. This will be set when SEV-SNP is active in the guest VM. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/Include/Library/MemEncryptSevLib.h | 3 ++- OvmfPkg/PlatformPei/AmdSev.c | 26 ++++++++++++++++++++ OvmfPkg/PlatformPei/PlatformPei.inf | 1 + OvmfPkg/ResetVector/Ia32/PageTables64.asm | 12 +++++++++ OvmfPkg/ResetVector/ResetVector.nasmb | 1 + 5 files changed, 42 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/L= ibrary/MemEncryptSevLib.h index 3868376dbf..03e476ef2a 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -49,7 +49,8 @@ typedef struct { // typedef struct _SEC_SEV_ES_WORK_AREA { UINT8 SevEsEnabled; - UINT8 Reserved1[7]; + UINT8 SevSnpEnabled; + UINT8 Reserved1[6]; =20 UINT64 RandomData; =20 diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index a8bf610022..67b78fd5fa 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -22,6 +22,27 @@ =20 #include "Platform.h" =20 +/** + + Initialize SEV-SNP support if running as an SEV-SNP guest. + + **/ +STATIC +VOID +AmdSevSnpInitialize ( + VOID + ) +{ + RETURN_STATUS PcdStatus; + + if (!MemEncryptSevSnpIsEnabled ()) { + return; + } + + PcdStatus =3D PcdSetBoolS (PcdSevSnpIsEnabled, TRUE); + ASSERT_RETURN_ERROR (PcdStatus); +} + /** =20 Initialize SEV-ES support if running as an SEV-ES guest. @@ -209,4 +230,9 @@ AmdSevInitialize ( // Check and perform SEV-ES initialization if required. // AmdSevEsInitialize (); + + // + // Check and perform SEV-SNP initialization if required. + // + AmdSevSnpInitialize (); } diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index 6d18b0be9f..3aef0773b1 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -110,6 +110,7 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled =20 [FixedPcd] gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto= r/Ia32/PageTables64.asm index 5fae8986d9..6838cdeec9 100644 --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm @@ -81,6 +81,11 @@ CheckSevFeatures: ; the MSR check below will set the first byte of the workarea to one. mov byte[SEV_ES_WORK_AREA], 0 =20 + ; Set the SevSnpEnabled field in workarea to zero to communicate to th= e SEC + ; phase that SEV-SNP is not enabled. If SEV-SNP is enabled, this funct= ion + ; will set it to 1. + mov byte[SEV_ES_WORK_AREA_SNP], 0 + ; ; Set up exception handlers to check for SEV-ES ; Load temporary RAM stack based on PCDs (see SevEsIdtVmmComm for @@ -136,6 +141,13 @@ CheckSevFeatures: ; phase that SEV-ES is enabled. mov byte[SEV_ES_WORK_AREA], 1 =20 + bt eax, 2 + jnc GetSevEncBit + + ; Set the second byte of the workarea to one to communicate to the SEC + ; phase that the SEV-SNP is enabled + mov byte[SEV_ES_WORK_AREA_SNP], 1 + GetSevEncBit: ; Get pte bit position to enable memory encryption ; CPUID Fn8000_001F[EBX] - Bits 5:0 diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re= setVector.nasmb index f936870b81..34b900127e 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -73,6 +73,7 @@ %define GHCB_BASE (FixedPcdGet32 (PcdOvmfSecGhcbBase)) %define GHCB_SIZE (FixedPcdGet32 (PcdOvmfSecGhcbSize)) %define SEV_ES_WORK_AREA (FixedPcdGet32 (PcdSevEsWorkAreaBase)) + %define SEV_ES_WORK_AREA_SNP (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 1) %define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 (PcdSevEsWorkAreaBase) + = 8) %define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaBase) = + 16) %define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase)= + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize)) --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74642): https://edk2.groups.io/g/devel/message/74642 Mute This Topic: https://groups.io/mt/82479064/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 18:16:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74643+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74643+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619783557065137.13687942469767; Fri, 30 Apr 2021 04:52:37 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 0zOSYY1788612x8d7LxWAPq4; Fri, 30 Apr 2021 04:52:36 -0700 X-Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com [40.107.92.56]) by mx.groups.io with SMTP id smtpd.web12.10214.1619783548337545009 for ; Fri, 30 Apr 2021 04:52:28 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=U7S9iBJ0phKKVZYDkiIlQmZrzgyADZviiD6hOYlif1k+I9Ib60RLCZ/L74Gxa2hhGVKIca0lsjjsgPqueM9dcfHX93itPl7DcoxE+RSpE7hECYip0qtIKUQPlQpVeeIWBu+TSvDiMu4GGxHft9VunBhkfKbfRASmmbPqEj7yrmbyXm1tymu0KuUIPJHpwGhgnQUT18mokUXNI/Bvhr0T7c7iFJF8BR/LNogm+YCMYzJHc+I251WVYi/nehza1Y5son0O9BTMYyaSaKtueunXuCRVb47nxMy6Bnit5lTWZvs1qNWnzoKoZkOT/gve3Rhp7PCvfWxvvcrVyeTC803mTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yOxZSImUfqh599WPEVSRgkbpM7GSsemmVCq/yQ48bys=; b=LZHADrVZVF0mjPFTx3+ZPgjyqA6aEmR2SuUlDj01LyCJEWqzmPD2kSVlf39rnyNmaOtyKbQdAlzgO4zC7uEYG26cnRSwNZqTzmLq++QqGsZZDoOQNujJt6dFpk2ksLiMXMLrZkhdTuJ4V859MZKlcJ5xF7krFpmTStnS8KCh2E00KC3HXMDy9sbXcXXHNY7nUql0X7Z0XEGrlWoKVfJN2Y38hcCb3L1RYwM+sf6t/iCK+rZzs2046rEkXwbIflIvtDsXScR3+tQFyOehaCXRGc9K43E2KkOmMQ13nt05kbMOQogThIjwgy2Rar7ek68EbO1KFFXulwCbRluSfU6VTA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2783.namprd12.prod.outlook.com (2603:10b6:805:78::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.25; Fri, 30 Apr 2021 11:52:26 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:26 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 16/28] OvmfPkg/MemEncryptSevLib: Extend Es Workarea to include hv features Date: Fri, 30 Apr 2021 06:51:36 -0500 Message-Id: <20210430115148.22267-17-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:25 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 15172108-a40f-4f64-a1fe-08d90bce6c6d X-MS-TrafficTypeDiagnostic: SN6PR12MB2783: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5236; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: 2JOVrY6PPztbknlysdx/IAgowvqX4RowlsKLbPGznmplXdvm2sxxCVpmUEE65M6N5dWWlv4wnMA0xriAR9HY3568TvYD30zLMzp/uC1WoH4DPFC+wWpNLDFu20vaMQ/c175j4IcSzefgS4QsaLsPD5uJHJ5f5avKHSQsj1atPhh3VXHPc6eaSX88tyOrd+dPhFDsqRTiPREbopEQiJTemRB+P5fwHyskk08KfK8WnTrr+qILKycF4VcZn3Qo4H5n5rGSTn03ua97ITPCmqU0MZo+SQwH3dc79y5AkmUWntF2CMhadgpS1Py3lLx/W5quGTI3rR6h2EjffP6gDgFlZ23GAbnGXOkh6wqAQURdYqb5LNrzN2rNtmFu2YsMb8KmInd6iEAKbJ3zBlqOfZzNl4hJxFEs/LXoHtfpdxFHNBv3UhxE3/m6ZdILQ9qEOjt5ssvR8rR05TwgrKHJFwYlKdPHcV7jc+g0t2F7evE231sX6xLCFrEc5cNi1CmvVlB8IMFWjCtpezhWjoV1HnKyN63EwcMHvKZn6B6AsCvfaCllfFA165NqWPp7SqEKMVPCM86giJULNqt9IL8PzATWgQeOO9d5iPc6oDQOAHUcI+Q0/2ywWDWGmLIpq08kcOrxrwooXVS9djSJz3mNgGA15JN1BkRLlAAzEFwPR2tjZYXxnpu8D/P3qPBrR19fT7pL1XnetIODclK8ah1eCpbdcdmJ7IrkhqhVi12eoDlKCYw= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?a7iO8xPRtKpBqZvNFW72MpBEK8boMasI1fTIUwMGwv/gg+Yd0OwscCrl/il/?= =?us-ascii?Q?kVEH+KwWKdDV+dV7Gw3po9JbkfpQeNPN21JTI8Cy6yvTZZozJeoWmGJGk3ma?= =?us-ascii?Q?RKBYYrsmatn6PDnlsaJXOwqBalBNNegeqMFHvofzoflZdO9RnHdPgDu1KBRR?= =?us-ascii?Q?pTfrM7nBmA4WB/3Um7m6MbSGlVqo7+xQzomwq8Dg+g5p7rXHRFWrHZ7klj5A?= =?us-ascii?Q?tpVNNuuiQsyMl2RWSx+jC4eCKjEZtt1opFnNXmkH/7/UzmZQWojTQzsEx+uE?= =?us-ascii?Q?A2btCLLZMi22TovBB3z35ICsdI/TrWiLycH6iBJeaxfRcdMF3gCP54ddOg4M?= =?us-ascii?Q?132JvN2p1x7YmXDZMh0zWZAa2Vct6bo4aCuNwo9nKKkK3jUklDJhRjeTaNOc?= =?us-ascii?Q?vmGROlq7Y1m/QlD9CtiwTFsfPP+4AzdHVDYT1LeP0YPjzXI+26BVmC0WAVVY?= =?us-ascii?Q?CCt/r1misW4vEFQcLms7JaaXLugS3XARPrwKmMQvVYo1DMX9fLRmr1puAyTk?= =?us-ascii?Q?kR9g4yzO3UpDKFj8t5JE0V9HdITvOkBsE96UgOPmuJ/WEIGCPhVFC+ZoAQsk?= =?us-ascii?Q?bt7cXn8a/lHHxv3j9yr2Q1Qt62ooGnQb5o4U4lWEnPZlTMy5jjgNxYMMisfx?= =?us-ascii?Q?dB/2giu3Jwa4zuIwub6y+9Oq0Ii0JGfEvTuOjkSbhonHFix9InwncN8c3DqL?= =?us-ascii?Q?R6o3WKKy+5Vot+yN+P+P2wHaljwTxh/nAlVHkvlKXj305nOa6eX+CUJtLsjP?= =?us-ascii?Q?7qCZKKwZbWQNWL94OWZqStp4rivEaStu8NpwJ1r6O4LlKFonvflI/Hzvqce1?= =?us-ascii?Q?iUsVhzhk777kAuQDwnOgxXOKorGnfYlUv+a8VBJ/cQ9r6skPbVJCXKLwUSV8?= =?us-ascii?Q?EB8iLT/k2bCmt1ZBmqD+8RURcYEQ28Mkdw85gAXiVrxoa4WUQdPhma1w/LDV?= =?us-ascii?Q?YoUhImByZmP7Gw8GL6Mfew7fDG2+bmQIKHR8d/DbdVDEiQOxKQmGy2uKFycX?= =?us-ascii?Q?CLGF8KY4OSSe5OQdcziT1cG8mGkqdq0ec+RkOpoHswYKEkKy5ijr3+wYhifT?= =?us-ascii?Q?MUkBYmPin5iV4B/MubEPubGE2KQ8xyMZQvQzxqBy/vSxDCa3TC69darN7aKO?= =?us-ascii?Q?n7fPSRDCaF/26iNerH7Q30Q8x2CFzLSKyw+BlLzrXVjdnz/FAOBNtTtr61go?= =?us-ascii?Q?4stRng/hY0f/n8Gs7R9g/lgWRHkARF4qPk7lJMcoAdA3Br7gSusN9bVaQ197?= =?us-ascii?Q?ptzxr+pQnGfLDHVJnMrsWIHnEk9GEwhbekuw8hjSaMJjiLcPkaTGldbCs73h?= =?us-ascii?Q?H6sZHMl/7wtqsAfnOfk+INV1?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 15172108-a40f-4f64-a1fe-08d90bce6c6d X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:26.1677 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: NOUQAHHwx47vXJVYXlyZXdW32WEI8QXYiaWrupmVP+fbFZJXhe5VE/e7EMIa5ywAuz5ksTO4K1Ea9KqoPyzt5Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2783 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: IfAbD3PdoSQoDwPW8Kl2SU1cx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783556; bh=gEZ7g8Cu8jMBNIaylXCpbYr1VdjRboMn+fzJO0L4cA0=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=nblFb2DsGnhQvquA/KphUqEskZiY05HSzerXkC3s4Jknx08vwhZjmiVVtPv4QZgTk/q 6NyoKsYjUjby/vSIGau3xXBnE+TVU0JSYNbv+bNLyvjEvvOjeltkj6GqV7QxYDpTSYuRG yKOh+0SWlHjTrLgbCNNbIAHM0tQzKYltCwI= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The GHCB Version 2 introduces advertisement of features that are supported by the hypervisor. The features value is saved in the SevEs workarea. Save the value in the PCD for the later use. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/Include/Library/MemEncryptSevLib.h | 2 + OvmfPkg/PlatformPei/AmdSev.c | 26 +++++ OvmfPkg/PlatformPei/PlatformPei.inf | 1 + OvmfPkg/ResetVector/Ia32/PageTables64.asm | 122 ++++++++++++++++++++ OvmfPkg/ResetVector/ResetVector.nasmb | 1 + 5 files changed, 152 insertions(+) diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/L= ibrary/MemEncryptSevLib.h index 03e476ef2a..42caa6497b 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -55,6 +55,8 @@ typedef struct _SEC_SEV_ES_WORK_AREA { UINT64 RandomData; =20 UINT64 EncryptionMask; + + UINT64 HypervisorFeatures; } SEC_SEV_ES_WORK_AREA; =20 // diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index 67b78fd5fa..81e40e0889 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -43,6 +43,27 @@ AmdSevSnpInitialize ( ASSERT_RETURN_ERROR (PcdStatus); } =20 +/** + + Function to set the PcdHypervisorFeatures. +**/ +STATIC +VOID +AmdSevHypervisorFeatures ( + VOID + ) +{ + SEC_SEV_ES_WORK_AREA *SevEsWorkArea; + RETURN_STATUS PcdStatus; + + SevEsWorkArea =3D (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAr= eaBase); + + PcdStatus =3D PcdSet64S (PcdGhcbHypervisorFeatures, SevEsWorkArea->Hyper= visorFeatures); + ASSERT_RETURN_ERROR (PcdStatus); + + DEBUG ((DEBUG_INFO, "GHCB Hypervisor Features=3D0x%Lx\n", SevEsWorkArea-= >HypervisorFeatures)); +} + /** =20 Initialize SEV-ES support if running as an SEV-ES guest. @@ -73,6 +94,11 @@ AmdSevEsInitialize ( PcdStatus =3D PcdSetBoolS (PcdSevEsIsEnabled, TRUE); ASSERT_RETURN_ERROR (PcdStatus); =20 + // + // Set the hypervisor features PCD. + // + AmdSevHypervisorFeatures (); + // // Allocate GHCB and per-CPU variable pages. // Since the pages must survive across the UEFI to OS transition diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index 3aef0773b1..89c8e9627c 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -111,6 +111,7 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled + gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures =20 [FixedPcd] gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto= r/Ia32/PageTables64.asm index 6838cdeec9..6bf4a3524a 100644 --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm @@ -62,6 +62,16 @@ BITS 32 %define GHCB_CPUID_REGISTER_SHIFT 30 %define CPUID_INSN_LEN 2 =20 +; GHCB SEV Information MSR protocol +%define GHCB_SEV_INFORMATION_REQUEST 2 +%define GHCB_SEV_INFORMATION_RESPONSE 1 + +; GHCB Hypervisor features MSR protocol +%define GHCB_HYPERVISOR_FEATURES_REQUEST 128 +%define GHCB_HYPERVISOR_FEATURES_RESPONSE 129 + +; GHCB request to terminate protocol values +%define GHCB_GENERAL_TERMINATE_REQUEST 255 =20 ; Check if Secure Encrypted Virtualization (SEV) features are enabled. ; @@ -86,6 +96,13 @@ CheckSevFeatures: ; will set it to 1. mov byte[SEV_ES_WORK_AREA_SNP], 0 =20 + ; Set the Hypervisor features field in the workarea to zero to communi= cate + ; to the hypervisor features to the SEC phase. The hypervisor feature = is + ; filled during the call to CheckHypervisorFeatures. + mov eax, 0 + mov dword[SEV_ES_WORK_AREA_HYPERVISOR_FEATURES], eax + mov dword[SEV_ES_WORK_AREA_HYPERVISOR_FEATURES + 4], eax + ; ; Set up exception handlers to check for SEV-ES ; Load temporary RAM stack based on PCDs (see SevEsIdtVmmComm for @@ -225,6 +242,106 @@ IsSevEsEnabled: SevEsDisabled: OneTimeCallRet IsSevEsEnabled =20 +; The version 2 of GHCB specification added the support to query the hyper= visor features. +; If the GHCB version is greather than 2 then read the hypervisor features. +; +; Modified: EAX, EBX, ECX, EDX +; +CheckHypervisorFeatures: + ; Get the SEV Information + ; Setup GHCB MSR + ; GHCB_MSR[11:0] =3D SEV information request + ; + mov edx, 0 + mov eax, GHCB_SEV_INFORMATION_REQUEST + mov ecx, 0xc0010130 + wrmsr + + ; + ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it + ; mode, so work around this by temporarily switching to 64-bit mode. + ; +BITS 64 + rep vmmcall +BITS 32 + + ; + ; SEV Information Response GHCB MSR + ; GHCB_MSR[63:48] =3D Maximum protocol version + ; GHCB_MSR[47:32] =3D Minimum protocol version + ; GHCB_MSR[11:0] =3D SEV information response + ; + mov ecx, 0xc0010130 + rdmsr + and eax, 0xfff + cmp eax, GHCB_SEV_INFORMATION_RESPONSE + jnz TerminateSevGuestLaunch + shr edx, 16 + cmp edx, 2 + jl CheckHypervisorFeaturesDone + + ; Get the hypervisor features + ; Setup GHCB MSR + ; GHCB_MSR[11:0] =3D Hypervisor features request + ; + mov edx, 0 + mov eax, GHCB_HYPERVISOR_FEATURES_REQUEST + mov ecx, 0xc0010130 + wrmsr + + ; + ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it + ; mode, so work around this by temporarily switching to 64-bit mode. + ; +BITS 64 + rep vmmcall +BITS 32 + + ; + ; Hypervisor features reponse + ; GHCB_MSR[63:12] =3D Features bitmap + ; GHCB_MSR[11:0] =3D Hypervisor features response + ; + mov ecx, 0xc0010130 + rdmsr + mov ebx, eax + and eax, 0xfff + cmp eax, GHCB_HYPERVISOR_FEATURES_RESPONSE + jnz TerminateSevGuestLaunch + + shr ebx, 12 + mov dword[SEV_ES_WORK_AREA_HYPERVISOR_FEATURES], ebx + mov dword[SEV_ES_WORK_AREA_HYPERVISOR_FEATURES + 4], edx + + jmp CheckHypervisorFeaturesDone +TerminateSevGuestLaunch: + ; + ; Setup GHCB MSR + ; GHCB_MSR[23:16] =3D 0 + ; GHCB_MSR[15:12] =3D 0 + ; GHCB_MSR[11:0] =3D Terminate Request + ; + mov edx, 0 + mov eax, GHCB_GENERAL_TERMINATE_REQUEST + mov ecx, 0xc0010130 + wrmsr + + ; + ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it + ; mode, so work around this by temporarily switching to 64-bit mode. + ; +BITS 64 + rep vmmcall +BITS 32 + +TerminateSevGuestLaunchHlt: + cli + hlt + jmp TerminateSevGuestLaunchHlt + +CheckHypervisorFeaturesDone: + OneTimeCallRet CheckHypervisorFeatures + ; ; Modified: EAX, EBX, ECX, EDX ; @@ -328,6 +445,11 @@ clearGhcbMemoryLoop: mov dword[ecx * 4 + GHCB_BASE - 4], eax loop clearGhcbMemoryLoop =20 + ; + ; It is SEV-ES guest, query the Hypervisor features + ; + OneTimeCall CheckHypervisorFeatures + SetCr3: ; ; Set CR3 now that the paging structures are available diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re= setVector.nasmb index 34b900127e..465038e39d 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -76,6 +76,7 @@ %define SEV_ES_WORK_AREA_SNP (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 1) %define SEV_ES_WORK_AREA_RDRAND (FixedPcdGet32 (PcdSevEsWorkAreaBase) + = 8) %define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaBase) = + 16) + %define SEV_ES_WORK_AREA_HYPERVISOR_FEATURES (FixedPcdGet32 (PcdSevEsWor= kAreaBase) + 24) %define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase)= + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize)) %include "Ia32/Flat32ToFlat64.asm" %include "Ia32/PageTables64.asm" --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74643): https://edk2.groups.io/g/devel/message/74643 Mute This Topic: https://groups.io/mt/82479065/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 18:16:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74644+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74644+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619783554206172.90052575842878; Fri, 30 Apr 2021 04:52:34 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id fVRyYY1788612xiwR2JDOXML; Fri, 30 Apr 2021 04:52:33 -0700 X-Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web12.10214.1619783548337545009 for ; Fri, 30 Apr 2021 04:52:31 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jTDSzk4ds4X79kiEiXYvKSx2v1JrzjCwBOJ6I6fjwcdP0I/mDPvYToUTC59wlbdKOkx1r7xvLfPjUxK4EXhFtPNXx9yVW9UCHFISJjBui1bLSJ+iUSxPKtPqrgw5ED5KlNjERvmdA/D1AaUbkgpSBmw7LBOv0TDWR/xb0vpPM4RSCvgSwp1VLd6oYUngIR6bKBSwBVvTyKGE32yMCKjsqEqEz1DW425iiuB1OgH+kE7/QlfDRppm4rXY+h451+4wYlM8+zeFpUnUWkKUQPyT+06rB09XCnpH1GrNmhxBBHjt7RZm7+zmYnCLtwSU3dkA8oZS5KYSj0cI0N4JQpl3xw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=guEyDV7kLmBzRc+fmqqaIgJ0wzO2wWG8fiqn9KwwGak=; b=M3SOw09bHiAjcqsytcn8uDn/iSw0xFbB+n/KNuD0iqK1KvK1aUqzuS2ngwCBcZU0RXD8g87/C+Ex7mTMR4W4PIM/Dg1U/QM0g90l3l9YjQBuqL0WYMlYKzMeq7eOTpgTMPG6utzyp1ickysbs8crjGqZ3qiq1KV3lzXIgbtjIHf/u7gndjaOsHLbe5TiW6XQMAy+Z5vI0ue+7nQo2WNPNTx6FcNsnHiMRRcClzE1OCbpcRVP+pbJT0ecndgScw1brstVoTKURGpCgrBki6D+kkXvqF8dLwL233BCRo4lxIotvI7zfZRECZtp+3dzx5z5fpO+FEcrvlQuEk8zPqzAqA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2783.namprd12.prod.outlook.com (2603:10b6:805:78::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.25; Fri, 30 Apr 2021 11:52:26 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:26 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 17/28] OvmfPkg/ResetVector: Invalidate the GHCB page Date: Fri, 30 Apr 2021 06:51:37 -0500 Message-Id: <20210430115148.22267-18-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:26 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 2e00c665-276f-43df-d349-08d90bce6cd1 X-MS-TrafficTypeDiagnostic: SN6PR12MB2783: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: BB/wGF321vq+R5emGW/qfbpgOpNnNcIlhmMrmyFUUJha+ByMSonc4T9RDHhzRr63TZVfCfjQAt6o3f6wX8cWVwoVlnAjxeRomv9ZgfjeXcAbamkRxBw+al3i44BRH5NlzGbz8JZrPWEOgjsyK0ESZTwvmgHVCmaqw0tyWWOI5f4ZggjdGVNkxB9iLSMz0zRKxHIyiQekZQFOF06nN8N9vC6/rR5uLZ0qjIO/5MdI7qH371UYWH/Lk1ePnvIz3/IrSw/v4AZzzacU5TNQV1v1M5h4XReMXfAqc84PXfzy/9Kdr6wNsggMUdVqthmrG7zzrC6CkBqRBknSQN17705R4L5K3TfaWZRZR4sT4hbbK3yfTHDzfpyyT1sbxCib7QDECb5ZttiG+2HkDKjgunBtrN0BOzmNIxGp0JUtAhxvgLpcvOgtTSbh6JzlKeTNTAnxtZUmWnBpKtvsw5/GjkhX9HKtC5VM9qC5VxFTONjDAp2V/eQVwsM24zPAN4oYtuPuqxjhHsVhf+AGGe3NYpKpKmHp8Q+DnDRymhlOTabfHbPmNAoWqkacEoI9MqiVsxFzCiqz718tx7JvJYu1JAJOq/9SL5gZiQhrtRM56edspXZWjAqlEwhWwqxHDprTDcrfFeek/NchxmLwSlMKFywmhJrBl98quHXq/Mhbn9Tn+gljZmeJkuQhKVSL4lwzOoI0u8eq1SStJzwTf0TzZO9rpHJx62W0M8+H0LQzfBgfhro= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?tp6QBdVZeKxOez/+Nv/5358nlYN1/VT2ObMGOPgvKccMwN0bVOzVP8Dftlkd?= =?us-ascii?Q?DzmV9hC6Ldy7ZGMbKMvYiOsU75SwqrdYJbqcwdXMSkLlbFc863lx4Q2uKXUK?= =?us-ascii?Q?teFsV6wtlLfen69qs6uVki6Sqx0UQBq2m7jwMLM/4ecdkuRxePyu8mGjitvR?= =?us-ascii?Q?xIqbDzmLDDmBv72oxl6aHMfniZEd1noYTZtlzdZdDA8cAo/7lUW6R883x43H?= =?us-ascii?Q?AGrWqWVB4dMXb2NUejjZn+eabnPTzj40sHKxA7+toai8fvP9/YCPXy4hPisi?= =?us-ascii?Q?mzbQ9CzxmGvk3iqd4eV5pq/fA97cFPVX7AiBNG1ds3b0acXKZmf44HhIVk9E?= =?us-ascii?Q?N2QwSsKt6zKUAZY4xIFzgVWBJ219rE1FoVkZ7hB5ecyxzJx0y9n/oywhgPbp?= =?us-ascii?Q?PuwhfpLoL/44nuXfFTcEXkvh/9DtBFk2UbYrDr5DoqDJkINBm83qP6N/em68?= =?us-ascii?Q?y6pQP94pgRB5DzoXX+jVM1GobaxZ6Hhu0l2wGDFgU35/vw2xReV5FBUBKlqh?= =?us-ascii?Q?4AgtLrmzo60XDZwpWUrpmnrvIyBqWAwtu7fZ1ADCLvtYzobL4AtTuTOQU2F8?= =?us-ascii?Q?Ns7C67+gl1fN3wJok0I6LyhtaXqmrIPf5ikBjeXLQbyCwDARLm82TLsErTBO?= =?us-ascii?Q?runT4kbmFjO7CwlAeVDj5xlh5ekQYJB/sTKVQJfcasEZxVqYFOEqtbFSjVQ0?= =?us-ascii?Q?A5xy49ydkI3pcMVVXwd83VFJSykaBz+9tOj4X1IAevjgHfN+8JWBLS5IX4rZ?= =?us-ascii?Q?xuFrnMe3fsUHm/Z7PUOBsXsInR/g+yGlq/aaOLIDJnqo1+VMym5CwbjF3KoE?= =?us-ascii?Q?r/5fwXd9cQI/KrBdALQlhG9dFRhQ709fBF1JMGUo0mwJXR5J1tPu/F+wShSo?= =?us-ascii?Q?3HAU1vWC9Bc8Z2+IgRrml/EeGIdSLOmq8whD2Fco2huqSSc0U3DAYztszIBJ?= =?us-ascii?Q?9Wirfj0pSpaa6T67gY6NNT5xbbJoytaSmJEe95czLcooUVSf8tFQi/UMgpGp?= =?us-ascii?Q?wUXzPgnSbVofaLA+0LiDJ71GsfnFFC5W48Fl2NYFNAk7ZH/fFRtJiDXy8wrh?= =?us-ascii?Q?8dhMPbrBANJopqIlMSWrW4rhpumG96PcZPL6yngQDxH48n59JHDhp4KxS/ok?= =?us-ascii?Q?6ux1gB7iGUme2jvft8TX+Hu3ymywXz9cRmqnrHj4Ir0Kk9d15g5e4Hk2HQcA?= =?us-ascii?Q?5ge8G6B6lrzuDfW9sv0NnwNaFFdGqE9q1DrS6w7mwJjt+K/Muryo1DqBvS7E?= =?us-ascii?Q?6NpxnZPPNXGlpS0qMiwbA/Nx4tR6exP1yHT3SdIJjXSRIfyv6TUZmv32tdw5?= =?us-ascii?Q?Psnmy7JA+jT46Bv3z3SVQjY4?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2e00c665-276f-43df-d349-08d90bce6cd1 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:26.8183 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: pYE6m9YjnkVPWaCjsODgKvpVOraEpx+VaWIdLSLw5OMteTsU3rbkBzMturB9AHdZwpkMkMIn34LWg6hJSaVqxw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2783 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: CKOhvVArdDPJdt2Avr1eeAQLx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783553; bh=/eRxfMfe2b+cBP8SHjRcjGXakmLT6udSHa0MUJ5WE/E=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=WM3lY/QO+jJ+B5uqTbm0GyLTFfDgCIe3du/zJvTRtn3H2SzNKGNF+c6xQ22mI13dDjm sAj6Zoj8lu/eWmYoeZfkH+kKc7fg8ZgG5FpiSjWKFkq25Y0yLTT3tOHdAmd6IHGm1CPtJ yz+DdzrtjuLq/6p+jaMgGpWyVoHpwqC7ar0= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 When SEV-SNP is active, the GHCB page is mapped un-encrypted in the initial page table built by the reset vector code. Just clearing the encryption attribute from the page table is not enough. The page also needs to be added as shared in the RMP table. The GHCB page was part of the pre-validated memory range specified through the SnpBootBlock GUID. To maintain the security guarantees, we must invalidate the GHCB page before clearing the encryption attribute from the page table, and add the page shared in the RMP table. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/ResetVector/Ia32/PageTables64.asm | 82 ++++++++++++++++++++ 1 file changed, 82 insertions(+) diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto= r/Ia32/PageTables64.asm index 6bf4a3524a..9949fcdfba 100644 --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm @@ -70,9 +70,78 @@ BITS 32 %define GHCB_HYPERVISOR_FEATURES_REQUEST 128 %define GHCB_HYPERVISOR_FEATURES_RESPONSE 129 =20 +; GHCB Page Invalidate request and response protocol values +; +%define GHCB_PAGE_STATE_CHANGE_REQUEST 20 +%define GHCB_PAGE_STATE_CHANGE_RESPONSE 21 +%define GHCB_PAGE_STATE_SHARED 2 + ; GHCB request to terminate protocol values %define GHCB_GENERAL_TERMINATE_REQUEST 255 =20 +; If its an SEV-SNP guest then use the page state change VMGEXIT to invali= date +; the GHCB page. +; +; Modified: EAX, EBX, ECX, EDX +; +InvalidateGHCBPage: + ; Check if it is SEV-SNP guest. + cmp byte[SEV_ES_WORK_AREA_SNP], 1 + jne InvalidateGHCBPageDone + + ; Check whether hypervisor features has SEV-SNP (BIT0) set to indicate= that + ; hypervisor supports the page state change. + mov eax, dword[SEV_ES_WORK_AREA_HYPERVISOR_FEATURES] + bt eax, 0 + jnc TerminateSevGuestLaunch + + ; Use PVALIDATE instruction to invalidate the page + mov eax, GHCB_BASE + mov ecx, 0 + mov edx, 0 + DB 0xF2, 0x0F, 0x01, 0xFF + cmp eax, 0 + jnz TerminateSevGuestLaunch + + ; Ask hypervisor to change the page state to shared using the + ; Page State Change VMGEXIT. + ; + ; Setup GHCB MSR + ; GHCB_MSR[55:52] =3D Page Operation + ; GHCB_MSR[51:12] =3D Guest Physical Frame Number + ; GHCB_MSR[11:0] =3D Page State Change Request + ; + mov eax, (GHCB_BASE >> 12) + shl eax, 12 + or eax, GHCB_PAGE_STATE_CHANGE_REQUEST + mov edx, (GHCB_PAGE_STATE_SHARED << 20) + mov ecx, 0xc0010130 + wrmsr + + ; + ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it + ; mode, so work around this by temporarily switching to 64-bit mode. + ; +BITS 64 + rep vmmcall +BITS 32 + + ; + ; Response GHCB MSR + ; GHCB_MSR[51:12] =3D Guest Physical Frame Number + ; GHCB_MSR[11:0] =3D Page State Change Response + ; + mov ecx, 0xc0010130 + rdmsr + and eax, 0xfff + cmp eax, GHCB_PAGE_STATE_CHANGE_RESPONSE + jnz TerminateSevGuestLaunch + cmp edx, 0 + jnz TerminateSevGuestLaunch + +InvalidateGHCBPageDone: + OneTimeCallRet InvalidateGHCBPage + ; Check if Secure Encrypted Virtualization (SEV) features are enabled. ; ; Register usage is tight in this routine, so multiple calls for the @@ -450,6 +519,19 @@ clearGhcbMemoryLoop: ; OneTimeCall CheckHypervisorFeatures =20 + ; + ; The page table built above cleared the memory encryption mask from t= he + ; GHCB_BASE (aka made it shared). When SEV-SNP is enabled, to maintain + ; the security guarantees, the page state transition from private to + ; shared must go through the page invalidation steps. Invalidate the + ; memory range before loading the page table below. + ; + ; NOTE: the invalidation must happen after zeroing the GHCB memory. Th= is + ; is because, in the 32-bit mode all the access are considered p= rivate. + ; The invalidation before the zero'ing will cause a #VC. + ; + OneTimeCall InvalidateGHCBPage + SetCr3: ; ; Set CR3 now that the paging structures are available --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74644): https://edk2.groups.io/g/devel/message/74644 Mute This Topic: https://groups.io/mt/82479067/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 18:16:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74645+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74645+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619783555671120.05536038566675; Fri, 30 Apr 2021 04:52:35 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id QWUDYY1788612xp1LyTOzhii; Fri, 30 Apr 2021 04:52:35 -0700 X-Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web12.10214.1619783548337545009 for ; Fri, 30 Apr 2021 04:52:32 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LkQNRi4iMxyAshRfeyIMps3c3H0TK+NRW1rVwGg8CGq/4IAvrjjWoIeIMR3EJWU4Wv9JS8UeR5JqSA9JOoAhgIK4a8ZriuJHfml0A4pdvjyMA73kK/8VROsfcyo4lL7xNWF6M0FFWFsNOnxrb8/ieuGRHwEyKRup0YGnrfSiopWr4PotJKxMSBWOB62+0cZ/0NfkxWou/PYGb/FY1lye6Z6Se7jFEUsrd/4rxX4SvMUjXMBCi6BUw11s8TXv3h/mHGMhyY5zI/DIBrNmYFls98TlP+hmLtIpnCLdMi9NvYocy4ETCwc38GEYh5ZHzy+/vxfA7Z/wCX2YE29PP3PiEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n1Xxssj3ZzWd3ARlI4yH2YXaK1fakrp5X8She7NzXYI=; b=lGhroJ4c55HuUSDaS8zZmh5Ix8QTSoczvxtFyTw8fhrZpj83EEO02wbd8eZ8JGLCQZ4oEeJuYpSXRfl/A2oxPk0MtXgb8fJimKXVITArNMwoN8RVyKLSxzduxI17NfYDApxXAvVlWJvPU6D6gpVIrjKmmIUlh30MYAIcLnQVPEAc2fo/GIHHpreYEsRFKRyAoDIotU5FhXZljjB1UHhd57FZgLJQFeJcvQ7QQQSvfnGv7EGNXd1S9f5qugxtOooK8YVzNYehm4SLCRdoxPplZggb+i7z70G/dNDSE2U0Z3njHy2LV3CY+Bjit9vg9S5z6ognZH5K27pqASt3GfCTBQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2783.namprd12.prod.outlook.com (2603:10b6:805:78::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.25; Fri, 30 Apr 2021 11:52:27 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:27 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 18/28] OvmfPkg: Add a library to support registering GHCB GPA Date: Fri, 30 Apr 2021 06:51:38 -0500 Message-Id: <20210430115148.22267-19-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:26 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: bf64e3e7-fc2c-442a-3542-08d90bce6d29 X-MS-TrafficTypeDiagnostic: SN6PR12MB2783: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: w/dOtqMjydFG5RpNxM6Zb55d3WxuO4a5/3o9wciSGFvsauZoer/gbEmbm/A+BNwkWTQCHRMWgAZnRJ5dOn7K5mueTWFSoKqiuOtsC256D5pdi0vuScgO6dCNxWjntyBwVruoMOKjJzK5equzIwCCJLm2utvClu+7/AOeCaFnKri95KjX7k8MDTVkJyNLBTPEPe/nvCnHLGQaqYYemmNXMwz1nl6PjUgq7hwnmx7RSKUfCfNyLxWiHEvPxJAs6RPC6GvfUq4r2b9u9CgpWY0cBNR+JLtMwC1RzkV7nQOqjpZGE8NCbmzH6DuE18J4UjvfXXdmrle1UQuBAjoBNmo8z3tePK5reHMV+xIJrrNJU6CwkH74p05bd5ygxZe7xWmI8AZbPOEc7sGj7fqsP2OMoRWACQbnJU7z60wYYmCPUKh20p1aGDB3iawI6sBi6zWR/t7+/6vrcfbDZAYVHNpYEaDge7/nCf842gpgYkbCitP5krsABbqIqAfk6zifKEncsQ05fUEJDm9e5oiu3FOc1BRw5QosDa+ODVQulj8LBgQkqXZtN0WEAjCeI50anwr8tHtka9kDUWYe+G19myKa5OoaN5jq1cb9tZ4D8Tb+XDl3TmQt2oAEkYNu436LX1ZNh9bK7o8StcQjU5iDlMmur83vFqmXkxBR1a3cbFRZY06J2LXGhlx9Tgp9tvumMn5xyj+Q3H5n7T8g3djuJs51VOQWjDTrP+HVBjPGkXP+ZJk= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?YIuNxIbjO2dEo0q6I8NK7g031kYrBntXa/RV3EgW59rlUd3YaleENqaFl6dE?= =?us-ascii?Q?/q1oeorKft3A751kC+AVlubYvDc+HY5xGxcsO5sKnuj6Chqt+9jAvbstHbea?= =?us-ascii?Q?NBcx2iJ11ijP5vXzmtixCzkil8aVo0S2+8ELNXdqgJjkdtxknjJKfE4sIlpA?= =?us-ascii?Q?8YLgQvnLOX6u/0ptzoOtR6A9dA3pRMH32D14ZmtxQWUUxIvtxdnq+woOomrP?= =?us-ascii?Q?kUMDvu3mv3sbrS2FeqduOCR7W1Fd6uGhPDvcDvCccyciAPGmdicR7f/WQgCM?= =?us-ascii?Q?6GlclaLMTX0RcEyLzOV35gqKC7D5gsB1y9Qj/hqZ/wBGTUfhicEdNsA0rWmG?= =?us-ascii?Q?PaWoJ09JXa5qmxN9WoQwkEt1c1O4xpqxMrD+qMDGOR9onjrU51x4lor6g/bT?= =?us-ascii?Q?5fmd7G+ijrMn2zsQ7iIOjPBHIN+cutKXVNb2NQ5rbGlJuISzLSmA6DLRLr+L?= =?us-ascii?Q?YSSsa32/dNLPMPDXcMWXInqpMTPsLnXvjG6yp552dKtXXDBdH/BFroPw7GhN?= =?us-ascii?Q?Ta26DHJwaz42ErHBXHEWDoN34EaVvnbI1ie/3zqzTF2LdRqhqON0xCp8wVRB?= =?us-ascii?Q?fICKqVYQB+LHJoQUWOvnGiuf4Hc7pCfIuhZQklSABXE/T7O1c3sM2nyLoXsE?= =?us-ascii?Q?vx0xc0PbGt8D4pFfWcYrk6Sf89ILWoe1RmGZXFTZ2yenGRrr15F/h6MmS9xz?= =?us-ascii?Q?CsQOEkP2NaxRuzHACRKlyPPv5+owjAaNZO08p5fnKjFbV1sNY5VNwIZxfouw?= =?us-ascii?Q?PPuRnd/f1L84HCb7zCC9u6X7rlVpWnTSOZcwYFsoqHeMzTUEF8+AJwcR1uYR?= =?us-ascii?Q?Kr6nFcysXjS8KE8E05k0tMqQIsRa5LaNPScJhNJGRn0jjB8LzQVSBUoDwOt8?= =?us-ascii?Q?3RNY1C8crMeJKgxBC3VDKv5Zpv7LGbgv3uRarFrvtYaxDV2m1GGx00V/oT5I?= =?us-ascii?Q?ePGkVmJ3zaczHPvurDvf+C4o/tZf4MM5heATaV4ZIfrwJyScYvR1dhSETM4l?= =?us-ascii?Q?+BuNKsHgRrwM0WocFdxe6LPQJ4e0J7AYTOpgKAq/PteBdhnViJ4icyIORL8h?= =?us-ascii?Q?AMzE4d/VZ7B4b2u4eaiesSiqNhVI+vF+kfWDh6M++7+8Cm9VjlkPJtWol8E9?= =?us-ascii?Q?ZtGwQJMFdLLMFWpl1faWLYnchv9ixCOULcJmIMYxAPeBBYq3IQCJ3BuZhk7x?= =?us-ascii?Q?EYMNH7N2DuSKgHCO/6X0l3/NxkMae/QYCd69iZzYIsu9oeYQ5uP6GSDDQWX5?= =?us-ascii?Q?dNX5fqyA6Dezyya4juhzHzdJymiiBThvWpEDCGfDLR/3T6xQDlrozVtmOuRc?= =?us-ascii?Q?KBJbHesv0YDJL5oJY/I0fEa3?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: bf64e3e7-fc2c-442a-3542-08d90bce6d29 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:27.3840 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Ta60irmSBaMx+fqonIOOC7OMCrXHncrKgG1c/7MhFgVqSb+A0QF0MEbTBsD00X7+9p5auNUtD0YJUycEeurImg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2783 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: 1Mul6PD1TLvx8wxY247S0ElHx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783555; bh=R4yPBALauNJPIm+KIaZOAcTmJH23hgdchBcY3CfzDrU=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=Hy/2Y9cb75O5fAkyNmAiAQlfRo9QBNo4n5meZwWCTJsPxHjOqq9zRbqsytNEfeo0Yis jquCAqPIDLFAGHODhe9VzoKGceDxKsrY7AaLcco6ageEEbwyJe5vXlCn6JnCRVcw6CtIP j1aPabn0v7PL/Sj6nNTg6CCadJF0ymsU7PA= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 An SEV-SNP guest us required to perform GHCB GPA registration before using a GHCB. See the GHCB spec section 2.5.2 for more details. Add a library that can be called to perform the GHCB GPA registration. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/Include/Library/GhcbRegisterLib.h | 27 ++++++ OvmfPkg/Library/GhcbRegisterLib/GhcbRegisterLib.c | 97 +++++++++++++++++= +++ OvmfPkg/Library/GhcbRegisterLib/GhcbRegisterLib.inf | 33 +++++++ OvmfPkg/OvmfPkg.dec | 4 + OvmfPkg/OvmfPkgIa32.dsc | 1 + OvmfPkg/OvmfPkgIa32X64.dsc | 1 + OvmfPkg/OvmfPkgX64.dsc | 1 + 7 files changed, 164 insertions(+) diff --git a/OvmfPkg/Include/Library/GhcbRegisterLib.h b/OvmfPkg/Include/Li= brary/GhcbRegisterLib.h new file mode 100644 index 0000000000..7d98b6eb36 --- /dev/null +++ b/OvmfPkg/Include/Library/GhcbRegisterLib.h @@ -0,0 +1,27 @@ +/** @file + + Declarations of utility functions used for GHCB GPA registration. + + Copyright (C) 2021, AMD Inc, All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _GHCB_REGISTER_LIB_H_ +#define _GHCB_REGISTER_LIB_H_ + +/** + + This function can be used to register the GHCB GPA. + + @param[in] Address The physical address to registered. + +**/ +VOID +EFIAPI +GhcbRegister ( + IN EFI_PHYSICAL_ADDRESS Address + ); + +#endif // _GHCB_REGISTER_LIB_H_ diff --git a/OvmfPkg/Library/GhcbRegisterLib/GhcbRegisterLib.c b/OvmfPkg/Li= brary/GhcbRegisterLib/GhcbRegisterLib.c new file mode 100644 index 0000000000..7fe0aad75a --- /dev/null +++ b/OvmfPkg/Library/GhcbRegisterLib/GhcbRegisterLib.c @@ -0,0 +1,97 @@ +/** @file + GHCBRegister Support Library. + + Copyright (C) 2021, Advanced Micro Devices, Inc. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include + +/** + Handle an SEV-SNP/GHCB protocol check failure. + + Notify the hypervisor using the VMGEXIT instruction that the SEV-SNP gue= st + wishes to be terminated. + + @param[in] ReasonCode Reason code to provide to the hypervisor for the + termination request. + +**/ +STATIC +VOID +SevEsProtocolFailure ( + IN UINT8 ReasonCode + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + + // + // Use the GHCB MSR Protocol to request termination by the hypervisor + // + Msr.GhcbPhysicalAddress =3D 0; + Msr.GhcbTerminate.Function =3D GHCB_INFO_TERMINATE_REQUEST; + Msr.GhcbTerminate.ReasonCodeSet =3D GHCB_TERMINATE_GHCB; + Msr.GhcbTerminate.ReasonCode =3D ReasonCode; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + AsmVmgExit (); + + ASSERT (FALSE); + CpuDeadLoop (); +} + +/** + + This function can be used to register the GHCB GPA. + + @param[in] Address The physical address to be registered. + +**/ +VOID +EFIAPI +GhcbRegister ( + IN EFI_PHYSICAL_ADDRESS Address + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + MSR_SEV_ES_GHCB_REGISTER CurrentMsr; + EFI_PHYSICAL_ADDRESS GuestFrameNumber; + + GuestFrameNumber =3D Address >> EFI_PAGE_SHIFT; + + // + // Save the current MSR Value + // + CurrentMsr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + + // + // Use the GHCB MSR Protocol to request to register the GPA. + // + Msr.GhcbPhysicalAddress =3D 0; + Msr.GhcbGpaRegister.Function =3D GHCB_INFO_GHCB_GPA_REGISTER_REQUEST; + Msr.GhcbGpaRegister.GuestFrameNumber =3D GuestFrameNumber; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + AsmVmgExit (); + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + + // + // If hypervisor responded with a different GPA than requested then fail. + // + if ((Msr.GhcbGpaRegister.Function !=3D GHCB_INFO_GHCB_GPA_REGISTER_RESPO= NSE) || + (Msr.GhcbGpaRegister.GuestFrameNumber !=3D GuestFrameNumber)) { + SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL); + } + + // + // Restore the MSR + // + AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr.GhcbPhysicalAddress); +} diff --git a/OvmfPkg/Library/GhcbRegisterLib/GhcbRegisterLib.inf b/OvmfPkg/= Library/GhcbRegisterLib/GhcbRegisterLib.inf new file mode 100644 index 0000000000..8cc39ef715 --- /dev/null +++ b/OvmfPkg/Library/GhcbRegisterLib/GhcbRegisterLib.inf @@ -0,0 +1,33 @@ +## @file +# GHCBRegisterLib Support Library. +# +# Copyright (C) 2021, Advanced Micro Devices, Inc. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D GhcbRegisterLib + FILE_GUID =3D 0e913c15-12cd-430b-8714-ffe85672a77b + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D GhcbRegisterLib + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D X64 +# + +[Sources.common] + GhcbRegisterLib.c + +[Packages] + MdePkg/MdePkg.dec + OvmfPkg/OvmfPkg.dec + UefiCpuPkg/UefiCpuPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 3d5574364b..70948ab478 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -106,6 +106,10 @@ # XenPlatformLib|Include/Library/XenPlatformLib.h =20 + ## @libraryclass Register GHCB GPA + # + GhcbRegisterLib|Include/Library/GhcbRegisterLib.h + [Guids] gUefiOvmfPkgTokenSpaceGuid =3D {0x93bb96af, 0xb9f2, 0x4eb8, {= 0x94, 0x62, 0xe0, 0xba, 0x74, 0x56, 0x42, 0x36}} gEfiXenInfoGuid =3D {0xd3b46f3b, 0xd441, 0x1244, {= 0x9a, 0x12, 0x0, 0x12, 0x27, 0x3f, 0xc1, 0x4d}} diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 1730b6558b..f9355172d6 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -243,6 +243,7 @@ [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf + GhcbRegisterLib|OvmfPkg/Library/GhcbRegisterLib/GhcbRegisterLib.inf =20 [LibraryClasses.common.SEC] TimerLib|OvmfPkg/Library/AcpiTimerLib/BaseRomAcpiTimerLib.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 78a559da0d..3f27d7b90d 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -247,6 +247,7 @@ [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf + GhcbRegisterLib|OvmfPkg/Library/GhcbRegisterLib/GhcbRegisterLib.inf =20 [LibraryClasses.common.SEC] TimerLib|OvmfPkg/Library/AcpiTimerLib/BaseRomAcpiTimerLib.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 593c0e69f6..92447f6a2d 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -247,6 +247,7 @@ [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf VmgExitLib|OvmfPkg/Library/VmgExitLib/VmgExitLib.inf + GhcbRegisterLib|OvmfPkg/Library/GhcbRegisterLib/GhcbRegisterLib.inf =20 [LibraryClasses.common.SEC] TimerLib|OvmfPkg/Library/AcpiTimerLib/BaseRomAcpiTimerLib.inf --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74645): https://edk2.groups.io/g/devel/message/74645 Mute This Topic: https://groups.io/mt/82479068/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 18:16:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74646+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74646+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619783560405475.2716593358351; Fri, 30 Apr 2021 04:52:40 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id saeHYY1788612xb5KK9QQ8Oc; Fri, 30 Apr 2021 04:52:40 -0700 X-Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web12.10214.1619783548337545009 for ; Fri, 30 Apr 2021 04:52:32 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SmixlN/lszU8vk4C/NjIysOYY+EkFPH4hs9ccMp0BGaalYjkyOEwu63TT+zXi3j6YYGs4tg6LTBXoBD2wobWiCRqDh7YHKnWQIjxXN/bXTT5fFnYT4gdL/s6KGLq/gzCs3Lv+nYTH7i/iJyLDEO/su5dcDU3d6M6Ri9ju4v1XW/1rgQX7EXrza2oXWolEqDKYzmlhE9tfsDxEjtG83W235dyxs90dMQpZ5B6yuQTsjx7x7xn6L7VzhmvG5snMg6Cn2/pr2CUm5Mu+4djcnMyqsM8rc9i9NyqzDLeHraT1eZfXVeizXTHpiqKXQfZKR00+WjP8EvQe0tpQqCYQ5sQig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Kp1ZI7VXktWhJCqnyfDWwUVLAAiWWI0we+IoMq8ybZU=; b=msQAnC9/zAiDucyOV4uB1v8/iCFBaEel/LlnHCB/+CVFyUUdA8x78dsttZ3OnAc499hffzEnh5iDwtqrZksrHttHtkSgL5RHLTPRCJYHCetltCCaqVT7AtvqtFkyx81vTIbExllUGubcrGI8jKhT3Hmr+e87k1/8ENrK8OkIUiDMMFnXCnlohXZrVtIJjflv1LpiseAPeeHD8dcRGGczzBltq0sgfmw2HXRPfXMTZJf7ipinntnHVK0PobnWZwSqNdxzNgOTI885vUQKNZet+2rWOm1Vj1av6qKLkikFhFFljKJT8XinjTHEBpQaz1/A63LnZ1+AZdayYQoRA6Y2IA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2783.namprd12.prod.outlook.com (2603:10b6:805:78::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.25; Fri, 30 Apr 2021 11:52:28 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:28 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 19/28] OvmfPkg: register GHCB gpa for the SEV-SNP guest Date: Fri, 30 Apr 2021 06:51:39 -0500 Message-Id: <20210430115148.22267-20-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:27 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ba0e433c-a3fe-4516-968e-08d90bce6d89 X-MS-TrafficTypeDiagnostic: SN6PR12MB2783: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: r3kNdlFcCWRo45iTrGVzf2ZTAL+WdxdUXEikmvi/AhFTnlHS3watIgElV/77AqNaERJnBKz2roMMZaqldN3LjwCGaURHWQDphVfkMTw6Ed7t4Ej+rUzF/XnFyUmNE1qx6GP8V9PUumP3Z/3aJOFDKixTpmWsMIAfRItkaX+F+VohU2E3tgFw9Y2PtHzRQ22kN4NY7W/HnZPtFJ5/KYx0NuJkECHUi0sUuVMMukseSbtliCEhogN5HBxGcAkcTSOBUp7F1yk/QSGgo1DU0EsDpTnw0ApvLRjW88PX7R+fiN5FTACm/Ch+2+PbIoEBiR4q2mp2Zk2hCJBnfadElxyRaMJ0uj34W543NG9RIQnv2YWrEWNBi2E+ExiMuLX/JzKDMW39VSrSCDejYaZZwugYKjWMLfhQlH8FHLciblr2so++EdrlicqJJ7KeFgqaQp4I114d0kYrUQybWRtBFmu9nRawxyljGX+3lzY3wIg8qDjLNj2JeHXMq/PjM3MeVSoeKNNtMgyvwO2Aq2x34Ytq2V3yoOUeHE6S8lDJoDkPi6O2e4tiAcLK2y5tYPOK7t+K0rfF71RqJtBZMPxxxqKOoki/vdCx1dsAQgYU0vgfHtgiRx0umDv2NFAbOxbVoZUkEInYxBmTr/VXjvqGtJlFMv+hc9PIck9Y2G4zJ0wWwQWwgyw3zSSh8u81DdRLQbjeqn97zjpeYt18x+RkRwntgc74O1Xm+csPIFh3tRKnHSE= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?XHOweRLDatikK2y7NhMLuXlHkDBY91FybmUzJ/75giTQRGEwF25ZKEpPlJDK?= =?us-ascii?Q?WsEXDg/wo27e8t+ZV6Kw2RhTyBMy908L4+1IxLYOSEBLGsHEm5TINNbNrxL+?= =?us-ascii?Q?rC4ljVMA0/b+LEN+cjoIt93rEAmjFvzj4Z3dlRCqK7dD+FAix52f8ysryvBT?= =?us-ascii?Q?EbVNdOmckoDm2KJHXJZv4uYNZCppl6BADaqZ+S1Coeroad3iHodXsYfqL+MY?= =?us-ascii?Q?Asgs81Z2quAn8Z/FIKQHf4uLMIMP5eHMNyJ1cfopzeRZ7vdyLAQVnDHNHk6v?= =?us-ascii?Q?HJmyaEmH2h6hgVb9b78S4NivFjVk7h+J6S0NK2rgbZnC1hIW29Z3xq/cKWXz?= =?us-ascii?Q?p3ly3uHTtf8C3c5ygo+2g33qj9KHWcjxAoCBoHhFyiJY/l7wh5ceEZzCiDCg?= =?us-ascii?Q?6g9+zidWaViI3YNhFmNg8VvWbahxthtr4o8IkPuQvxMz9ODVnhbet+Dea5WK?= =?us-ascii?Q?5KHKiS55UObTyd6ac08JLqipgIpdj6imwESRlTRBT7y3BGoOQ+J/A8q8Ly4e?= =?us-ascii?Q?IyLtzQmZNtCJesXPoQv1uFJmhMcrnzlxPUcfuIJZbY4QpmHykDWwC/XaiGZ6?= =?us-ascii?Q?yjpZEzmx+CifQc58Z2MR+uo134Bvma24+C8No8Orx9brfA/rOe7XY4WDopTw?= =?us-ascii?Q?TLccqCv4ea4QiN5mF95D7T9sFdZrIh1+mP1eQ0gnpSVnEAmEOrTrsWIrlHwt?= =?us-ascii?Q?ntu4AhOSulpaLgsqUbfLvlrBk2WtofMZ8LqR2gFKNm7zj9CbyHo9nJHKf1c5?= =?us-ascii?Q?OXAwg0WM4W64fDc5tIdxPeKJN+YdCCwc2one4XhRIgWzkukaFXxXCM8dtZdc?= =?us-ascii?Q?wHYxRmCSzc7zhi6t5+jR9oFPYNibLBdQZ4pEgupSQpq9CzQkUq13VHVx3R3r?= =?us-ascii?Q?Djm7MnJG7DKtv2Qkb09/2paxcicHVPZLG8SA+8j9AtYQFP7qlVw6lWQWkv36?= =?us-ascii?Q?KE36rXGIGQex8r0JdEHfn0Z6ZkTnKGpT2heMfMJlZOSC8MslJccIFRqdWxs3?= =?us-ascii?Q?xmDFzSe1Ev3xvxwmPpppFclaPwWF9BGKy4/bjqMBO8vF97BfWkUnMTFyDNn7?= =?us-ascii?Q?8VafDaPxlebMdow9P51QAkM6q6Rgf/6Rf0i+KfJ64ZI4aBPB27Dv7ezgqbg8?= =?us-ascii?Q?JnNls4a4xaalP9s8f9xA83NlS1RZbTn0FmNAEoWObrDYCGAPC/hM0ym8vor0?= =?us-ascii?Q?o2p+IXn/WcggeuMYHE6EBFjlNkKRdOUf2UjcWj/+bxg7kgrcv+gNwzdLGqDV?= =?us-ascii?Q?9OuIIhEPMr815eBYC/SvrAERR9SHLlQ8gJNM+kwkkixJ931sJvt5raTAbKXB?= =?us-ascii?Q?K3m5e+JK1BlLDCksIi0h6tLU?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: ba0e433c-a3fe-4516-968e-08d90bce6d89 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:27.9777 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: cB2FZGTz4PRimRGGqOmUiiNvVeKryIrqmlqiM6oCLaZghfuNasH7Che4LFbUhvgg0HNvrSDSyO7M8KVtOU7ofA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2783 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: izTKgXB8mz8qrLAmBfdv1xVvx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783560; bh=AlDVW0yRREjst3XsGDBe548jMvwweXaoMgSWlYjItxk=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=Po8gHN305BlmFIALm6us8eu2TWcvOaQlANBKZrM3Hh6v+o8QyF+B8cIc+RIZnqOyuGC wQlmalSUo7KBf22vUT27DzuiTrU9IYq3/HyuIJ76b/QysC5npoMUUcAG2h6JL9+XNq1hB A1tXdY7y7zt6hKKZSh6+or4/tVNjeBsoGs4= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The SEV-SNP guest requires that GHCB GPA must be registered before using. The GHCB GPA can be registred using the GhcbGPARegister(). Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/PlatformPei/AmdSev.c | 8 +++ OvmfPkg/PlatformPei/PlatformPei.inf | 1 + OvmfPkg/Sec/SecMain.c | 76 ++++++++++++++++++++ 3 files changed, 85 insertions(+) diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index 81e40e0889..54b07622b4 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -14,6 +14,7 @@ #include #include #include +#include #include #include #include @@ -156,6 +157,13 @@ AmdSevEsInitialize ( "SEV-ES is enabled, %lu GHCB backup pages allocated starting at 0x%p\n= ", (UINT64)GhcbBackupPageCount, GhcbBackupBase)); =20 + if (MemEncryptSevSnpIsEnabled ()) { + // + // SEV-SNP guest requires that GHCB GPA must be registered before usin= g it. + // + GhcbRegister (GhcbBasePa); + } + AsmWriteMsr64 (MSR_SEV_ES_GHCB, GhcbBasePa); =20 // diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index 89c8e9627c..e9a10146ef 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -52,6 +52,7 @@ BaseLib CacheMaintenanceLib DebugLib + GhcbRegisterLib HobLib IoLib PciLib diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c index 9db67e17b2..7c9650ba8f 100644 --- a/OvmfPkg/Sec/SecMain.c +++ b/OvmfPkg/Sec/SecMain.c @@ -750,6 +750,76 @@ SevEsProtocolFailure ( CpuDeadLoop (); } =20 +/** + Determine if SEV-SNP is active. There is a MemEncryptIsSnpEnabled() in M= emEncryptSevLib + but we can not use it because the SEV-SNP check need to be done before t= he + ProcessLibraryConstructorList() is called. + + @retval TRUE SEV-SNP is enabled + @retval FALSE SEV-SNP is not enabled + +**/ +STATIC +BOOLEAN +SevSnpIsEnabled ( + VOID + ) +{ + SEC_SEV_ES_WORK_AREA *SevEsWorkArea; + + SevEsWorkArea =3D (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAr= eaBase); + + return ((SevEsWorkArea !=3D NULL) && (SevEsWorkArea->SevSnpEnabled !=3D = 0)); +} + +/** + The GHCB GPA registeration need to be done before the ProcessLibraryConst= ructorList() + is called. So use a local implementation instead of including the GhcbReg= isterLib. + + */ +STATIC +VOID +SevSnpGhcbRegister ( + UINTN Address + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + MSR_SEV_ES_GHCB_REGISTER CurrentMsr; + EFI_PHYSICAL_ADDRESS GuestFrameNumber; + + GuestFrameNumber =3D Address >> EFI_PAGE_SHIFT; + + // + // Save the current MSR Value + // + CurrentMsr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + + // + // Use the GHCB MSR Protocol to request to register the GPA. + // + Msr.GhcbPhysicalAddress =3D 0; + Msr.GhcbGpaRegister.Function =3D GHCB_INFO_GHCB_GPA_REGISTER_REQUEST; + Msr.GhcbGpaRegister.GuestFrameNumber =3D GuestFrameNumber; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + AsmVmgExit (); + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + + // + // If hypervisor responded with a different GPA than requested then fail. + // + if ((Msr.GhcbGpaRegister.Function !=3D GHCB_INFO_GHCB_GPA_REGISTER_RESPO= NSE) || + (Msr.GhcbGpaRegister.GuestFrameNumber !=3D GuestFrameNumber)) { + SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL); + } + + // + // Restore the MSR + // + AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr.GhcbPhysicalAddress); +} + /** Validate the SEV-ES/GHCB protocol level. =20 @@ -791,6 +861,12 @@ SevEsProtocolCheck ( SevEsProtocolFailure (GHCB_TERMINATE_GHCB_PROTOCOL); } =20 + if (SevSnpIsEnabled ()) { + // + // SEV-SNP guest requires that GHCB GPA must be registered before usin= g it. + // + SevSnpGhcbRegister (FixedPcdGet32 (PcdOvmfSecGhcbBase)); + } // // SEV-ES protocol checking succeeded, set the initial GHCB address // --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74646): https://edk2.groups.io/g/devel/message/74646 Mute This Topic: https://groups.io/mt/82479069/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 18:16:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74647+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74647+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619783560862269.82958121907814; Fri, 30 Apr 2021 04:52:40 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id pOnUYY1788612xBWdNQaRpRx; Fri, 30 Apr 2021 04:52:40 -0700 X-Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web12.10214.1619783548337545009 for ; Fri, 30 Apr 2021 04:52:33 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=erDWAtA0dWmwGfZtnpG3jPKrCcYpHvpYfqKDFK2Cav/BX2uTk++b84QmG1hzqq/7KXOQbpx9rcOFiKykcFN8UMYHSfUPuClGKPddi+5lpYOfJvSWGa2r0LEAG6dHXgZtCoMMQ5bp7MjkEd2igt8jXvGSXIqoEzva9EkMomrKCwNwwuC3EhBL3KmKF9t+rNzHJ7hg44LfYqsOQtMmFaQ0//7hhfid79pvp3NWeMLKYaEMz2ZPs9OIeXLv1wEfNG/VihgvXnA9eDHvFo7DCUbJfjAloyXzIrKW8q5VOt+UXyufL/UX7jJ4ZuHYKtoRoylRngHH5YU6q3KhEBotYxmVYA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+eaFDBHcxTXdu7BbiL2txUueAZTC2NRH7otZw8Y7Eao=; b=Oev7HpztSqrtNEj0rsQf0OsD0pamb8bgV9rSo0JfiDbEckP7yz+DL7R+E6UMUhawvaY/Uv924F7vurLEItAoQ+yeBWCZNoDwU5DGnFFtUJ8WeJuZgf44ThGXcXWfaZ5SPfWwWk3AebCTmMcDJLDVPQ8PgPlhFUG4Dye3DM+55LRqfpvgSjI6RQUja/6hYtz9rg7l8DrItBZOXiz3gBtp3Pg3oyjNrTg31ZL2L7ZGDN3ZMXynmrd3CfPtNw/oz7jKLi/kjWbc9wJITKDmUmoJb3KPAg4F9d1ubo4U23q013CMWtsRTG9HQo7j+0vYuKYsms+P30S/YvwvwJh5CsHqRg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2783.namprd12.prod.outlook.com (2603:10b6:805:78::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.25; Fri, 30 Apr 2021 11:52:28 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:28 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 20/28] UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is enabled Date: Fri, 30 Apr 2021 06:51:40 -0500 Message-Id: <20210430115148.22267-21-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:28 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 270dd125-43bc-4270-39c6-08d90bce6dde X-MS-TrafficTypeDiagnostic: SN6PR12MB2783: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: xv+L/iNLci5KRXG3084NhyHRuoqr/MaXBHMykWHKnusYKUj0mFl8AOLleXut6ozsOSFiK6YApBbpQ1le4gWxqe1LpbxJ1iW+M8hJ/cB59umIzR7TNVvTli/FYangFe6tkeLmI29+VF4Y+F9HIHNegsF8obyNWsm/GG5mbEwEQDX4k4j/8cCk94VpGScQoLzJUivnzj2ulH/sRXykFM+XQPBVtziMLSIVUtqJw0qhS9lVBQ6npfSQD7cF9rVItq+o4E2Nh89DNU6VOn6EWDWyXSXvXS3vditQ1XYlXBdXqHt6z9OcvMtAIN5c2+UzOU0rJ/SjluMe82cRpLUnaDVR3XfWpd9wbiOLhcORYDvMTBQuPFyca1697eu/ifxhE96NokKcqEM0+olJMFQrtOP/OQ55I2y4VOZRESdKK9jc5JpJSrIp/8wvHRlpbpbArqhmcR1xAXyLO1uV0z56m2YRkdf60MO18Mzj04tdMhbElJ8W/TOJGbA/FzQ3zx4gMfbMVd9p/hVMwmsePf0o7rDLB3xxTrrqlydr6weZ0FpgYqU7eqLq5zNOIFbYI8Vd9/KlJ7vN3AnCteNQFR9fhSvQDVA2UIKhE3tk6+ClWD3ipR9sjsaVBtjENE10wipe2vkZqYZ32HcsA2mDWITP+BrNZkpU6A5IYMUOTmWPATOCwb+3bQ9tuHE7oNC+iFOMAV3+atYS+upnOQKR8yv6wzHtG5b3htl6IZvBedJD7Hq57PQ= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?7XNTFxhcJeSQDE0qZPDgr8JhpIgSH+gnXwzDW4mxDO7sfl5KFXdvuQU+DY5C?= =?us-ascii?Q?LzaCsGr4cnjo/X/K+B7d711Wprih1NbRsa31Pa+lM1rxJsdgtxrBAei9a61V?= =?us-ascii?Q?i36sCV/a/0S8c4iEm4mrv0Ytouu7I+ap4q1z/ml80N18Ic5GlsYst1iv2TMv?= =?us-ascii?Q?W1jLEChrG9zDelWKp39sdr6YrhutRozIMSjKH1EUkU75wynHWHeWsQmv8Yu2?= =?us-ascii?Q?iWd6R89FJEMhcptorpGjfzZWJssMlqoLQ6PI7Irqc7faeHlRiNAfyorQBKvW?= =?us-ascii?Q?bM4ihI5T99bDx7eXPnlOpJ0K+jg/PaLOPYf9KbXU1iPjA9hxD7e0jcFtYXKz?= =?us-ascii?Q?TqZblqoZSlDte3mKcz25ujtKkT2STgWLJYGoF+s0XViYpk0jGYpzFrFdKfHV?= =?us-ascii?Q?ytdF1U7F0kbbGjhfgqCF+QwnBMm45tRVW1WyrHKXS96Rh3MmHCLezryIjxqt?= =?us-ascii?Q?t/uLQePBWEkbeO0SNpxlF1H32JTzP7ikqAqI/1Qq/46nVnPu+AdcopRorLH5?= =?us-ascii?Q?8GzrnLmSQO8157v+1eE7L+i6vbB1QrH4NJ+TH2umMEOj3Z/yVRBPm/6gQtVr?= =?us-ascii?Q?XKdS5cYGUubUBuXGFtwdLOIUPxyHEQEONqDLGd5jKHG3zUgdIVxiVzPfoSHj?= =?us-ascii?Q?zhnWXLw9bn3bwBc1Xd8LXiaokfQW1ZOFThuP2uaCZNR/n7LgeuWfUWIZKRLN?= =?us-ascii?Q?CVkgcmdmLVvK0KY+WVFDaDHO9v7ms2Mc2SbluhVSP/ukFTQRJSPvnEejaLVe?= =?us-ascii?Q?d8sefDBUsoGY+58akeBVJJULAtTC579IRjzL8AcyoIhLVoZ/rYp2SUGetENI?= =?us-ascii?Q?nNahxXKZiIBOlhMdMXMIMSUEYTtKCsGvaUM2CqSGgxRsPv3+fiiZrRgQRlNn?= =?us-ascii?Q?eRnEu3HMkeC5z8VqEZTgI9F/Qtc4k9BlnLjO/0YyzxytLAA5YRrab9YjY2aE?= =?us-ascii?Q?0EFBD01XJF9YOcwwvPVg/3Qq1EF1VdivK15mMJSDBkVjhE2tmRpgHYYkbnB4?= =?us-ascii?Q?k/TEB69brZ7DrHhmzz/B4nxljwLzIOhDuwJGZG68USP1+34qtPpOp5OMmOt+?= =?us-ascii?Q?XHXPoRX8ubo8EZRTCTpU2zvnLgrtj5iEhCCm5P/p1RHwHSDhVQ+eve96K3Wk?= =?us-ascii?Q?3Tny41k1GzHDbrVo+fXo5GE7USgd4+huiEMbqFGUPNORo6claKdgPPnZC+8T?= =?us-ascii?Q?8lX7MmgJHk3DorKztogvbSKxuth4UxUTy9Bgpn4uLXAN5aD9Zn8dMYJ/kbKj?= =?us-ascii?Q?lK9yLrGcKrb737yVccMmHLkEjfBElxLuemsyWOH3zDREvRtvJk0Dw7zADOSw?= =?us-ascii?Q?9e5vaDSOxCCMUHea/b0/wHl9?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 270dd125-43bc-4270-39c6-08d90bce6dde X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:28.5743 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: XxU+oWGxbbSbBSnJlQFheECt7gRtkjGGSwL62oCskgqYVmDWRgj7liVElcxugsZeJkma6mwQH1MISVaavC63zg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2783 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: He2pdgvhCoy5OjyMrehVmhfIx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783560; bh=vZ6ZukqFs97t2USIaF9hSD3Qz+Awjeqe/h8laUYGIbA=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=TrYPkcLCRlf+Bq/dnSd4uSZLyydNjGj3u29KEfxYFIYrRIWT1ubl4/Q9GY4BHEGDdGW /+jESQfCBe3UKLKV4RECQpswOQmK5SnGN8FFvAm3Tia5jDkW51wQFlhj9mdlBuHwQLi4p 20zcRpy2zig/HbzkmrkKAjowVEerZdgsh0s= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 An SEV-SNP guest requires that the physical address of the GHCB must be registered with the hypervisor before using it. See the GHCB specification for the futher detail. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/MpEqu.inc | 1 + UefiCpuPkg/Library/MpInitLib/MpLib.c | 2 + UefiCpuPkg/Library/MpInitLib/MpLib.h | 2 + UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | 51 ++++++++++++++++++++ 6 files changed, 58 insertions(+) diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/DxeMpInitLib.inf index d34419c2a5..48d7dfa445 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf @@ -76,3 +76,4 @@ gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## = SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## = CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## = CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled ## = CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc b/UefiCpuPkg/Library/Mp= InitLib/MpEqu.inc index 2e9368a374..01668638f2 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc +++ b/UefiCpuPkg/Library/MpInitLib/MpEqu.inc @@ -92,6 +92,7 @@ struc MP_CPU_EXCHANGE_INFO .ModeHighSegment: CTYPE_UINT16 1 .Enable5LevelPaging: CTYPE_BOOLEAN 1 .SevEsIsEnabled: CTYPE_BOOLEAN 1 + .SevSnpIsEnabled CTYPE_BOOLEAN 1 .GhcbBase: CTYPE_UINTN 1 endstruc =20 diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpIn= itLib/MpLib.c index 3d945972a0..c5a5da3984 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c @@ -1040,6 +1040,7 @@ FillExchangeInfoData ( DEBUG ((DEBUG_INFO, "%a: 5-Level Paging =3D %d\n", gEfiCallerBaseName, E= xchangeInfo->Enable5LevelPaging)); =20 ExchangeInfo->SevEsIsEnabled =3D CpuMpData->SevEsIsEnabled; + ExchangeInfo->SevSnpIsEnabled =3D CpuMpData->SevSnpIsEnabled; ExchangeInfo->GhcbBase =3D (UINTN) CpuMpData->GhcbBase; =20 // @@ -2016,6 +2017,7 @@ MpInitLibInitialize ( CpuMpData->CpuInfoInHob =3D (UINT64) (UINTN) (CpuMpData->CpuData + M= axLogicalProcessorNumber); InitializeSpinLock(&CpuMpData->MpLock); CpuMpData->SevEsIsEnabled =3D PcdGetBool (PcdSevEsIsEnabled); + CpuMpData->SevSnpIsEnabled =3D PcdGetBool (PcdSevSnpIsEnabled); CpuMpData->SevEsAPBuffer =3D (UINTN) -1; CpuMpData->GhcbBase =3D PcdGet64 (PcdGhcbBase); =20 diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpIn= itLib/MpLib.h index e88a5355c9..4abaa2243d 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.h +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h @@ -218,6 +218,7 @@ typedef struct { // BOOLEAN Enable5LevelPaging; BOOLEAN SevEsIsEnabled; + BOOLEAN SevSnpIsEnabled; UINTN GhcbBase; } MP_CPU_EXCHANGE_INFO; =20 @@ -287,6 +288,7 @@ struct _CPU_MP_DATA { BOOLEAN WakeUpByInitSipiSipi; =20 BOOLEAN SevEsIsEnabled; + BOOLEAN SevSnpIsEnabled; UINTN SevEsAPBuffer; UINTN SevEsAPResetStackStart; CPU_MP_DATA *NewCpuMpData; diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/PeiMpInitLib.inf index 36fcb96b58..ab8279df59 100644 --- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf @@ -65,6 +65,7 @@ gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled ## CONS= UMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## SOME= TIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONS= UMES + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled ## CONS= UMES =20 [Ppis] gEdkiiPeiShadowMicrocodePpiGuid ## SOMETIMES_CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm b/UefiCpuPkg/Lib= rary/MpInitLib/X64/MpFuncs.nasm index 50df802d1f..19939c093d 100644 --- a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm +++ b/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm @@ -194,9 +194,60 @@ LongModeStart: mov rdx, rax shr rdx, 32 mov rcx, 0xc0010130 + + ; + ; Register GHCB GPA when SEV-SNP is enabled + ; + lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevSnpIsEnabled)] + cmp byte [edi], 1 ; SevSnpIsEnabled + jne SetGhcbAddress + + ; Save the rdi and rsi to used for later comparison + push rdi + push rsi + mov edi, eax + mov esi, edx + or eax, 18 ; Ghcb registration request + wrmsr + rep vmmcall + rdmsr + mov r12, rax + and r12, 0fffh + cmp r12, 19 ; Ghcb registration response + jne GhcbGpaRegisterFailure + + ; Verify that GPA is not changed + and eax, 0fffff000h + cmp edi, eax + jne GhcbGpaRegisterFailure + cmp esi, edx + jne GhcbGpaRegisterFailure + pop rsi + pop rdi + + ; + ; Program GHCB + ; +SetGhcbAddress: wrmsr jmp CProcedureInvoke =20 + ; + ; Request the guest termination + ; +GhcbGpaRegisterFailure: + xor edx, edx + mov eax, 256 ; GHCB terminate + wrmsr + rep vmmcall + + ; We should not return from the above terminate request, but if we do + ; then enter into the hlt loop. +DoHltLoop: + cli + hlt + jmp DoHltLoop + GetApicId: lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevEsIsEnabled)] cmp byte [edi], 1 ; SevEsIsEnabled --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74647): https://edk2.groups.io/g/devel/message/74647 Mute This Topic: https://groups.io/mt/82479071/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 18:16:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74648+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74648+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619783557547180.8214168757346; Fri, 30 Apr 2021 04:52:37 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id CpfKYY1788612xlBXSEQUtRb; Fri, 30 Apr 2021 04:52:37 -0700 X-Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web12.10214.1619783548337545009 for ; Fri, 30 Apr 2021 04:52:33 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=N+WJkkyJYkxz5+OGEgUh/X8OyeP6TX3lFbtuTD+zRYiNp1Kt0bpxwmprrxf89zFcvWG8eXfOuO4kOhE1S2jRZOnT6ut7Av+Ob8O6F6pgSyRYmDZwWYqHq7+eLRSYcrA5QfzxBrQofeboyCe4uYCf7nUmXvVFDvFbXG4SNOqLfO+iUhgSFfh5mHBtrxsbtzRIFeKfRyaYC0JFZ6FTlrHtiN12BXBCLfjElXkI1SalsINHIFqZCEA/A8Go3Mf5ZQE25LWtll6cmANHi/kZpFnVButLEIjoRkdEJA1Tpr1QPJihUYHmgZE2NA89Jf68S5UQt29X9sN39CEUpJEG8UPuMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gCPfA7cNsa81JV0p3tMyED8+VKUKPAqUgev8mZN4hmI=; b=SKCAtzU18dPw0zkUt4yEFa0hkKtsYrVHDg3h8HRVxqhDGjCSy81u1Aku1ccz9Dusv6p2KQfkNacKvQkF2dKInm+Hf46V0D5DwXG/R50LXIDskSzdGKvxidHYf8Fon3OmwvkXpBWdAk3/ItOe6bJBMfb42sjd/56/xgdBjXrufznDOkVvHU6zhSYUT2n6kO+/EAvs9jRR0jnBaTiVoqnxA8Co6PEBCJP0kaywlvj2yV1H7+MxeRctEuIzGkT/n2MS7eH/nYC+2TaxXMohDbqqDVSVRwFufE/VkWai4UC726Ws77eBbFcDDeMYCX1+3YheBvxsyLYbjZabr2FnvbW8yA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2783.namprd12.prod.outlook.com (2603:10b6:805:78::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.25; Fri, 30 Apr 2021 11:52:31 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:31 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 21/28] OvmfPkg/MemEncryptSevLib: Add support to validate system RAM Date: Fri, 30 Apr 2021 06:51:41 -0500 Message-Id: <20210430115148.22267-22-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:28 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 11298d13-4676-4ee3-07ea-08d90bce6e3a X-MS-TrafficTypeDiagnostic: SN6PR12MB2783: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: ajL/IF8Rvn+b1f/mhn/7VKaHHOFxMXmiqupv0pJYEdoEvTykIQ5tOzFF054MZ/2guAD26Z8sW+rc9QsE5kQ16BvMVEH/F0cM8uTCkBLKdEuT9iTvTPqM+yRBNgHNpIlM6rvse1MhfOfaC6aZW07bCRK7CvrOIXihXdtMv2kkvK4q3JhoXI/JhVaxPO7o+dIlg686NUs8zWaaAONMLxjUefGJkUNyR5EZhY68qpUZfhVkPNgsybWw2JarMtvcWLXv+MHc7rzfAKkV20rOYOxqNLHzgOPkeIi5ljC8xdKXXTBIn+xZsvc9XrvavYuCrkFBtMce1spuVqJ8Q0IXOOJ/xhmS1tFlIPwQAKf02rmmwMQGe+73X7EloPc27rMSoiTOAt5yr1sAEs6zvZA/V0U3AGk1pAMlnezM4GABZxjnNFU9ndnKWOTdYnQx5aDhfFMoY3P5L7iOcYNg/69eDw9F+MIQxnVFgUDoZZPCE6RyUXvYbvq5In0OAbBnHUV67z/klsRrptblkypNCB7yXhXieEuM6Zotjglqm3X4PZpAHZp3i51J6psTdA4DgYMIV4lk2vSwOqBdlFgmeOqpajVVX9DnRyBvQD+JzNbLJMzZtYD82rnF56/G8CFYKVFXA2GhLmV0V8C6HikToYNH0jZKwNgMKnyczRt2xQ9cfeF8ygOX2LUQBeMENeAODIKFyXOudug1KXffWZ7BTEmaHdnev39G7UPH06K7GM2b6+ARdBw= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?A2VmIl/PC+mlAFqIlkri6sEBgW18pCmEi9LVhiEar7odXoV6IiiHG2pFLZbI?= =?us-ascii?Q?GznV8A9wRhaKSxs9ZKFQ+8xjLv0ZhdAXxKaDPTG4ScCd7r8Ztl5pWTrMo+gT?= =?us-ascii?Q?RAYjnpil1GtbRHQFcPrnK4fr8brt5mCkW2CbioYEqnSgfaOLT8aydsnFjBLt?= =?us-ascii?Q?nJkOccHHhH4V6FYMrXgZF9JqA3eRhmZ8DnnY8XUPKn3Os+h0/Hh0Cxiz8MVZ?= =?us-ascii?Q?49hqS1pSTtDoHUhQxU0XsAsR+eOW/gl1VrWC/M6RcsDIYAu2k24pZaGzoyQC?= =?us-ascii?Q?nEiNN2FkqhG7yrissTWUThdeoeoPF4FprcyN6GydXZangpmHuPW9YPvk4obY?= =?us-ascii?Q?8u6qfAVk7+f8eDExYxIAMdaOAKeeC3WmXb8+bVnf8cVB43F3g5AojAGDhgG5?= =?us-ascii?Q?mTYvWftqz+o1KATgWUhMCkNsQMPcWwAwTHFpbOUCBD2ByYrnJYGqvoZO+Lr1?= =?us-ascii?Q?8JJc/0K3bIuQCVh/yftU20GUzW1LRChlKshZ7xgknOyX1KOd0zJMCiFmVtYb?= =?us-ascii?Q?1h0L/qoqVQOZym9R3QWDvgcaQb7CqA1Xck3IRvAsP2NlUHT6EBaQEkz9f5d3?= =?us-ascii?Q?D06oXZ8f6zknQ3e6rpd2I9Hs1cMdCqphjvlyvmi0Dq5SDm77urya6MVPAQy9?= =?us-ascii?Q?IWJVww/X4FuGVkWwlAUTcd/chhdza/lvVPXZ2Et8huQ3HiGlWga9/Tap1McZ?= =?us-ascii?Q?mlCLSSXMaUCG4haC4mofHj1831Z5Rs0DnWENSS8YNQ2LpEi+QBLTXVxcqBln?= =?us-ascii?Q?mSkhI4ED5/TbSrp8pDUDvBV1itFJw5hxYZ2/6J7gU29LByIKYSAGOJjureiM?= =?us-ascii?Q?u93Yqlx+Kl8g2H6Egk680m5/heSDL+Hiaz4pdhnLroR4Mp3S2wjg7It2V7YR?= =?us-ascii?Q?ZQebKxxLNy3gLfbZdLFxdUwmodDnfFv+N/acqATnup8fYTGSQGgFoUuP1ZZJ?= =?us-ascii?Q?vaMuZIdW+jV5QeWiLj4P4TjXJa0bw9RDpdsclFmqO9FLDkjZR8CFmp4q+SOz?= =?us-ascii?Q?BqgaB8uTSTq+mef3ONHbOr2tEg5nv+h72lMviKje+Js5g3VjAmlARoIf9XlD?= =?us-ascii?Q?LbGePOjvY8YUMdLTMoKceMBzSKYznvE8XUfG4OEog/IRf2hxdwoI7kbaMjqd?= =?us-ascii?Q?DSLLoqB3cFkqeFHqCif9hZn3PxsSdTC6Q/fnJm5m7uurFpDJcAiZTySTxvpW?= =?us-ascii?Q?mk3bF2XihJ/ojI+aLwBUQfiKOzAjiUUy0YjVDh646WrPxbrLbr+S309vVhR7?= =?us-ascii?Q?opygeuAEIZLN0K09EDNP9Blz4wLwfW/SDPQBooRH1iOTzi4XiNBmlt/wQWQG?= =?us-ascii?Q?gfOUbDagyOyu6MS05ySf2FGc?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 11298d13-4676-4ee3-07ea-08d90bce6e3a X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:29.1950 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Du8iggW7y27WRu3SaGIsByJvKzJaDhpn3CWJQQ7yaRwWT00HxNvBSEMWohd6uCl3RQs27aSyibYTj1iCqwt36A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2783 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: rWV234PKGuvwVZY3jqN05IPgx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783557; bh=/NfCiSs8Zl2ztx8Hj4Zp0cOivzetcydRijV4hxCml2g=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=con4ZM+C8Ha6xQVTFzHpM7fJtgE0f1UwHc8Gh25Jg39G403nG4CuW5BjsERLK5bTY5c 21cpLJd/A/8goaraF01jevi/KR/lqP1+Nk0i+ZusJHDzPgP81fEOVeOB6DuoIzw8HNwHz TcaTt1iQqJT8RYJmZBzRodOaxcMXkjNNYyQ= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Many of the integrity guarantees of SEV-SNP are enforced through the Reverse Map Table (RMP). Each RMP entry contains the GPA at which a particular page of DRAM should be mapped. The guest can request the hypervisor to add pages in the RMP table via the Page State Change VMGEXIT defined in the GHCB specification section 2.5.1 and 4.1.6. Inside each RMP entry is a Validated flag; this flag is automatically cleared to 0 by the CPU hardware when a new RMP entry is created for a guest. Each VM page can be either validated or invalidated, as indicated by the Validated flag in the RMP entry. Memory access to a private page that is not validated generates a #VC. A VM can use the PVALIDATE instruction to validate the private page before using it. During the guest creation, the boot ROM memory is pre-validated by the AMD-SEV firmware. The MemEncryptSevSnpValidateSystemRam() can be called during the SEC and PEI phase to validate the detected system RAM. One of the fields in the Page State Change NAE is the RMP page size. The page size input parameter indicates that either a 4KB or 2MB page should be used while adding the RMP entry. During the validation, when possible, the MemEncryptSevSnpValidateSystemRam() will use the 2MB entry. A hypervisor backing the memory may choose to use the different page size in the RMP entry. In those cases, the PVALIDATE instruction should return SIZEMISMATCH. If a SIZEMISMATCH is detected, then validate all 512-pages constituting a 2MB region. Upon completion, the PVALIDATE instruction sets the rFLAGS.CF to 0 if instruction changed the RMP entry and to 1 if the instruction did not change the RMP entry. The rFlags.CF will be 1 only when a memory region is already validated. We should not double validate a memory as it could lead to a security compromise. If double validation is detected, terminate the boot. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/Include/Library/MemEncryptSevLib.h | 1= 4 ++ OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf | = 2 + OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c | 1= 7 ++ OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf | = 3 + OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf | = 3 + OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c | 4= 0 +++ OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c | 3= 6 +++ OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c | 3= 6 +++ OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h | 3= 1 +++ OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | 26= 1 ++++++++++++++++++++ OvmfPkg/OvmfPkgIa32.dsc | = 1 + OvmfPkg/OvmfPkgIa32X64.dsc | = 1 + 12 files changed, 445 insertions(+) diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/L= ibrary/MemEncryptSevLib.h index 42caa6497b..c4e89abe0d 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -237,4 +237,18 @@ MemEncryptSevClearMmioPageEncMask ( IN UINTN NumPages ); =20 +/** + Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. + + @param[in] BaseAddress Base address + @param[in] NumPages Number of pages starting from the ba= se address + +**/ +VOID +EFIAPI +MemEncryptSevSnpPreValidateSystemRam ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages + ); + #endif // _MEM_ENCRYPT_SEV_LIB_H_ diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf index f2e162d680..2158e1cba3 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf @@ -34,8 +34,10 @@ PeiDxeMemEncryptSevLibInternal.c =20 [Sources.X64] + X64/DxeSnpSystemRamValidate.c X64/MemEncryptSevLib.c X64/PeiDxeVirtualMemory.c + X64/SnpPageStateChangeInternal.c X64/VirtualMemory.c X64/VirtualMemory.h =20 diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c b= /OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c index 34e7c59e2c..2ca3a400bd 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c @@ -136,3 +136,20 @@ MemEncryptSevClearMmioPageEncMask ( // return RETURN_UNSUPPORTED; } + +/** + Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. + + @param[in] BaseAddress Base address + @param[in] NumPages Number of pages starting from the ba= se address + +**/ +VOID +EFIAPI +MemEncryptSevSnpPreValidateSystemRam ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages + ) +{ + ASSERT (FALSE); +} diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf index 03a78c32df..0402e49a10 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -36,6 +36,8 @@ [Sources.X64] X64/MemEncryptSevLib.c X64/PeiDxeVirtualMemory.c + X64/PeiSnpSystemRamValidate.c + X64/SnpPageStateChangeInternal.c X64/VirtualMemory.c X64/VirtualMemory.h =20 @@ -49,6 +51,7 @@ DebugLib MemoryAllocationLib PcdLib + VmgExitLib =20 [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf index 279c38bfbc..939af0a91e 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf @@ -35,6 +35,8 @@ [Sources.X64] X64/MemEncryptSevLib.c X64/SecVirtualMemory.c + X64/SecSnpSystemRamValidate.c + X64/SnpPageStateChangeInternal.c X64/VirtualMemory.c X64/VirtualMemory.h =20 @@ -46,6 +48,7 @@ CpuLib DebugLib PcdLib + VmgExitLib =20 [FixedPcd] gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c new file mode 100644 index 0000000000..d46a8408f8 --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c @@ -0,0 +1,40 @@ +/** @file + + SEV-SNP Page Validation functions. + + Copyright (c) 2020 - 2021, AMD Incorporated. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include + +#include "SnpPageStateChange.h" + +/** + Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. + + @param[in] BaseAddress Base address + @param[in] NumPages Number of pages starting from the ba= se address + +**/ +VOID +EFIAPI +MemEncryptSevSnpPreValidateSystemRam ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages + ) +{ + if (!MemEncryptSevSnpIsEnabled ()) { + return; + } + + // + // All the pre-validation must be completed in the PEI phase. + // + ASSERT (FALSE); +} diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c new file mode 100644 index 0000000000..ba673d193b --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c @@ -0,0 +1,36 @@ +/** @file + + SEV-SNP Page Validation functions. + + Copyright (c) 2020 - 2021, AMD Incorporated. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include + +#include "SnpPageStateChange.h" + +/** + Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. + + @param[in] BaseAddress Base address + @param[in] NumPages Number of pages starting from the ba= se address + +**/ +VOID +EFIAPI +MemEncryptSevSnpPreValidateSystemRam ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages + ) +{ + if (!MemEncryptSevSnpIsEnabled ()) { + return; + } + + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); +} diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c new file mode 100644 index 0000000000..ba673d193b --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c @@ -0,0 +1,36 @@ +/** @file + + SEV-SNP Page Validation functions. + + Copyright (c) 2020 - 2021, AMD Incorporated. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include + +#include "SnpPageStateChange.h" + +/** + Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. + + @param[in] BaseAddress Base address + @param[in] NumPages Number of pages starting from the ba= se address + +**/ +VOID +EFIAPI +MemEncryptSevSnpPreValidateSystemRam ( + IN PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages + ) +{ + if (!MemEncryptSevSnpIsEnabled ()) { + return; + } + + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); +} diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h = b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h new file mode 100644 index 0000000000..0dd90d4a16 --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h @@ -0,0 +1,31 @@ +/** @file + + SEV-SNP Page Validation functions. + + Copyright (c) 2020 - 2021, AMD Incorporated. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef SNP_PAGE_STATE_INTERNAL_H_ +#define SNP_PAGE_STATE_INTERNAL_H_ + +// +// SEV-SNP Page states +// +typedef enum { + SevSnpPagePrivate, + SevSnpPageShared, + +} SEV_SNP_PAGE_STATE; + +VOID +InternalSetPageState ( + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages, + IN SEV_SNP_PAGE_STATE State, + IN BOOLEAN UseLargeEntry + ); + +#endif diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInt= ernal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeIntern= al.c new file mode 100644 index 0000000000..182f6040ec --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c @@ -0,0 +1,261 @@ +/** @file + + SEV-SNP Page Validation functions. + + Copyright (c) 2020 - 2021, AMD Incorporated. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include + +#include +#include + +#include "SnpPageStateChange.h" + +#define IS_ALIGNED(x, y) ((((x) & (y - 1)) =3D=3D 0)) +#define PAGES_PER_LARGE_ENTRY 512 + +STATIC +UINTN +MemoryStateToGhcbOp ( + IN SEV_SNP_PAGE_STATE State + ) +{ + UINTN Cmd; + + switch (State) { + case SevSnpPageShared: Cmd =3D SNP_PAGE_STATE_SHARED; break; + case SevSnpPagePrivate: Cmd =3D SNP_PAGE_STATE_PRIVATE; break; + default: ASSERT(0); + } + + return Cmd; +} + +STATIC +VOID +SnpPageStateFailureTerminate ( + VOID + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + + // + // Use the GHCB MSR Protocol to request termination by the hypervisor + // + Msr.GhcbPhysicalAddress =3D 0; + Msr.GhcbTerminate.Function =3D GHCB_INFO_TERMINATE_REQUEST; + Msr.GhcbTerminate.ReasonCodeSet =3D GHCB_TERMINATE_GHCB; + Msr.GhcbTerminate.ReasonCode =3D GHCB_TERMINATE_GHCB_GENERAL; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + AsmVmgExit (); + + ASSERT (FALSE); + CpuDeadLoop (); +} + +STATIC +UINTN +IssuePvalidate ( + IN UINTN Address, + IN UINTN RmpPageSize, + IN BOOLEAN Validate + ) +{ + IA32_EFLAGS32 EFlags; + UINTN Ret; + + Ret =3D AsmPvalidate (RmpPageSize, Validate, Address, &EFlags); + + // + // Check the rFlags.CF to verify that PVALIDATE updated the RMP entry. + // If there was a no change in the RMP entry then we are either double + // validating or invalidating the memory. This can lead to a security co= mpromise. + // + if (EFlags.Bits.CF) { + DEBUG (( + DEBUG_ERROR, "%a:%a: Double %a detected for address 0x%Lx\n", + gEfiCallerBaseName, + __FUNCTION__, + Validate ? "Validate" : "Invalidate", + Address + )); + SnpPageStateFailureTerminate (); + } + + return Ret; +} + +/** + This function issues the PVALIDATE instruction to validate or invalidate = the memory + range specified. If PVALIDATE returns size mismatch then it retry validat= ing with + smaller page size. + + */ +STATIC +VOID +PvalidateRange ( + IN SNP_PAGE_STATE_CHANGE_INFO *Info, + IN UINTN StartIndex, + IN UINTN EndIndex, + IN BOOLEAN Validate + ) +{ + UINTN Address, RmpPageSize, Ret, i; + + for (; StartIndex < EndIndex; StartIndex++) { + // + // Get the address and the page size from the Info. + // + Address =3D Info->Entry[StartIndex].GuestFrameNumber << EFI_PAGE_SHIFT; + RmpPageSize =3D Info->Entry[StartIndex].PageSize; + + Ret =3D IssuePvalidate (Address, RmpPageSize, Validate); + + // + // If we fail to validate due to size mismatch then try with the + // smaller page size. This senario will occur if the backing page in + // the RMP entry is 4K and we are validating it as a 2MB. + // + if ((Ret =3D=3D PvalidateRetFailSizemismatch) && (RmpPageSize =3D=3D P= validatePageSize2MB)) { + for (i =3D 0; i < PAGES_PER_LARGE_ENTRY; i++) { + Ret =3D IssuePvalidate (Address, PvalidatePageSize4K, Validate); + if (Ret) { + break; + } + + Address =3D Address + EFI_PAGE_SIZE; + } + } + + // + // If validation failed then do not continue. + // + if (Ret) { + DEBUG (( + DEBUG_ERROR, "%a:%a: Failed to %a address 0x%Lx Error code %d\n", + gEfiCallerBaseName, + __FUNCTION__, + Validate ? "Validate" : "Invalidate", + Address, + Ret + )); + SnpPageStateFailureTerminate (); + } + } +} + +/** + The function is used to set the page state when SEV-SNP is active. The pa= ge state + transition consist of changing the page ownership in the RMP table, and u= sing the + PVALIDATE instruction to update the Validated bit in RMP table. + + When the UseLargeEntry is set to TRUE, then function will try to use the = large RMP + entry (whevever possible). + */ +VOID +InternalSetPageState ( + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINTN NumPages, + IN SEV_SNP_PAGE_STATE State, + IN BOOLEAN UseLargeEntry + ) +{ + EFI_STATUS Status; + GHCB *Ghcb; + EFI_PHYSICAL_ADDRESS NextAddress, EndAddress; + MSR_SEV_ES_GHCB_REGISTER Msr; + BOOLEAN InterruptState; + SNP_PAGE_STATE_CHANGE_INFO *Info; + UINTN i, RmpPageSize; + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + Ghcb =3D Msr.Ghcb; + + EndAddress =3D BaseAddress + EFI_PAGES_TO_SIZE (NumPages); + + DEBUG (( + DEBUG_VERBOSE, "%a:%a Address 0x%Lx - 0x%Lx State =3D %a LargeEntry = =3D %d\n", + gEfiCallerBaseName, + __FUNCTION__, + BaseAddress, + EndAddress, + State =3D=3D SevSnpPageShared ? "Shared" : "Private", + UseLargeEntry + )); + + for (; BaseAddress < EndAddress; BaseAddress =3D NextAddress) { + // + // Initialize the GHCB and setup scratch sw to point to shared buffer. + // + VmgInit (Ghcb, &InterruptState); + Info =3D (SNP_PAGE_STATE_CHANGE_INFO *) Ghcb->SharedBuffer; + + SetMem (Info, sizeof (*Info), 0); + + // + // Build page state change buffer + // + for (i =3D 0; (EndAddress > BaseAddress) && i < SNP_PAGE_STATE_MAX_ENT= RY; + BaseAddress =3D NextAddress, i++) { + // + // Is this a 2MB aligned page? Check if we can use the Large RMP ent= ry. + // + if (UseLargeEntry && IS_ALIGNED (BaseAddress, SIZE_2MB) && + ((EndAddress - BaseAddress) >=3D SIZE_2MB)) { + RmpPageSize =3D PvalidatePageSize2MB; + NextAddress =3D BaseAddress + SIZE_2MB; + } else { + RmpPageSize =3D PvalidatePageSize4K; + NextAddress =3D BaseAddress + EFI_PAGE_SIZE; + } + + Info->Entry[i].GuestFrameNumber =3D BaseAddress >> EFI_PAGE_SHIFT; + Info->Entry[i].PageSize =3D RmpPageSize; + Info->Entry[i].Op =3D MemoryStateToGhcbOp (State); + Info->Entry[i].CurrentPage =3D 0; + } + + Info->Header.CurrentEntry =3D 0; + Info->Header.EndEntry =3D i - 1; + + // + // If the request page state change is shared then invalidate the page= s before + // adding the page in the RMP table. + // + if (State =3D=3D SevSnpPageShared) { + PvalidateRange (Info, 0, i, FALSE); + } + + // + // Issue the VMGEXIT and retry if hypervisor failed to process all the= entries. + // + Ghcb->SaveArea.SwScratch =3D (UINT64) Ghcb->SharedBuffer; + VmgSetOffsetValid (Ghcb, GhcbSwScratch); + while (Info->Header.CurrentEntry <=3D Info->Header.EndEntry) { + Status =3D VmgExit (Ghcb, SVM_EXIT_SNP_PAGE_STATE_CHANGE, 0, 0); + if (EFI_ERROR (Status)) { + SnpPageStateFailureTerminate (); + } + } + + // + // If the request page state change is shared then invalidate the page= s before + // adding the page in the RMP table. + // + if (State =3D=3D SevSnpPagePrivate) { + PvalidateRange (Info, 0, i, TRUE); + } + + VmgDone (Ghcb, InterruptState); + } +} diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index f9355172d6..1c1e911bd0 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -267,6 +267,7 @@ !else CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiC= puExceptionHandlerLib.inf !endif + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLi= b.inf =20 [LibraryClasses.common.PEI_CORE] HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 3f27d7b90d..804f5d62be 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -271,6 +271,7 @@ !else CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiC= puExceptionHandlerLib.inf !endif + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLi= b.inf =20 [LibraryClasses.common.PEI_CORE] HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74648): https://edk2.groups.io/g/devel/message/74648 Mute This Topic: https://groups.io/mt/82479072/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 18:16:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74649+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74649+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619783558061829.1705758575351; Fri, 30 Apr 2021 04:52:38 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id vy5DYY1788612xlygRcK5LrL; Fri, 30 Apr 2021 04:52:37 -0700 X-Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web12.10214.1619783548337545009 for ; Fri, 30 Apr 2021 04:52:34 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BnBC6k6gVjuAw+SQeibjZmHzXR/ysjzLlLL44qlaYol35ykuBeSBvwwjO7Lq0OuF+woN4RWJv1+aglSJrnrnpz3jj2Ew3ZgMeW8rexBZ8fY4zX8TFyCAhetmgae2xWH87bcnv2ViurlLzKcveUAIB5TjtApgo/WMI6Dr+5jsLol5zPmxjZJ6SwGohfn3kbu7qnlojVPsBFaBidox6IOXgefvvOodxADLyVLOwzscLVSsWxMum6Xb2X3f6y2Pgm8DgLd9Jz+XjtLxMkc0rSbDSg1G7eXKqKmSLweN3WacJfQe66wY6+bA3qznXMXIuXKmyDQNuPFEw9B6lJHlEzIdKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZfUBbUUPnLeX5tHcCLnMUtoz3rJa4rgDDInBo9nO/Mw=; b=lAfLtBTQbC6/JtGiNaJtBDOxFFWq1QvafwQGkuiABeofLfXiITntEblBlXJSASskCFBFti2iecz99vFahJNp5lJk6275SnFydMpuaDoHkHV378re3C5mKDq1T1f3zm7iy2tyEjqHl3V1RieEX8JSNhG1AFBFP9EdBw8K9l1riofnqm7J9hBC/QVgddheqk2sx/2l77vC5ab1DwlUbmQryHMqfdg0rHAU6owDHz15Ig2mEVoFLZiVbp7aLwajXA7YIaX2h6BAaWf8AdPfk56cQE2kVt/q8BjbO8s0U/vDe59wPl1UM8Yh1I+NZQLLxLUDJD+jLZp2j6Qr2iN4dukTVQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2783.namprd12.prod.outlook.com (2603:10b6:805:78::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.25; Fri, 30 Apr 2021 11:52:31 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:31 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 22/28] OvmfPkg/BaseMemEncryptSevLib: Skip the pre-validated system RAM Date: Fri, 30 Apr 2021 06:51:42 -0500 Message-Id: <20210430115148.22267-23-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:29 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 59ac87a4-a91c-4db1-9db4-08d90bce6e94 X-MS-TrafficTypeDiagnostic: SN6PR12MB2783: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: 4sEPwLSaigBzOQxIuap8i/Ic1hTkaM8vGs+Opga20cO/4uiOQhDrAshjmqn1n4offqykHWrXRtWrg7z8fGDoYNbDst4y4kjXKXcOtizKYAk6YhTUKDWbngt7LP4G8yrlhT2g7kYyk7kK0i1TpIqZE2aTaVTZo5rFqBD2IJCWk9mFS+EFxgXCm++q/hoG+4Km3u2N5Q27OvXB/fpbr+JfJSi4DHAzgCDV4kjfvmVIEmGxWk+R+J3yklpmna4pYLfwqr0yKGMKpHb4cofzq6F8zuMyEPKoiTqoctZpivahUVKKFmF4wZteaounfmiejUZ/q5FaQgQN0LkuEdPc6WPmlKmUwohmbx5WNXUMcG19s23Jf6/lfQVG/DcWpRTerLEHgCaZUnJUrea/G42lVS8VqAeLMISV17qA+MRdWk3OXuKN08aWeZQiJN1WpaE06BH8MVPz967rgSq5nahNaXJF25GvLwroJYouEO6OKTIdBVnwc4rk2Mj00sJSn3a0ZMj765T8YU2228V6NoCCd5O1IMLL8GVYwFC9+AM0mEFSyWPKEwEP94FACtS8jT6TJ1zFYsYgaK9hiVhmpnHdFsD1qkJZSsKMiBoY3cOaEml+4+ZoGCkzqZPqpAUlzu2Sw095OUEXowX/R2fwztZ7KEFwXgjzI5YK8qcg6mSC8joZIguIObhi9NnLf/o0CM19rTq3UP7vi771JpgDzZMkl/azhzrc0+Fsdl5t2i0eM/823uI75uk3fhtq/QOsoLouzmXi X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?61xpXHREM+f0J2LSAbXfw9gjAp4kl4kKRFJyMT2+DEHXmOZJcdMLbFp8EVvz?= =?us-ascii?Q?zNkrWDAh68yHW+PDV7Y1RwGN1jlLrn3tMbOnPglWOpEOMZcnIKlOptfo2/AD?= =?us-ascii?Q?TtODlROpiDNFBu4jwS9H07OjTWyehC3uH22wQMomhDSI6S++lCM0qfoU62EJ?= =?us-ascii?Q?tKFC1gM4a6hoku1j6HtQftF75wT2C07ntgIPLe7X0ImAXJ1Ygw5/a2fy3cxF?= =?us-ascii?Q?QSwZiUtg/tIazsvsdcpIbSjfm8hYu0ytguOl+hkzTCKkyEW7MWk5lxChU8u7?= =?us-ascii?Q?/wgbRgMFRBdv6Qcgr82b9SlzBv3vTgyVHfz5ybT5iIiIEp9a1A2LPGEADRpE?= =?us-ascii?Q?xyqJYus5Sz/bsB5TYpB9P9Lk/oVWGWua/jg/YR9UUowDCpbQsjXKPXNPNS0q?= =?us-ascii?Q?dkvcVmdbciYBhEUWP8ao2gqdjGEDkpOWUUNwCPkzbdTz+RoGkzI8hJFU1T2u?= =?us-ascii?Q?Z33GsyNOPz/HKdrMaXuqcwMEeA2WMVa6STaUdEJ8NMVCvtQUK2PQXLGQ/VEt?= =?us-ascii?Q?hUY0NNaiXJk15gJ/GLmkyGuj/DNaSTtrrDiaIkpPMiWtTvJwwSVIqu78IIU1?= =?us-ascii?Q?JOA5Qassa0DLW7Ihvb+g70qUZJa3kwDGm1lMNhNtd20Z6G+PYdPXwJfAkzmK?= =?us-ascii?Q?ufR/qYjgv+50lx/u8DvWWowjmuxKR9SWndACcX9EVl+8o8YjVBRFy62U2skj?= =?us-ascii?Q?mRTUaqqU0o9MEPAGzjrWdYenuMGEP4Ea7uN3TsqoStpvIleb30WBENTw9B02?= =?us-ascii?Q?/qNBi8W4KR+G3E7NKVC0chRFiQpwn6JbT+VcSr9rph6aPv4G3Bqbiwp9Lx75?= =?us-ascii?Q?+a8vbVATG6VEwqv2t2qedaGCFWZgRplYrdt0Prto0uP69OASGxa8KfWCUMIt?= =?us-ascii?Q?7zEFgOgFr+Hkor0/MgTP3a1W0IBIFxKcK9C1STqtAEnqYxoBe0WbMRYUXygj?= =?us-ascii?Q?/LSsXn6XpsS3POUTLToOY5FRKC+NoN0vf6voY3WCORH78j00/dhnnPFKI/Zx?= =?us-ascii?Q?vzYdI6SYbbYz7MmhPpQ9pJHB9M2q9EkvVa8XC7Vj3sIRLiYHk06cUViDBM01?= =?us-ascii?Q?gbK6qwZCBIEebTa2Y+ikgkKH7Tsuyf3ekjye0teRDkfk8mlTHfhtc7wHpuwL?= =?us-ascii?Q?Z/MA6MxKwBc8XllnrxF9odm5YcmFjcSqR4HrVL3EQHX5t+/NdtL48rixyQwa?= =?us-ascii?Q?cg0L9swAWAfGivxZdga3PHiIKGbsOaqRrbyJUONl6qD9Vd28VF8zBwEny6Wo?= =?us-ascii?Q?xCOHXHBY6KVQaS/YdP+0L37+1vUzBT1CIax43CxZ2UNBX8VdtkiSvczMxsWW?= =?us-ascii?Q?5GlSJvxxht/jO8owfWHJDcIK?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 59ac87a4-a91c-4db1-9db4-08d90bce6e94 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:29.7447 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: xJAhQqTdP64+ehNUvz2x/9B6yRO+6Mi+PywtqnU3OTF24My33EbC/foEqcdiLbPXsIM+qAZ6q674DP1meW//Hg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2783 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: 9fLtw5g2f8Cbpcf1CuEHz5Cqx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783557; bh=4oVSw3N/pdkIxxdoY71NEsqGa+RPRcdjqVZDLc7Yr2g=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=Cjus5lxBV5nSdwIUnYYvHWFT+gqWboe3ROd39/CarCwSccnsblU0fVwvY9KAN+DumeA diAt8sU6L7q8ioR4zXhYHonQtWzC8Ji3a8fcsP2Esoc8kA3VS4EPoJnjntJdRcp34QOvz pPp/MqIszWbuUUCPhcwMap6lU+9NRhs63Fc= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The MemEncryptSevSnpPreValidateSystemRam() is used for pre-validating the system RAM. As the boot progress, each phase validates a fixed region of the RAM. In the PEI phase, the PlatformPei detects all the available RAM and calls to pre-validate the detected system RAM. While validating the system RAM in PEI phase, we must skip previously validated system RAM to avoid the double validation. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf | 2 + OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c | 65 ++= +++++++++++++++++- 2 files changed, 66 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf index 0402e49a10..f4058911e7 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -58,3 +58,5 @@ =20 [FixedPcd] gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c index ba673d193b..1fc3337f7c 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c @@ -14,6 +14,44 @@ =20 #include "SnpPageStateChange.h" =20 +typedef struct { + UINT64 StartAddress; + UINT64 EndAddress; +} SNP_PRE_VALIDATED_RANGE; + +STATIC SNP_PRE_VALIDATED_RANGE mPreValidatedRange[] =3D { + // This range is pre-validated by the Hypervisor. + { + FixedPcdGet32 (PcdOvmfSnpHypervisorPreValidatedStart), + FixedPcdGet32 (PcdOvmfSnpHypervisorPreValidatedEnd) + } +}; + +STATIC +BOOLEAN +DetectPreValidatedOverLap ( + IN PHYSICAL_ADDRESS StartAddress, + IN PHYSICAL_ADDRESS EndAddress, + OUT SNP_PRE_VALIDATED_RANGE *OverlapRange + ) +{ + UINTN i; + + // + // Check if the specified address range exist in pre-validated array. + // + for (i =3D 0; i < ARRAY_SIZE (mPreValidatedRange); i++) { + if ((mPreValidatedRange[i].StartAddress < EndAddress) && + (StartAddress < mPreValidatedRange[i].EndAddress)) { + OverlapRange->StartAddress =3D mPreValidatedRange[i].StartAddress; + OverlapRange->EndAddress =3D mPreValidatedRange[i].EndAddress; + return TRUE; + } + } + + return FALSE; +} + /** Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. =20 @@ -28,9 +66,34 @@ MemEncryptSevSnpPreValidateSystemRam ( IN UINTN NumPages ) { + PHYSICAL_ADDRESS EndAddress; + SNP_PRE_VALIDATED_RANGE OverlapRange; + if (!MemEncryptSevSnpIsEnabled ()) { return; } =20 - InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); + EndAddress =3D BaseAddress + EFI_PAGES_TO_SIZE (NumPages); + + while (BaseAddress < EndAddress) { + // + // Check if the range overlaps with the pre-validated ranges. + // + if (DetectPreValidatedOverLap (BaseAddress, EndAddress, &OverlapRange)= ) { + // Validate the non-overlap regions. + if (BaseAddress < OverlapRange.StartAddress) { + NumPages =3D EFI_SIZE_TO_PAGES (OverlapRange.StartAddress - BaseAd= dress); + + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TR= UE); + } + + BaseAddress =3D OverlapRange.EndAddress; + continue; + } + + // Validate the remaining pages. + NumPages =3D EFI_SIZE_TO_PAGES (EndAddress - BaseAddress); + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); + BaseAddress =3D EndAddress; + } } --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74649): https://edk2.groups.io/g/devel/message/74649 Mute This Topic: https://groups.io/mt/82479073/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 18:16:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74650+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74650+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619783565939322.6155673898551; Fri, 30 Apr 2021 04:52:45 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id SXMbYY1788612x4fMGPGWWuZ; Fri, 30 Apr 2021 04:52:45 -0700 X-Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web12.10214.1619783548337545009 for ; Fri, 30 Apr 2021 04:52:34 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=az75ZLrTO1DmRmjQQ5DnA8MjtPrVG7C4gj/d476+FjrJkYY/uXlrNqiTZ5wA2EozH02a3qer3SZ8t/NRw1boYNEd8xAn7q+eOSo6qajURNGfgNM0K+Ahv5RYVTlbFY3vGZimqsqpOdYNCfwHbLvG7T5W7AubY7PmopFE9d+xNdDQtBNC3SH/UeyhTohnNF60bgEDdTY08OceRQ8YKa8LJ3fLnJtOEqu2cONBBtvanWKBEvFSIS6+HlW+voWoO3t+phkZRUP97ZEmafHwCZWQE5Zw10zQBOo/AomFoIIUhxpBLC8cPZ6EqIGK4tfd8d7MX/sXIkDC7w57x5eedKnNBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RFODU3l7Yydv8RQ8TUN20YOP3Hvnu7ckfSWlCwcS7bA=; b=ElGKU/ge5JVbhAGxIvfcerBSHC4ys78NgU+ucEaUbBdEQVoyYZwxFxVS7pPHyz5UgtZG2qxJdt5mSZ+7mn19T2ojg6WhCvkOPtwZKCo+X6zo2OUcFI7a5jtjGqlHiQJrNBbClPwbuKTXYwLK4jYHawE+guYy53Ny99B7C/7b2NGFWxwceF8g5ZVIddQPvvn0I0q1x8H15uuteUu4F4Kze5HRp6xaXTdg3D8Ndc048oQH4/KbH9jo5J06K5q/CT34O26EAVZ8+xHq8u3l/ZCFTAj9qRgDECua4GSx1Ja8NPOzLIPK5Hb1ArMGLUogVlq9dVs5XLvRjGiTtVaXxp3k1w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2783.namprd12.prod.outlook.com (2603:10b6:805:78::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.25; Fri, 30 Apr 2021 11:52:32 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:32 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 23/28] OvmfPkg/MemEncryptSevLib: Add support to validate > 4GB memory in PEI phase Date: Fri, 30 Apr 2021 06:51:43 -0500 Message-Id: <20210430115148.22267-24-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:29 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 88fc6cac-4d94-4123-10ec-08d90bce6eed X-MS-TrafficTypeDiagnostic: SN6PR12MB2783: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: P55PHuqt0Sm26IxI/WYHNJ+ufQtwWYZpuknqNxq7yjiBQd0l4a0zgNTUZ/MzKlbkqBTF/wC8dyUQARCEL6/fHcMFHqjS4N1B4iosJvWb9rpmAO+VQ8a/ADy3Is1R8wVNyoCouzd0zdV6w01HPgR7qPaFTvhsZ48ejnVTjPZYygmkQAZN2jESzHqScpEXWQnkGh6vuaEiUoppFK8rsTSHaK+ItojyNXqSKdnQtcLV/2IFOEWHFuadLRUX/U9n13BR60zDpS5OIEn/hPpjGMvDMcrYBSS7QAsRhdzK7q/0T142LzmZHqPnRcTUaLzChZc6PP+iWyXdpBHUuZ1ix6F9nH3TSWKa0OTx/MimeOeTwMtPJ0sf40rt5rmi+3pRtRKcFfUx+CwbIhFDSdLXF2ReV0u4cJWlh8leHJoYCtU/nn7J4JtOU1p+z9yBP6hbv3a0F/SZNh8OtbUo+9NatbtsXaiCaTJq4S2KDewW+UMNBieqIeSB0H5QT/XZFKr3XdLwbYgKZvxFjQtLIF1DlJI18dHdGdwz/gaw/m60Gvjnli8p1QNQdAFEfpKQkRfXeI65Sn5O2RpQ5o9nqYeHMXPNGknglBm5zm5K482Z3zbf7tLWtUiFHyGG28TBEgRxoJXFNLkegyHhZMnCc1Ny6bub567uxREGsW0oD+4P48zBN+EypLzLfVSyzIuFUPPpCFZ5jkfWOCMdSbrMHHwfocCepr04w4TFT9wALu9J1lQPFgM= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?tRd6V6no77OsPkuT7UfCMWCNN44NOLpZwFCL8jVu6zDFsTe8VTSnt9tOFrD7?= =?us-ascii?Q?lD0dp67xOzm4ePtDsVvxFTbAGz5cqpp3a4qGtJoSRqkhu8sJ+5wFWe6GGy7W?= =?us-ascii?Q?nsbM0D94cy+fTrgEquOoFuc7rje2b1R5p2C7bHSxaH+gXq78XXPJxflLbslS?= =?us-ascii?Q?+wAoXGXwlx7vIetblF4YqhX7Ws46jVL8GtgB245xNN9nPTuQbbSD9n1EIAic?= =?us-ascii?Q?M1HYsWqeIeFT7+Y368zB/IJoiz5Mh3+Gw8u2SeUxOT94g5EpDWhBzzZdUdn6?= =?us-ascii?Q?rfZMSNld9Miuz0P5+52qXI/vZYW2h7bAsMGwVIk8kT1ciMXkQlk0HvZQfE8E?= =?us-ascii?Q?g86YkD+2uFkcHN45KhxX2tWvDsU50dIrxuraA70HjyAAEzVROqsUtQAdP0n1?= =?us-ascii?Q?s3wuyH5hFBb0E9m2gFDXHhV6PaMb+jY7mxNls8URG5CpWFBKb8ny15+Rudue?= =?us-ascii?Q?OJgTlHWM8XPgI2sBJBE6jtRGSW4+ZfEO78+tEglqwCzWud3EUuRKZnpj7LxG?= =?us-ascii?Q?ntpMiB7nRtoHRxOHk0N28JQCe1d3udlvsDu8ENsAr7D1fRipJ+PpAcKLc1zO?= =?us-ascii?Q?dPoFYhy8dJ1wojtHve8tfNMJnUTVFDoJ4EK6kQsfmR1Fhbg9NcmUnmHP1Vxw?= =?us-ascii?Q?zeIx5WulALonc4SKHTxB3rRiVEAJ0by8yIw/zh+bPBZG/68YDTG8hf1iXwEY?= =?us-ascii?Q?EnMEEytjRxh8NgZlAuhTIEXkweWlske38gOwfoSUDzp1DGoJp/tIt5uJs5Zd?= =?us-ascii?Q?XvO8o6FpmnCmDbru12Z/BUSIOwsQOCM/fmc1bZsK6zGjw2AAC5x+ob3HKyHn?= =?us-ascii?Q?RRzG2uL9mjKYouo6C0qzLllfiQAjOgOe+E3nsyj+VvgM7cpfeytGFinA+Iho?= =?us-ascii?Q?O3A22qnbMz6j7WPELxDVZyjV43fsWGRI2l0P5WPPmKcyg5wxr/kv97G+47X3?= =?us-ascii?Q?Esyh1aglOAEjzpOs1tN6KEA2GO2VwrJazo/yM52lABRGl2DyMI7uFg3nt91+?= =?us-ascii?Q?8oClfQMhCo0N9ZS8963xw46VxYlMLxuNNr+tF4h1l5EToqbRtvKnGsqeNQ/T?= =?us-ascii?Q?04rH6rIcGa7EPpSVfle2BOXMBm/V9vZRokPPU3gvu8DxJz0lBWBsQ9/cnl9h?= =?us-ascii?Q?l6Urkg79fHoqlS360K2D/gtDeCkJ8jY9grj7HoTij3tnYk+VHOx3SMLrysKy?= =?us-ascii?Q?3IaFedlfXxAh4dQIC8e/A6AKYR/9AOjy1lWReFbsYLx2SCYeNJbdUZw0MKjK?= =?us-ascii?Q?Wj+qEgMheIcbLMzJ/gY89/GVUBMdCRL9JaeKjbsZgTESImfC7N1doriK1jD4?= =?us-ascii?Q?Bz7+34AYaF5qFUCRYVOHwyB8?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 88fc6cac-4d94-4123-10ec-08d90bce6eed X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:30.3283 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: bRvE2NXalrIqMQm4c07/phRv5tazs/2FIL+kCnO9QRhjEJmE7N+93+ZfZbGJ7bk5TlILOKPQTmESfLwj0OokrQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2783 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: Ewjk3vb1okV6O1BRXFtmW3Vhx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783565; bh=hTGGKAhJ1R0915kgJ5RZpGNOPqJUy4M/Cz9uosiWIbc=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=LforOngnUjUBbcl67Z3B91oNncmPb8SZ8HRwzcogYHcEzpIJIwYF1DXHMZIOkyqffNQ BVg3i14HWqKobL4TPKBzi49Fj9HHRzEwsHcy+wYeF5TNFpVxvRQMRIVszpTW5uGl0L/3x 2Tit+jOBSGXt3Sd9lpXRPw2OOqp2nPUYezg= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The initial page built during the SEC phase is used by the MemEncryptSevSnpValidateSystemRam() for the system RAM validation. The page validation process requires using the PVALIDATE instruction; the instruction accepts a virtual address of the memory region that needs to be validated. If hardware encounters a page table walk failure (due to page-not-present) then it raises #GP. The initial page table built in SEC phase address up to 4GB. Add an internal function to extend the page table to cover > 4GB. The function builds 1GB entries in the page table for access > 4GB. This will provide the support to call PVALIDATE instruction for the virtual address > 4GB in PEI phase. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 115 += +++++++++++++++++++ OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c | 22 += +++ OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h | 19 += +++ 3 files changed, 156 insertions(+) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c= b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c index 707db5a74a..996a319b26 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c @@ -536,6 +536,121 @@ EnableReadOnlyPageWriteProtect ( AsmWriteCr0 (AsmReadCr0() | BIT16); } =20 +RETURN_STATUS +EFIAPI +InternalMemEncryptSevCreateIdentityMap1G ( + IN PHYSICAL_ADDRESS Cr3BaseAddress, + IN PHYSICAL_ADDRESS PhysicalAddress, + IN UINTN Length + ) +{ + PAGE_MAP_AND_DIRECTORY_POINTER *PageMapLevel4Entry; + PAGE_TABLE_1G_ENTRY *PageDirectory1GEntry; + UINT64 PgTableMask; + UINT64 AddressEncMask; + BOOLEAN IsWpEnabled; + RETURN_STATUS Status; + + // + // Set PageMapLevel4Entry to suppress incorrect compiler/analyzer warnin= gs. + // + PageMapLevel4Entry =3D NULL; + + DEBUG (( + DEBUG_VERBOSE, + "%a:%a: Cr3Base=3D0x%Lx Physical=3D0x%Lx Length=3D0x%Lx\n", + gEfiCallerBaseName, + __FUNCTION__, + Cr3BaseAddress, + PhysicalAddress, + (UINT64)Length + )); + + if (Length =3D=3D 0) { + return RETURN_INVALID_PARAMETER; + } + + // + // Check if we have a valid memory encryption mask + // + AddressEncMask =3D InternalGetMemEncryptionAddressMask (); + if (!AddressEncMask) { + return RETURN_ACCESS_DENIED; + } + + PgTableMask =3D AddressEncMask | EFI_PAGE_MASK; + + + // + // Make sure that the page table is changeable. + // + IsWpEnabled =3D IsReadOnlyPageWriteProtected (); + if (IsWpEnabled) { + DisableReadOnlyPageWriteProtect (); + } + + Status =3D EFI_SUCCESS; + + while (Length) + { + // + // If Cr3BaseAddress is not specified then read the current CR3 + // + if (Cr3BaseAddress =3D=3D 0) { + Cr3BaseAddress =3D AsmReadCr3(); + } + + PageMapLevel4Entry =3D (VOID*) (Cr3BaseAddress & ~PgTableMask); + PageMapLevel4Entry +=3D PML4_OFFSET(PhysicalAddress); + if (!PageMapLevel4Entry->Bits.Present) { + DEBUG (( + DEBUG_ERROR, + "%a:%a: bad PML4 for Physical=3D0x%Lx\n", + gEfiCallerBaseName, + __FUNCTION__, + PhysicalAddress + )); + Status =3D RETURN_NO_MAPPING; + goto Done; + } + + PageDirectory1GEntry =3D (VOID *)( + (PageMapLevel4Entry->Bits.PageTableBaseAddres= s << + 12) & ~PgTableMask + ); + PageDirectory1GEntry +=3D PDP_OFFSET(PhysicalAddress); + if (!PageDirectory1GEntry->Bits.Present) { + PageDirectory1GEntry->Bits.Present =3D 1; + PageDirectory1GEntry->Bits.MustBe1 =3D 1; + PageDirectory1GEntry->Bits.MustBeZero =3D 0; + PageDirectory1GEntry->Bits.ReadWrite =3D 1; + PageDirectory1GEntry->Uint64 |=3D (UINT64)PhysicalAddress | AddressE= ncMask; + } + + if (Length <=3D BIT30) { + Length =3D 0; + } else { + Length -=3D BIT30; + } + + PhysicalAddress +=3D BIT30; + } + + // + // Flush TLB + // + CpuFlushTlb(); + +Done: + // + // Restore page table write protection, if any. + // + if (IsWpEnabled) { + EnableReadOnlyPageWriteProtect (); + } + + return Status; +} =20 /** This function either sets or clears memory encryption bit for the memory diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c index 1fc3337f7c..ff4c0742ed 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c @@ -10,9 +10,12 @@ =20 #include #include +#include +#include #include =20 #include "SnpPageStateChange.h" +#include "VirtualMemory.h" =20 typedef struct { UINT64 StartAddress; @@ -68,6 +71,7 @@ MemEncryptSevSnpPreValidateSystemRam ( { PHYSICAL_ADDRESS EndAddress; SNP_PRE_VALIDATED_RANGE OverlapRange; + EFI_STATUS Status; =20 if (!MemEncryptSevSnpIsEnabled ()) { return; @@ -75,6 +79,24 @@ MemEncryptSevSnpPreValidateSystemRam ( =20 EndAddress =3D BaseAddress + EFI_PAGES_TO_SIZE (NumPages); =20 + // + // The page table used in PEI can address up to 4GB memory. If we are as= ked to + // validate a range above the 4GB, then create an identity mapping so th= at the + // PVALIDATE instruction can execute correctly. If the page table entry = is not + // present then PVALIDATE will #GP. + // + if (BaseAddress >=3D SIZE_4GB) { + Status =3D InternalMemEncryptSevCreateIdentityMap1G ( + 0, + BaseAddress, + EFI_PAGES_TO_SIZE (NumPages) + ); + if (EFI_ERROR (Status)) { + ASSERT (FALSE); + CpuDeadLoop (); + } + } + while (BaseAddress < EndAddress) { // // Check if the range overlaps with the pre-validated ranges. diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h b/Ovm= fPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h index 832ff10a33..25de939797 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h @@ -143,4 +143,23 @@ InternalMemEncryptSevClearMmioPageEncMask ( IN PHYSICAL_ADDRESS PhysicalAddress, IN UINTN Length ); + +/** + Create 1GB identity mapping for the specified virtual address range. + + @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use + current CR3) + @param[in] VirtualAddress Virtual address + @param[in] Length Length of virtual address range + + @retval RETURN_INVALID_PARAMETER Number of pages is zero. + +**/ +RETURN_STATUS +EFIAPI +InternalMemEncryptSevCreateIdentityMap1G ( + IN PHYSICAL_ADDRESS Cr3BaseAddress, + IN PHYSICAL_ADDRESS PhysicalAddress, + IN UINTN Length + ); #endif --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74650): https://edk2.groups.io/g/devel/message/74650 Mute This Topic: https://groups.io/mt/82479076/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 18:16:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74651+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74651+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619783558508787.8376482817775; Fri, 30 Apr 2021 04:52:38 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id bLp5YY1788612xOuoODpGwxu; Fri, 30 Apr 2021 04:52:38 -0700 X-Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web12.10214.1619783548337545009 for ; Fri, 30 Apr 2021 04:52:35 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BT8qYs4T2bc5c+tZ26xI53b1N+B6fa47gokw8niCw6A+4Miuw9QdefqelxeB/lTCAsgGD1RezXPlPgz071OGJIhmIX2KxCXbon2PhWabL6ZuEug12AZZ/2F7fZmMQsgk6uq1AlmtbkGNF07GBRcWd/LKj434z5mB/Fibeax8NJ3FRc/MHNcD4YqeAt4b6M5RK/mOnLAgIU7MLDJ1cHSIWNij1gvCWdepcU2LxC9+egIVJFlS8gvbpS4/UJ21lOGaPkKBEr2ZYHBH4F5Sz6MjdiRB8AGFnDCAihpOfrv3Bwf9lSPURGDFJ9N0C4n4BamCkhw3mg0UHPL+gLiZJuBh+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+mvpw52pGqbRa5XlKoQ7QSFYm7oVu0wxuD6l5T3NezY=; b=PwuWJR6LWWmAzX2PLCu83Iy0vgb6PvddOYxfS0QHhRvwN16diDENY0emjFvNpR50KGAA0e37WLx2GrGqobXrfJJ9lHbHpnUBragx2Nmyv/6eFjhqsW9f/Lt9VWARS85A5iE3JKJL2Y/jO5W7pd3fuSrBbORivydNhngdXDICPj3WkiUyzVvNBQKjzNC0V86+qGTmmmR2NixGMnr08UvJ+r7hPpoYhhFHGz9drqFwIjjJesJt2AX+bNgFJ6ByuM2pzSJfOW/YOSgyvyzP4qAqXoMX++bCGYp1437JgDUKISmy4f88bNT+uvB5GGrMRifREoFFESxNiz9+VUu5HC9nMQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2783.namprd12.prod.outlook.com (2603:10b6:805:78::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.25; Fri, 30 Apr 2021 11:52:33 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:32 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 24/28] OvmfPkg/SecMain: Pre-validate the memory used for decompressing Fv Date: Fri, 30 Apr 2021 06:51:44 -0500 Message-Id: <20210430115148.22267-25-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:30 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 380b128b-b414-42cc-2059-08d90bce6f46 X-MS-TrafficTypeDiagnostic: SN6PR12MB2783: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: x6UDiZXRowqu6ruFooZ5yguvzq+AOtn0s+Wud/TWBEvpBC1ItyesWlVg8WJ2rMpvNORdTX8ZSi3ezhzNcUD2QO3Mh+xvHRwKotguqb8PsoENIRXM6uGu7YNMlB9AEM7FWCU/dea447x399meS1czPH8UQsNDxvNDBu4dlXMcZOn0Nu+gbcF7bWnluJftrUI0jSGAEGDPcR18d7aWB3sssrFi4gn94n7zgmRn3IiuPfH2EJyRI0tLIkALIv7dM8Ip4y1srZp8Zl3zJ4gWfsF8mTzo7zFWztUkne7ndyI+21hYYoG2jrIuOePVcrGZeM3luKPkHCsrQ6wgfarPYdllQP4Aw+nt2eb6A1v/NWkdp3pb6i4egQFPo8EQA9MwLhZzzyHhG6SCNjrSdrfl5mAkToZbOXr5TMSijT4mInXicHtEBuRnmnyjaotRgKQ7uyd2U5Dtl4Yid4rSg6wnrDohfewQqMcbsoueBk1slFUoy2rsSME8mhTi0ARF3gg/4yoozLlwjKmsyewBmLjAH4jULYIDKAGC5ndAoUyRb+ptQOe6rF9oPtDjKV1fOt+b6C63Z8WZDPLFB7zKNcSvNJZ4Jcgua/G3gdQMTY72cVDIXD2it9QzuqjrYdb33hqEx5UZj6So83PC9tclyIlcdE3N2TB4n4kMtk6LZWiJ0qdrEnoqqxL85ay8Fcpchp2uFQ1/p67x4qEIHaj4Z1nk7wj/53aaIN5YF9BfP/pGpdToi+E= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?+mYdLZMNUjnb4iL9bGgNRpksbenhbSXFRQmdNa6pobHOMiZgWethB/2CahgA?= =?us-ascii?Q?DStYMTEOxCyhaMr5YOU8DnhGZzckv5WDgNNJA5D23oR3NroYPxzGLV51bZXV?= =?us-ascii?Q?S/fhWmlZZ6Q6UpFpbFNceppdIqyTauxUyJ7fHJLQFVojh3k35HjhMSY3ts3s?= =?us-ascii?Q?g3qSOnpBcWrAqlqV52cUKR9NvXpMzITwEmYxkQ9MlqEPRQIMRSjtLadI4SUq?= =?us-ascii?Q?N2CEeszmrSS5+QXVRvZv9GrVxfECDAw2Oo1neFAQQCPfDDxG6BKW2BT7EPlA?= =?us-ascii?Q?TZd6WkYRO4CgYJBblMNxIQYKO/77+r92M9WnEjI6qTTN3r0rTOvXr7LIoIz9?= =?us-ascii?Q?ptj/jNprQyr+Tm7BLnAbcXWN7qnt7WctOZCwu06bJjncVYadEp6dlglFs2h6?= =?us-ascii?Q?c7k9DKZyFN0qcUbV6VQimBGoDLkukvYoCVMHaGBMwC4UYiF4MN1H/9hUtY9T?= =?us-ascii?Q?EGNmDOQSVhHT2w4yj7P/h5USgWk3F5RAVnPhvCFE7SJOwmTG1TgX0mQSRk4W?= =?us-ascii?Q?r+LZDsJ5ltUN9OocmaGAjPcAiDpsZjrBlUS/hWA80iKJo9oIlqvwr9XIsYyZ?= =?us-ascii?Q?wuctg97vZEPInCHDIm1oLwwXjOYBNyKJeKLQezjg5CdqOrs/9fryl27tQNS/?= =?us-ascii?Q?+cGC23c0UbuKag4gN5WBk6LJXKG57r/cIBIQYBBOa9hTi29biJ+/Zc142JJK?= =?us-ascii?Q?xF2+tH9bj3xbSFf2HYZ26ieg8OQus3ahJaQVV+Sp7QWRcX2kajCRT5A+kAsM?= =?us-ascii?Q?pUjK10kAiPqgcJ7I61TTB7l8iHIDsJ3NSJM37YT/fWgdNocNBfyr3qDtW0jp?= =?us-ascii?Q?WDLSfRgYw4MJi5E/0jnusNigeVh/4L/CotM67HUj/9wfLYSMNxbPRUu92x5a?= =?us-ascii?Q?zzeE3B0y4tJLzZL2GUvKdkdIRBHvXpy1vl9OQXentCDC5Wd4ef0cCYKdIXQb?= =?us-ascii?Q?wa+yJpL4n67IqMNvdCU59GJiDSB8bNbV61AIZI4ZBelju1joqcsuOdHkeZ3q?= =?us-ascii?Q?exKfTO+dIgXSXDGtiK3UA6zh3A3+7NNSeakZKtNgOdNwTJr0pCWa4b8bw6RD?= =?us-ascii?Q?8650hvXHKGNbBIfbng0Ff3F+/6IrMymp3dMQ6LC1tHZ05RjyL2gjgsudiD46?= =?us-ascii?Q?1haiJRCNxAAL2dBo5KcIcx+emlhvo/MTUjcUfTKr4JfejV91gjZY//eWcBe8?= =?us-ascii?Q?Ba2WSG7qK6rngxbKgkMc6NsDQAXqWzPH5S4YKyxP/a+ThIemTKQU533n7M+d?= =?us-ascii?Q?q7kekq7IFUpAsBjVjKVjMWRf+CiWHR+O/WqEvSrvtkzjKQpKR0ENCWHQlFzL?= =?us-ascii?Q?lre63yAn3B8jYN3o8KvouWbZ?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 380b128b-b414-42cc-2059-08d90bce6f46 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:30.9100 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: eNWF50Rpvn2/uTkMYvdmI8Q41e1m+/G1dlhQP1FntJnYlCmFLSd2IBMu1NF22zDag8pJsYXH0NyI4wR6UobGrw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2783 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: 6RU77fY1mK4jIXlfLlLnV77Kx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783558; bh=ZIet9pr2dLM+26zFGzlIcPc6Ps2pa7Fxa+gE1z/NAc8=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=AaOU1d+GE3R1yx0MG6Uaj6mMz3nlgdAyO2w+IQBaKM+K5YIdNFREdSLn99yeJ0RfRhu 6jorPuELNzPp7cW6MDSBJn2WKgVEnTBYqUU6VphM060q082mPJFmkpX3AAmO4VXcG+q6r ovY2xt17NHAVajbwAuNQQe0qpcyV/E00iCc= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The VMM launch sequence should have pre-validated all the data pages used in the Reset vector. The range does not cover the data pages used during the SEC phase (mainly PEI and DXE firmware volume decompression memory). When SEV-SNP is active, the memory must be pre-validated before the access. Add support to pre-validate the memory range from SnpSecPreValidatedStart to SnpSecPreValidatedEnd. This should be sufficent to enter into the PEI phase. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/FvmainCompactScratchEnd.fdf.inc | 5 ++= ++ OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf | 2 ++ OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c | 5 ++= ++ OvmfPkg/OvmfPkg.dec | 5 ++= ++ OvmfPkg/Sec/SecMain.c | 27 ++= ++++++++++++++++++ OvmfPkg/Sec/SecMain.inf | 3 +++ 6 files changed, 47 insertions(+) diff --git a/OvmfPkg/FvmainCompactScratchEnd.fdf.inc b/OvmfPkg/FvmainCompac= tScratchEnd.fdf.inc index 46f5258329..b560fb0b8e 100644 --- a/OvmfPkg/FvmainCompactScratchEnd.fdf.inc +++ b/OvmfPkg/FvmainCompactScratchEnd.fdf.inc @@ -63,3 +63,8 @@ DEFINE DECOMP_SCRATCH_BASE_MASK =3D 0xFFF00000 DEFINE DECOMP_SCRATCH_BASE =3D (($(DECOMP_SCRATCH_BASE_UNALIGNED= ) + $(DECOMP_SCRATCH_BASE_ALIGNMENT)) & $(DECOMP_SCRATCH_BASE_MASK)) =20 SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDecompressionScratchEnd =3D $(DECOMP= _SCRATCH_BASE) + $(DECOMP_SCRATCH_SIZE) + +# +# The range of pages that should be pre-validated during the SEC phase whe= n SEV-SNP is active in the guest VM. +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedStart =3D $(MEMFD_= BASE_ADDRESS) + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvBase +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedEnd =3D $(DECOMP_S= CRATCH_BASE) + $(DECOMP_SCRATCH_SIZE) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf index f4058911e7..2b60920f4b 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -58,5 +58,7 @@ =20 [FixedPcd] gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedEnd + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedStart gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c index ff4c0742ed..7d8e681acd 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c @@ -27,6 +27,11 @@ STATIC SNP_PRE_VALIDATED_RANGE mPreValidatedRange[] =3D { { FixedPcdGet32 (PcdOvmfSnpHypervisorPreValidatedStart), FixedPcdGet32 (PcdOvmfSnpHypervisorPreValidatedEnd) + }, + // This range is pre-validated by the Sec/SecMain.c + { + FixedPcdGet32 (PcdOvmfSnpSecPreValidatedStart), + FixedPcdGet32 (PcdOvmfSnpSecPreValidatedEnd) } }; =20 diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 70948ab478..d1bfe49731 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -332,6 +332,11 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart|0x0|UIN= T32|0x49 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd|0x0|UINT3= 2|0x50 =20 + ## The range of memory that need to be pre-validated in the SEC phase + # when SEV-SNP is active in the guest VM. + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedStart|0|UINT32|0x51 + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedEnd|0|UINT32|0x52 + [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10 diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c index 7c9650ba8f..c5467465ab 100644 --- a/OvmfPkg/Sec/SecMain.c +++ b/OvmfPkg/Sec/SecMain.c @@ -907,6 +907,26 @@ SevEsIsEnabled ( return ((SevEsWorkArea !=3D NULL) && (SevEsWorkArea->SevEsEnabled !=3D 0= )); } =20 +/** + Pre-validate System RAM used for decompressing the PEI and DXE firmware v= olumes + when SEV-SNP is active. The PCDs SecPreValidatedStart and SecPreValidated= End are + set in OvmfPkg/FvmainCompactScratchEnd.fdf.inc. + +**/ +STATIC +VOID +SevSnpSecPreValidateSystemRam ( + VOID + ) +{ + PHYSICAL_ADDRESS Start, End; + + Start =3D (EFI_PHYSICAL_ADDRESS)(UINTN) PcdGet32 (PcdOvmfSnpSecPreValida= tedStart); + End =3D (EFI_PHYSICAL_ADDRESS)(UINTN) PcdGet32 (PcdOvmfSnpSecPreValidate= dEnd); + + MemEncryptSevSnpPreValidateSystemRam (Start, EFI_SIZE_TO_PAGES (End - St= art)); +} + VOID EFIAPI SecCoreStartupWithStack ( @@ -1038,6 +1058,13 @@ SecCoreStartupWithStack ( SecCoreData.BootFirmwareVolumeBase =3D BootFv; SecCoreData.BootFirmwareVolumeSize =3D (UINTN) BootFv->FvLength; =20 + if (SevSnpIsEnabled ()) { + // + // Pre-validate the System RAM used in the SEC Phase + // + SevSnpSecPreValidateSystemRam (); + } + // // Make sure the 8259 is masked before initializing the Debug Agent and = the debug timer is enabled // diff --git a/OvmfPkg/Sec/SecMain.inf b/OvmfPkg/Sec/SecMain.inf index 7f78dcee27..8144b1d115 100644 --- a/OvmfPkg/Sec/SecMain.inf +++ b/OvmfPkg/Sec/SecMain.inf @@ -50,6 +50,7 @@ PeCoffExtraActionLib ExtractGuidedSectionLib LocalApicLib + MemEncryptSevLib CpuExceptionHandlerLib =20 [Ppis] @@ -70,6 +71,8 @@ gUefiOvmfPkgTokenSpaceGuid.PcdGuidedExtractHandlerTableSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDecompressionScratchEnd gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedStart + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedEnd =20 [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74651): https://edk2.groups.io/g/devel/message/74651 Mute This Topic: https://groups.io/mt/82479077/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 18:16:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74652+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74652+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619783559035363.8679307545392; Fri, 30 Apr 2021 04:52:39 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id eVNIYY1788612xEptSDLYOyw; Fri, 30 Apr 2021 04:52:38 -0700 X-Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web12.10214.1619783548337545009 for ; Fri, 30 Apr 2021 04:52:35 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XIKiCwGgRvUHy4B+PElmNniRVtDxXVhYprtfqlwsebTz0p7JwVTZbiC19u147nn/7KOX24vdG9I71xUYF3vC0zjhj2UnXK4vNOUlwFqoGtFLx5Md2v2Z456NgaDGXZdsTfZ57B2GXsMDiKPtj1m3nqzqtSmCtn0eJpMsGpm8zqxVjhO0I+ZYM6jqGpEQEheg5CI7HV3E5uIHNNhfHrauEj8qmgb7ZSmitCnN2A2MtquwkT+MOgPnrGkK7m7Wow7JdFytSo5d8tkx0jI4oziSJKKXpGk9Shf5vwZNtBXtTl5S3rw6CAI3DrLMm0i6rVNbT0gvgkomju9S4B6xi5I+TA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1r0cjMq1aWu9QNfIagE+5sVPhLkcPB04VfnRI0uiLI0=; b=Z8u+Tv4nBCJSRI0qfNNOQ4600GU1YMVByH7GfYUOROp9qmszA1TP8YVDelB05ecbVUNasuw4Y40jocvhzGzBDzYmxzNNPdv7o0Vd/3SAYt7ZIBl/gI1EvslxIgG9aCdd0BiEroyzmfCAacNUpLEgCU8cXXn+zDEjBoPAc2o34SiDgbB0vpLqYE1FESq3i5+LmPBgzgA2dtvEs864S459vxjYleMlQoZeaOq9E9Tf5hac5u7GhfmM57r4RRBccOiUCMPsoFT1lQvmSN+1qO/HoILwbzjVGE7x8LLNSb1JnC+MJxhjJoLxJ8DgZEQ21u0UIW9HQ+/ANuo/caKWxYzYMQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2783.namprd12.prod.outlook.com (2603:10b6:805:78::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.25; Fri, 30 Apr 2021 11:52:33 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:33 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 25/28] OvmfPkg/PlatformPei: Validate the system RAM when SNP is active Date: Fri, 30 Apr 2021 06:51:45 -0500 Message-Id: <20210430115148.22267-26-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:31 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ebcaa4ef-6878-4af1-fbe4-08d90bce6f9b X-MS-TrafficTypeDiagnostic: SN6PR12MB2783: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: M8XIBAWuWwq7O7GodIxz5IKhq/6mdS+X1HJ23qna+jwu8HE5Da/HUZ6C6KLxdFOxND/ryEHh4NTy1yxPuPtpxoaP3REUwJRpCe0a9QozBRHoA68Z43SvpiV3AuUDR+rMUiHrP1O2YKkKsR1t0FBqjAqqv4niAJqh5ZUqRqfgyc+IZgkJd08kKpCY9YApOHU2sqfS4hg4PLH1n9zWoW/BDWdVD6NtNTdRLJa/Hx764Z5+mKqe8gy09O/uWGV0yLYezCXlMVYvEcEYldRYahAYFIC7t8Y6B4vitrZnby6psusQDwUAUSe/U1TtpfgsBRKe6gmPQW9sw9e2Z+LvEZG1WIHcrehmZdknQ0Q24u5XPWAjRtXDYbyNxECJb5HC2+ZWo76ZTxav3zJqfxRG6/nqUdY0UePtajrfxDa/qMGxHnUMuLYu1Ci/wkdJOSDkd3U25jOZHHvfQkue6mAV+2MbTiwj6cRzzAGgqCxd8oZ7WGDq8XktEVuOSDBZRUcs3dkw+P6IGD1Ijwx2BW0hSxKRuJZHmUG7f8tHkTJZE3cewrJq9eL8VtXw31nduIud0V1xgSAls5w935rcsswS5K4sShtiA1eGgsrioyAcjeF89wyPGlrOfR+35serf8vEMshBO/8tsswRylWWRu83xacR3gsDxMVJnkJlzp2fF3AqYe+RQhg7XThQYHHh8jk+dk2487tiMoq5m86Jq7qUCJ8XYb6pyFjAAsp+TAmlmRxKlvA= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?r6lb2DycOgLo0zyBfpBLmA7npJD8jo625Aus4F5of6dPaCZs6tNz5VN1OUB5?= =?us-ascii?Q?wru+Djr+xXBW4Xu1ym9Ai0Be39bbr+cHaz8nqFfw0NROSFJhgTAQqZiHoI99?= =?us-ascii?Q?7AwD0NPFkwm7ZdDJ5xgGt7VP/M8Pipx+4ZHZQY7T6V9Vy4Uyezqg/vzA2E1y?= =?us-ascii?Q?Gpkb2RN/hgiTjnBYH8kWt4isqMzMtfhLCNOJyKNN+bWvGf9w0ADFjBoR4E+N?= =?us-ascii?Q?CjIahWG3drlAOMa3+3Py/+pgeUmcv9UQPSmRBF1+Ro3MuJPy4dRfER7kI9Mk?= =?us-ascii?Q?xOz7KIx57NowpUoUDLPoN9y56+aqywMVGRXafASrVXnc3rpY/ouo/GX23B6y?= =?us-ascii?Q?x8RCOWCxxAQ8DDEUNxSPsvMsfS/D673mcxsG3p8G1/EABwSIWo9dwg2rLG21?= =?us-ascii?Q?SDEiEOOY00wuVg56FHfynm5d8h1KREvm32x/qF90eQFf97fKLTNVqwUeK2JP?= =?us-ascii?Q?ij1SKwfG/rzv5dFK7u0D6v8O1/6I9R/xMvZPpfLbP+MzqaCACV4hNXO5iktW?= =?us-ascii?Q?ws1PtQsY8bc6DJe/k3C8c9yt9ulsIQUb8mJDQq/qrdKOJfoKqXcYb+cwVdIn?= =?us-ascii?Q?EE9UQ/f3jVhsso9Bjyldm1i77mh9V65KwYzhAamIyZsGEEygIdm5c/v2sojF?= =?us-ascii?Q?JcPcqbeqABqfRoabgHTFhV7yg6+WSQznysnrOx5pJ1unxjMHjOYXNaqEJ00S?= =?us-ascii?Q?T+rMDYzukvuPPYtnwVol9Mr0rWH3fPz4laGVU6pHXJxsmn+h5Lyg/Fnkg55g?= =?us-ascii?Q?fPOZnImYbBfgROhYqMttLb1uzJEgGQBkyIKS8M3Uj6bwxnnyvb+CqwLAsSNF?= =?us-ascii?Q?bGhFWIvNhNkPcQwpLatrA94XMo2FsivjC6Iw/1UpGH3PMUCRJCH1joA7fj3p?= =?us-ascii?Q?y81PwXdds8CO98Ro039unNdx5E0mDA8Z3uONULy0MWKl0hrmOAnSnKu8A+ZT?= =?us-ascii?Q?X2STIDNbueqpqPU2KcVFtpjpWDSkD9HcK77xJsGTXXXFWuXGzSyHDFksu+tl?= =?us-ascii?Q?lx9c4v/HJCXATzlZvYCL1U+/cnz+ceqaK9dXUPUecDTPiTXeZVF9jdfjCPxj?= =?us-ascii?Q?emvJ3xpRqRVzR3I+MmurIYoRBb9RCHenbvo2r0cexWbsYu6jS4QyXtwy1QB9?= =?us-ascii?Q?HI4CbAtl21nlyzp6mok2p2XoNJy7mW95TnD/7iwBtsyE7J/44Su3VisyWpTy?= =?us-ascii?Q?d8U0gRX4DlAEVvJ9cRLZ/nhpWXquFvanbyJFvjZtZXSLXVg89DpfC4IZkv5f?= =?us-ascii?Q?aBoP9UNSQT/5NwHkiypZwZhNPkWw4FvpWqDCtMT/9UCaWeaN91kWZFfk0pBJ?= =?us-ascii?Q?N25iJJvGLvRwjDvmb2WdfZOP?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: ebcaa4ef-6878-4af1-fbe4-08d90bce6f9b X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:31.4817 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: hseSbweO3x8dAjZDa4dg+fjVGarTQWAEd7zkls2+cwKqPxkCrEUaVx0FDSDCpkebD/6ZPSoTEWH71R1gzsTe6A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2783 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: QFm6Z0SYokdHN7PhTXWehPLqx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783558; bh=83HzpkjoZZ+WX5WAXs1XeCgFDsadw5UJbKAivx1FGgU=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=vmoNkmz07zvoGQPoVbzDtkDYGNtgvBFs/1/aipFwqvxImgMbSSBl5o36rUUGW3bZfpZ Xi+nh+ceC5SuHC+O7BGSflCqMeCSK0LKO5sGgj1btZYPa88LcNxHl8BqgF+3/guFDgvrl ZRv1NoM/yCkRhzEpmrvb/TpFc+y+ke+jT+0= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 When SEV-SNP is active, a memory region mapped encrypted in the page table must be validated before access. There are two approaches that can be taken to validate the system RAM detected during the PEI phase: 1) Validate on-demand OR 2) Validate before access On-demand =3D=3D=3D=3D=3D=3D=3D=3D=3D If memory is not validated before access, it will cause a #VC exception with the page-not-validated error code. The VC exception handler can perform the validation steps. The pages that have been validated will need to be tracked to avoid the double validation scenarios. The range of memory that has not been validated will need to be communicated to the OS through the recently introduced unaccepted memory type https://github.com/microsoft/mu_basecore/pull/66, so that OS can validate those ranges before using them. Validate before access =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Since the PEI phase detects all the available system RAM, use the MemEncryptSevSnpValidateSystemRam() function to pre-validate the system RAM in the PEI phase. For now, choose option 2 due to the dependency and the complexity of the on-demand validation. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/PlatformPei/AmdSev.c | 33 ++++++++++++++++---- 1 file changed, 27 insertions(+), 6 deletions(-) diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index 54b07622b4..9a20165db7 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -34,7 +34,9 @@ AmdSevSnpInitialize ( VOID ) { - RETURN_STATUS PcdStatus; + RETURN_STATUS PcdStatus; + EFI_PEI_HOB_POINTERS Hob; + EFI_HOB_RESOURCE_DESCRIPTOR *ResourceHob; =20 if (!MemEncryptSevSnpIsEnabled ()) { return; @@ -42,6 +44,22 @@ AmdSevSnpInitialize ( =20 PcdStatus =3D PcdSetBoolS (PcdSevSnpIsEnabled, TRUE); ASSERT_RETURN_ERROR (PcdStatus); + + // + // Iterate through the system RAM and validate it. + // + for (Hob.Raw =3D GetHobList (); !END_OF_HOB_LIST (Hob); Hob.Raw =3D GET_= NEXT_HOB (Hob)) { + if (Hob.Raw !=3D NULL && GET_HOB_TYPE (Hob) =3D=3D EFI_HOB_TYPE_RESOUR= CE_DESCRIPTOR) { + ResourceHob =3D Hob.ResourceDescriptor; + + if (ResourceHob->ResourceType =3D=3D EFI_RESOURCE_SYSTEM_MEMORY) { + MemEncryptSevSnpPreValidateSystemRam ( + ResourceHob->PhysicalStart, + EFI_SIZE_TO_PAGES ((UINTN) ResourceHob->ResourceLength) + ); + } + } + } } =20 /** @@ -204,6 +222,14 @@ AmdSevInitialize ( return; } =20 + // + // Check and perform SEV-SNP initialization if required. This need to be + // done before the GHCB page is made shared in the current page table. T= his + // is because the system RAM must be validated before it is made shared. + // The AmdSevSnpInitialize() validates the system RAM. + // + AmdSevSnpInitialize (); + // // Set Memory Encryption Mask PCD // @@ -264,9 +290,4 @@ AmdSevInitialize ( // Check and perform SEV-ES initialization if required. // AmdSevEsInitialize (); - - // - // Check and perform SEV-SNP initialization if required. - // - AmdSevSnpInitialize (); } --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74652): https://edk2.groups.io/g/devel/message/74652 Mute This Topic: https://groups.io/mt/82479080/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 18:16:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74653+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74653+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619783559420959.7403014687465; Fri, 30 Apr 2021 04:52:39 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id jpJ9YY1788612xTUfMwQ7Sxa; Fri, 30 Apr 2021 04:52:39 -0700 X-Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web12.10214.1619783548337545009 for ; Fri, 30 Apr 2021 04:52:36 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Iec8lELoKnREnsBHfhFJbKxy0moqXhQRZxMCKRazbbtr/0qTEXHLdeYehnxcDGDw4FCYHqktLPycb7KTZoccp9x3paDDnoZLXr4i7DJgrhCSpagOErdQJTPPMwbotubGMCeifRyeBR340BJK3VHJLaLr2ms9vjK41yFVHPRgEeaoqXv8oNcAIa+u79e0qBl6SWFf7GXTdN2NT8NTJYDLtmlcY2LYlUDg0A0bc5GYt9ZfjQylZ+H1Tz8BBb3G2wTQLgCwKjc1gqZULzMvSCvk9HboLUuqTTb37d5X0pC81PUN4G1jpKbtEN2hm+Zw2UnCsvW3xLoW6R1krrN1W+zrLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=V0j8OP/2ANlnZHh8b5+1ZmnJsJerNrLcIgRlUD4YEYM=; b=FgYqB8zXTMr/7iiw6KrLwjsSreLtX4srAX7ky2i1DEHp38ADbbF7CPnaCHiTfCNSjWj0DOX/CgvZXApY3WAbEUg/6hsDIH/7w1UzCfQ5MBqvGUspwK0e8cBM9suUdtckgQ1jyk9rTqVVEmIku4egEpL9IX7QId5AjVJw4XVP65GfeMM0Dg5sn5rIfgSM3Bpnm6ge7mr6krRfgWRTIdLgFRoOtSCERpwSotRjky2uSWD5r4lQUXWI7Bm7sev1kI1BOMEGzhQC3Nepm0DeFPXXzdPgIWNnv5/YG0s6eV9NYb+YhoW85VUQn/1a/kuUHYLV4NDTAskNJHlgmHJFIIqEMA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2783.namprd12.prod.outlook.com (2603:10b6:805:78::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.25; Fri, 30 Apr 2021 11:52:33 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:33 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 26/28] OvmfPkg/MemEncryptSevLib: Change the page state in the RMP table Date: Fri, 30 Apr 2021 06:51:46 -0500 Message-Id: <20210430115148.22267-27-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:31 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 5f74b450-3531-4d87-f58b-08d90bce6ff5 X-MS-TrafficTypeDiagnostic: SN6PR12MB2783: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: p6j/UUpZYanuTX4b2aFOm9eQyK9UPl3KmSR7nr3bnFvWSQsE+UkpVAwycG3Koj8cZ7nedTOwLVUrU+dzcJqN5in2SSdRGMmLidYqSB7b3WiDHcFwW9cUvoYE3x8tCebvIR0f2XnS+heSl9KGgGn7KPx4ZE+KfU3yUA8ub/24SWwfhl2jMP4hu3bQXL3hYLsZk8vhpGgIbruhXSreaDTQKB72wDAxPC1XKDJujWnZ1VYwrp8ayM6lMJFaUnzpJPGYi+F23ebxStY46ngHUR+2KHfFHMuUmA0T8QGd7XNZqryS/CF1J7fPhcEtrM2mzYwJwy+kD2oICE84SOASD1zorIS1MguhX7kVT/NAXTFiU7za1XKs5r+6wUK83mjaVrGQINxuPJIokuITTSpxVVFRongi+YrW/w2xkGVZOt2z8HLJ4MT1TVN06xMWuxNafQ1RA0R9b/dRxhXDOimXd1piPK1kkKTnM9VK43qXMVveP6jJRzrLQmhcy63joeFpSzMhB3JDpRFgWixTeiViZRju0Jba44dAg0fCAA0BJLfwUqKTpyMTnFumK1IpuQ8kyHB9jpj4DbCeub06aRCGQWMeT53NwSW4rrbwSwX5GZcl6sUTaxV13XlMIwOoi480Bg/xgT1U4mJjJ0OviZhPU1dqvxyty6EWeGCIZACIkabwgNRbdm9m3cdCKnG3m67ABfUjX4zcodjenSvacOCA3fS3cgkfJ45TT0yz2gmafjciwbM= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?0lwuIGAyC9C9QbdKLQQGQA0Z0VmXVYBy1apqEGHpTK9eIGLb+oRPqznnqwjv?= =?us-ascii?Q?up7++kNzYkp7bLoVGUwQdS04qb7VXT3V3XVw8zigBCeGwa++qtlr56ijYqh3?= =?us-ascii?Q?+VN7ppIy5HNYiIGZYW/FolazrTB2No2AOyeZU/wlDFEzkO5Qch6TD4kI3L7s?= =?us-ascii?Q?bmcJ9ZJebpK16PHsrGVh/vg49YuMw08SLWdSxP3wa+zsBlZdW7XT8/eLux38?= =?us-ascii?Q?2JWdtlzTvY37ACV7KiWRGDqOOX6DM58XMdTjkgSMHnsWm44/R3tMFZgPYSZk?= =?us-ascii?Q?M+8/5nzzZQTKE9khWenlz/QJHUxlvRejy8KD7AoA1sH4lbQp+95yQ/qKg3Av?= =?us-ascii?Q?/MZTP7tzU+8e807u3eCK/uSjfmsvI9jFKuvKsiOKwpg0VEt5UWaobmr56ePl?= =?us-ascii?Q?gLtKDAIC2TRalEDUKaExvcLTC5Dz9EQ4TcjKya3gNvCejCQO6KzV8erkBkIP?= =?us-ascii?Q?8HGpl/us0E0+8Nl3cpiyVYjGybrmucZrqNh+J9tGGA7a6guYDjqY9mjpOaJW?= =?us-ascii?Q?pXdi1SS9c5mN9qh+X+ODXeI7ebULE+lWhOYOLNhVQTQ9B/qA2ZYfj/YgejNY?= =?us-ascii?Q?D4i5jbT0JenTilwab5tM3sVEnMCiuhWhUkknuVpTzy4zlOQov/GGszsjEJtM?= =?us-ascii?Q?yOFnZIU2Fz+5Iu2VRSO6iW6P/xHEqiVPfeGN23DVyaL08U0FfDJR1557uOZE?= =?us-ascii?Q?xBR1H2+IUjUIy9Nxz+2hcXYzj3jewm5D3FOoqOI1G8Z3XXuC3tTfOQ+qRFtS?= =?us-ascii?Q?F5h4uPYLAqGt+GVeizuJJBCpPcZN2+9Sg7yON7simY5gv65c8NrLSaix3flz?= =?us-ascii?Q?yWXkFzn+ZwX8N1iypiEMrBN6PJB4dcu1QjLUGDddgK3ykihYUY/+nIKREbq8?= =?us-ascii?Q?aQSqpKt2Qx0pebUJvHl1JNJwZGRnMwh+oDo51cQAWgHwbvyHJEGT2oSY3yQb?= =?us-ascii?Q?YBABSpzMEwwXaOVtWqExtsWdbnXLIMUZFxpxu5mHnE4542e6a/n5PHpHlEbK?= =?us-ascii?Q?3/A61H4K1E+Nce6fT9uqKjhkY1bUP7e77TxjTFM7BW81uHc1354OjvYiZbYR?= =?us-ascii?Q?RjhMQrYuRrpR0rUNVihk1Q2x+qKk5nEP8rkJCuquiXCy7694TQt1ypqkcPMs?= =?us-ascii?Q?tEXO3ZDaXAV9RRtEs3zbFuhnBl2AsNDoMjzFMr5xsYRZKQwEgjSRkFywzPk3?= =?us-ascii?Q?QP1dppWzW+01/kZx+9Z1Huz64N3h3Sv6Qq23PmygcS+J9Pko/XEYx44Vf6SH?= =?us-ascii?Q?Vk+6klEJ/i8nTVZgatS2rvkNWfiTSn+NLyvps+r2KsacryKf6dSbEDwPp0zP?= =?us-ascii?Q?t/sjMTDJ4GqDFWOrJA+X/lbm?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5f74b450-3531-4d87-f58b-08d90bce6ff5 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:32.0613 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: a44nVUUk2RyyTQ2Z1oSaldDXp88t0J16YrOn6bPYclkRWZljFXHfib0kunQgheTxi+YCo+TDlg0XBFnp5CEgFA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2783 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: MLtwSckGyQffc7aCdwRwn8GPx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783559; bh=DljtUGikc4WePBF48pX9s2Dt5d1Rn/mMSZDHIkbUvQw=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=e6G1UCfs6p7XsdmbLjRTVePMm2xLRSdR1kpInzE4Wm49ATxgpesD30ll6xwcEmtfwuf rdqjgs0xNk87QqVzg1z16agOoUNDXh1i8jO7uhtxza3gQrE+9y/Ed+1ivCDBdkbaodeO3 cqlYUIxYFwqk6+Y07b82nkvwsWlGkebyZiU= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The MemEncryptSev{Set,Clear}PageEncMask() functions are used to set or clear the memory encryption attribute in the page table. When SEV-SNP is active, we also need to change the page state in the RMP table so that it is in sync with the memory encryption attribute change. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf | 1 + OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 34 ++++++= ++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf index 2158e1cba3..f613bb314f 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf @@ -51,6 +51,7 @@ DebugLib MemoryAllocationLib PcdLib + VmgExitLib =20 [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c= b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c index 996a319b26..9cca8efecb 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c @@ -17,6 +17,7 @@ #include =20 #include "VirtualMemory.h" +#include "SnpPageStateChange.h" =20 STATIC BOOLEAN mAddressEncMaskChecked =3D FALSE; STATIC UINT64 mAddressEncMask; @@ -697,10 +698,12 @@ SetMemoryEncDec ( PAGE_MAP_AND_DIRECTORY_POINTER *PageDirectoryPointerEntry; PAGE_TABLE_1G_ENTRY *PageDirectory1GEntry; PAGE_TABLE_ENTRY *PageDirectory2MEntry; + PHYSICAL_ADDRESS OrigPhysicalAddress; PAGE_TABLE_4K_ENTRY *PageTableEntry; UINT64 PgTableMask; UINT64 AddressEncMask; BOOLEAN IsWpEnabled; + UINTN OrigLength; RETURN_STATUS Status; =20 // @@ -753,6 +756,22 @@ SetMemoryEncDec ( =20 Status =3D EFI_SUCCESS; =20 + // + // To maintain the security gurantees we must set the page to shared in = the RMP + // table before clearing the memory encryption mask from the current pag= e table. + // + // The InternalSetPageState() is used for setting the page state in the = RMP table. + // + if (!Mmio && (Mode =3D=3D ClearCBit) && MemEncryptSevSnpIsEnabled ()) { + InternalSetPageState (PhysicalAddress, EFI_SIZE_TO_PAGES (Length), Sev= SnpPageShared, FALSE); + } + + // + // Save the specified length and physical address (we need it later). + // + OrigLength =3D Length; + OrigPhysicalAddress =3D PhysicalAddress; + while (Length !=3D 0) { // @@ -925,6 +944,21 @@ SetMemoryEncDec ( // CpuFlushTlb(); =20 + // + // SEV-SNP requires that all the private pages (i.e pages mapped encrypt= ed) must be + // added in the RMP table (as a private) before the access. + // + // The InternalSetPageState() is used for setting the page state in the = RMP table. + // + if (!Mmio && (Mode =3D=3D SetCBit) && MemEncryptSevSnpIsEnabled ()) { + InternalSetPageState ( + OrigPhysicalAddress, + EFI_SIZE_TO_PAGES (OrigLength), + SevSnpPagePrivate, + FALSE + ); + } + Done: // // Restore page table write protection, if any. --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74653): https://edk2.groups.io/g/devel/message/74653 Mute This Topic: https://groups.io/mt/82479083/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 18:16:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74654+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74654+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 16197835599571017.7408057135801; Fri, 30 Apr 2021 04:52:39 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id qKbzYY1788612xZsxlG5T3ka; Fri, 30 Apr 2021 04:52:39 -0700 X-Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web12.10214.1619783548337545009 for ; Fri, 30 Apr 2021 04:52:36 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LDUrOUWUxOltgvBCz+2/7GBUHM6N4MLodnBXUIlyu2t4T7wILgLGUiF6r7DAWp4uKmG3NrOKM2xTtZSeY+Lwaym++BU2oOlYtvrSyibVua61T1vmUwJypVxcdBzti7NG+W3s6dablgfbWdWf8L6zXbz3E8XphASLTRJ1zjB+SGmozBpbv/MywTNzxRhEa75xyucpU8Bs7PR5VjjotdZWl3Ozs7UBY8yJWeBPbIzXziiIoIMovb8Hu0CEFVEL1DEbSJwnsbbLT6bVGqyi7+cClAKHVfsabp/dkwaaC4kPk2ssj+ZWA14/jYRT+ZeD6EmaeSPZaCfb2mvZ8Xd55fKy5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jFT2ripJ3fyRhcnCiCYO+pQdh3CcqMz2boo7IkvUxrw=; b=FkVAIAqJMSAVJPVhInHzQk39vrkTXHNyOCtE9gndr9xpVj9xHQy2eMk/3OTfpPd8LHMJvhY1odmtTmGIIVoqXaypLzSekuJvl7LmIV56msjjOcKdzzSvgdIq16k3h5VAURM4K+xwOvrrikimdPpzC8VT0XlOqo/0PlI2YHRpUvADqYJY5V3TU+qTLyzrZ9zyM7q0GIn6EpxjaQBZRAyuCM39FhcwJYynU4nGjyU7sIMgFjb8LXBCmTjVlluH9D6O96AoNe+M5D69WeoifB1smw/Wg64xxfGHHg7Ds7BH7w+f3yGqGizTD8ESpKJC+n3Be7pC38ExHqb4s+3liRVQHw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2783.namprd12.prod.outlook.com (2603:10b6:805:78::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.25; Fri, 30 Apr 2021 11:52:34 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:34 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 27/28] OvmfPkg/AmdSev: Expose the SNP reserved pages through configuration table Date: Fri, 30 Apr 2021 06:51:47 -0500 Message-Id: <20210430115148.22267-28-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:32 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 54ef6a66-b115-42ad-ef34-08d90bce704f X-MS-TrafficTypeDiagnostic: SN6PR12MB2783: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5516; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: 1H5ZcUdB9clW+BG2MW2Gxawrl+31AsMaGHBL2w5axKwEVOFcy3l7AgFQpURKeJGjogmUFYSEErNfKtScIUir7BCDryawUqgyhrMU0TfVKNekZkgooj/eFO0hJBilrVyaTSe0fR82k9lOzUipdDufQbpfImA97iCF/e3kAbhWDJb9UwP8F2wYSpSB7fUNEKH+zCIXOT5DnNHiQIKbIMDgoInlzM25IX8vS6lTMbwINsRK/Efko4DfZwOkrcbA/u724sWSpXwbe7pqd5NDd07KHL9tI8+FepMDquWdi5NVUzo7FG6ohwKrC07NGZ2xxiPZm/UKF5LGcCEq5m7FqsKOWJRxoEykSV5lobnUbnx1cQ6OaF7ZffoEWZSnW0qHiW8GgbLnDUHY+vnsu/qWZXTZOdEezWviSWjE3UrJhj35R7TLBOBrL5nWCumB5F7CVaLTosVc7nId/L4uxm3o737hsdarfZuXSYi062Xj+VboSU4L5sort4XnJSz+R9PgYDJViDJfghCOzcrkB0hamAxc3JyE5OlJrX8J4HcvclmW+RqczEkRScWZ9gewwgpKOEvx49S/CpODPKG4MhzU79pu2oFuU9trt/HLYrAKidqgsSls0ju9DNp4U1bawTZ4ENRc7trdJFP8SGufQNMrWTnBb1TZkH+aMqXGWcfz+0Nye30XVW192edUMaH10EHvYX3JmDBLHwqRXslpfcWNLxq27+gzyW1Zx23W5TFsC+4vo6o= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?c3lXqIUZIhrNjCBA6vELTD3feUwyYyUPdoqNiE0axRKeQGcrX/yxyOtQ6BVx?= =?us-ascii?Q?FdI7WfAsBaQRFmLS4uxG/V94TSzwFMftlT+zaRGjeBG/cI9XD3ZHTL7BiOM6?= =?us-ascii?Q?brsO6RoOHVzil+pWznIM3E30FijPUiU+MC1St4PyofqQcU/LJo0mg2RqbFyM?= =?us-ascii?Q?qA7QVtc3ORYNC9QPcv+E617Y0UWW3PMnPo/IlZwqbaYn0vIubTZZAiOwc86J?= =?us-ascii?Q?zfMI2Bh4S9TufDb3IYZkdLCKnVoY5nXZJ9jPLLwhVLsadSXCj57xzxzUDknS?= =?us-ascii?Q?mdNeAD9ythnLD2FRWetbP974H+O1CeBqihnDHYVKiyI8xqQb/aCAD9oFQGQD?= =?us-ascii?Q?1p12qYyxzwaFNpgnf2oMN/+GxjO80GhZ0Zq1pmbU1pwe6XInnDZ89/vMH6OV?= =?us-ascii?Q?Hmcn1fPS5JjnipAxqbPv/KuHrAib96DXr7l2s48N0DO5VQN+vZv12wZdzRan?= =?us-ascii?Q?onhuhgQzql86q/XTgg8QTvj37mhHTmcaAnOSep30Na7jULm3CTDFwFn456qf?= =?us-ascii?Q?HZtHhBU68PwzT/XVWEu1nb5D/S5DYKHpUGv1GZWWR4D8BhSm5GuO0HqIpiMI?= =?us-ascii?Q?XPW14YF5WtDVGkVT5IXwRwrnmCKYyCOblrt1L5t82sdvO2CarxDAOpZCUkUw?= =?us-ascii?Q?mTD//ZYvXb6RVn0NheB2+cEWHkehhPGMPFi1Lotx8D5b3yQ3Yj9G2szvrwp1?= =?us-ascii?Q?ur9vwzbJLl6adYGvwgu8h1E4/8QClxqUcdcRTRloGkWe9ibfhxM3j+3KMU/L?= =?us-ascii?Q?yVtPdvHqg8dbP+xx3qupxYUhk3XGMKFyyErpGgYXCw0+QNK8eW+BMcseuqhr?= =?us-ascii?Q?wQWJudZXCU5GIYNx2nDWiAcaY3WG03D4oXmJiWlnpJFivU3xIOkbB9lK05m7?= =?us-ascii?Q?e0zSUAAwbtPYsFaigqL62JdoEybSmrABLWAtsyad32t6EzdDFo62tEqsJLzO?= =?us-ascii?Q?3R8tDKfZpeKF6tksfNSgwudvKUfkiFKwC9pnMGAsW8ASnvIHV8ITypE53jnx?= =?us-ascii?Q?RYyR8fwzwyWgdSfv+SJiSm7ljjUY7BASIvAXwEQ6sue81/5k1D5NLKBlKq3P?= =?us-ascii?Q?YoUO3mifgWjp6gtfeY6HuV4Gta1YC8O3Av6wG8SKv0Nc4bKRbSWZ+ktr60ne?= =?us-ascii?Q?x8Eq0QdCzE5RJ3clzuCfs/LsYRJ/PbGASxZdcyVAytpHqpcTwWsPfkYbGioz?= =?us-ascii?Q?/MD9TZo4FMpTijnc9A47yW0PS8jAZXp15L7crOy4JF4EX683twTti6S+qMQO?= =?us-ascii?Q?di57sBD43mrydpfG1e+pSSjP2FNHB8WjWuK33osyPcuxyoGFm03CqDUdGckc?= =?us-ascii?Q?IQrnoeKS1NE+pgduRDtYLCnT?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 54ef6a66-b115-42ad-ef34-08d90bce704f X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:32.6820 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: a5AGB72wK3Ey2dk0VglM8Xn05zP7Xnut2yMKBMBDp4rhw0m8HE03hFB9WtC2YKfDuPAvuBxevpQY69H2wonqPQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2783 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: G2k3JNmJXgA9gv2geJ3KI7BNx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783559; bh=J6tzoA4yMOxD70WKk0zq6CtT27XsZsKP0tBpQvd3bWY=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=ZQLn6w7Is6S0Zhdzte4CwyNfFU069j8BgSzXYkd0M/uprUDMXP5x0bDmNrAfjMPBNB0 lj2lw/vG4cF7fhjASOZNpZ+X2rDwtQd3ZWjXPfuVinsPrxhpCPAYbaga2xTRbbJ9StmC/ 7ueiHmGcs31xoG1aEVjTnnTQLk63g4l4oZ8= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Now that both the secrets and cpuid pages are reserved in the HOB, extract the location details through fixed PCD and make it available to the guest OS through the configuration table. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/AmdSev/SecretDxe/SecretDxe.c | 21 ++++++++++++++++++= ++ OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf | 4 ++++ OvmfPkg/Include/Guid/ConfidentialComputingSecret.h | 17 ++++++++++++++++ OvmfPkg/OvmfPkg.dec | 1 + 4 files changed, 43 insertions(+) diff --git a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c b/OvmfPkg/AmdSev/SecretDx= e/SecretDxe.c index 308022b5b2..08b6d9bddf 100644 --- a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c +++ b/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c @@ -6,6 +6,7 @@ **/ #include #include +#include #include =20 STATIC CONFIDENTIAL_COMPUTING_SECRET_LOCATION mSecretDxeTable =3D { @@ -13,6 +14,15 @@ STATIC CONFIDENTIAL_COMPUTING_SECRET_LOCATION mSecretDxe= Table =3D { FixedPcdGet32 (PcdSevLaunchSecretSize), }; =20 +STATIC CONFIDENTIAL_COMPUTING_BLOB_LOCATION mSnpBootDxeTable =3D { + 0x414d4445, // AMDE + 1, + (UINT64)(UINTN) FixedPcdGet32 (PcdSevLaunchSecretBase), + FixedPcdGet32 (PcdSevLaunchSecretSize), + (UINT64)(UINTN) FixedPcdGet32 (PcdOvmfSnpCpuidBase), + FixedPcdGet32 (PcdOvmfSnpCpuidSize), +}; + EFI_STATUS EFIAPI InitializeSecretDxe( @@ -20,6 +30,17 @@ InitializeSecretDxe( IN EFI_SYSTEM_TABLE *SystemTable ) { + // + // If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING_B= LOB. + // It contains the location for both the Secrets and CPUID page. + // + if (MemEncryptSevSnpIsEnabled ()) { + return gBS->InstallConfigurationTable ( + &gConfidentialComputingBlobGuid, + &mSnpBootDxeTable + ); + } + return gBS->InstallConfigurationTable ( &gConfidentialComputingSecretGuid, &mSecretDxeTable diff --git a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf b/OvmfPkg/AmdSev/Secret= Dxe/SecretDxe.inf index 40bda7ff84..d15194b368 100644 --- a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf +++ b/OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf @@ -23,13 +23,17 @@ MdePkg/MdePkg.dec =20 [LibraryClasses] + MemEncryptSevLib UefiBootServicesTableLib UefiDriverEntryPoint =20 [Guids] gConfidentialComputingSecretGuid + gConfidentialComputingBlobGuid =20 [FixedPcd] + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpCpuidSize gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize =20 diff --git a/OvmfPkg/Include/Guid/ConfidentialComputingSecret.h b/OvmfPkg/I= nclude/Guid/ConfidentialComputingSecret.h index 7026fc5b08..0d7f1b8818 100644 --- a/OvmfPkg/Include/Guid/ConfidentialComputingSecret.h +++ b/OvmfPkg/Include/Guid/ConfidentialComputingSecret.h @@ -18,11 +18,28 @@ { 0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47 }, \ } =20 +#define CONFIDENTIAL_COMPUTING_BLOB_GUID \ + { 0x067b1f5f, \ + 0xcf26, \ + 0x44c5, \ + { 0x85, 0x54, 0x93, 0xd7, 0x77, 0x91, 0x2d, 0x42 }, \ + } + typedef struct { UINT64 Base; UINT64 Size; } CONFIDENTIAL_COMPUTING_SECRET_LOCATION; =20 +typedef struct { + UINT32 Header; + UINT16 Version; + UINT64 SecretsPhysicalAddress; + UINT32 SecretsSize; + UINT64 CpuidPhysicalAddress; + UINT32 CpuidLSize; +} CONFIDENTIAL_COMPUTING_BLOB_LOCATION; + extern EFI_GUID gConfidentialComputingSecretGuid; +extern EFI_GUID gConfidentialComputingBlobGuid; =20 #endif // SEV_LAUNCH_SECRET_H_ diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index d1bfe49731..f38c5e476a 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -126,6 +126,7 @@ gQemuKernelLoaderFsMediaGuid =3D {0x1428f772, 0xb64a, 0x441e, {= 0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}} gGrubFileGuid =3D {0xb5ae312c, 0xbc8a, 0x43b1, {= 0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}} gConfidentialComputingSecretGuid =3D {0xadf956ad, 0xe98c, 0x484c, {= 0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}} + gConfidentialComputingBlobGuid =3D {0x067b1f5f, 0xcf26, 0x44c5, {= 0x85, 0x54, 0x93, 0xd7, 0x77, 0x91, 0x2d, 0x42}} =20 [Ppis] # PPI whose presence in the PPI database signals that the TPM base addre= ss --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74654): https://edk2.groups.io/g/devel/message/74654 Mute This Topic: https://groups.io/mt/82479084/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Wed Apr 24 18:16:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74655+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74655+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619783563231199.90728084452098; Fri, 30 Apr 2021 04:52:43 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id EHp3YY1788612xpY6wxGpRB3; Fri, 30 Apr 2021 04:52:42 -0700 X-Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web12.10214.1619783548337545009 for ; Fri, 30 Apr 2021 04:52:37 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PAB5YzzfDz8UZiN2ZHkElb6MNCXAGomXuX+qqByZWoEEexazeW+ZdfP8dT1yqoDDGLsHcLW4Gu15E383tQqh9KxT8ID8zmFLVOO1oy8A3YqPX/DjoInCfT3Iks5hACzp68XPpngMeYui98WOidZQxjbQ9u77YXDpP8OhK9PX0VrvmN1vbac/MBnFtAB2JOwSGsbZ0iKbidrWBSXHKlN/Vh8Y2QVHUM8cWjpyZq1NtBeFHCB+S1Ge1SxTHwa+XYZ2jfBcCghXMjXCmLIYfUW3oP8pfzjKGJgIoviieeVS64QPA5teixBi4UqRImOCicISvZ9fTWsHASSv09Ry1PUSeg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0LIjxCnfLCImmf+ot1XW732zyeXzEiZjXSqHHq1Oc6c=; b=K88mNNVYYwN+iVt2TGM5CbWOhQd2yun23UHubFvvLwotxQOaRYwJC7uzlY3XDwF7DeWxJfuKC5yqTXzjXfhuDLuDFcvU1265UpI40II67NKbVICVCiYJEEhUfyz2TwYsxwzUe/DdpvQo+HqYU/QJelaQMzk/3Zdj0IUsanLKw6hS6lLWQ9pxBFyuZALOU4c52PE2ZagafoEjL40k4At5QpC6PXgwphy+mcvGntBVL/zWss8XFQShTRBRsLj0VuQre7zQeIJ1CR3ZNGWoG8/oPk/KFpwycxMuSgbKUsFJpM5GII2v2HFC48bDddciUZ6JYBuHXVO3+/1FMGgQL1IcoA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2783.namprd12.prod.outlook.com (2603:10b6:805:78::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.25; Fri, 30 Apr 2021 11:52:35 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:35 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 28/28] MdePkg/GHCB: Increase the GHCB protocol max version Date: Fri, 30 Apr 2021 06:51:48 -0500 Message-Id: <20210430115148.22267-29-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:32 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: c7171c57-843d-4e37-bcab-08d90bce70b4 X-MS-TrafficTypeDiagnostic: SN6PR12MB2783: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1060; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: GjHid13dymuXbBArrQ999COflR/F4QqxcUhY/kZYaGU4lZnNwhCV5x6GxkTPLz43o171gNZckqePl/jhGDD+5Dk9kpkAoO/qSDVlGzTirblDNLFw8Dj+G+PQbaInGw79sRazgd2cww69uTirL84hZhKxy4wTLw8Axtq+A1IBnMghA2yaANauJknfYsfgXuLyAmV91Q4cwEUjhXCgKzal1iJd1XKknGv0fkv6gRBfZQL0aNwqX51EQwG8Yd3vSBuuSXDnS5tj1k7/eWYjONkPSQh6kqlRB/oEg58QlcsmA/sXe+wo6RtunpbHYqAuDChEG1IsIhb80b8/DrIGDXNCeeG8MdhhOwFxZNFgLlkU1ikmoA8rzJVgCoiKn2ZeSAWU4MVYQsTdK6ZYQYh2Tkep1lwCxDPrvSPK9D55JtdN66H8wIk7Ggn+3nmsG5NSm9L3RfkAj2Gae7+lBBXZAghU07VVLpq7669wsHmfpeiMFoxC2aTrGpGbhnUKSOY+s3Qs3R9TDR1LGds+LOZzTXJvR+bYk04HA/RJTbrY3VzWgAs2FPp9/MZsbgTm/bBvl/br9rX03r3JCmYjhFnvq3tvmJMhOh1B4ohNbhRa/YkszFV/PH8rLDtn436UiJ0c+w+V2wo0qkPTufO9OlhzGsWYd3U7ZqeXdWyBZKDu+niORaKBpVFZXcI03CX6U+NgrYeY7gI3Q6nX1iM2lB1nCcSUJfXnM/XvOvvuS666O2bfs+4= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?12XbzPcRCSbQ5hnC/ECgDk23eqcByCPHW1oFv0OWP0Ok2OPFf3N4vf6WUhdi?= =?us-ascii?Q?SWxJakrI7jzQWzHH54auGjHi1IMuy9bBUjMq5VI4Kflre91f4xsnRMPmelQm?= =?us-ascii?Q?oowY6hU1PC6OXb0VMfE8s6iJlynbRjA1i2xxednT+iHgpyjN2YSMPu9mBgQI?= =?us-ascii?Q?ydvwYXhn2TLPDQ/4XTWmU5rjUGLUpdqbHGn7Fp7gLTQO5sizLCtgRU4zO2Um?= =?us-ascii?Q?j8s2M7lAJWINHlfng4Pt0B6h3TCQ8Q/5kfzmHBB0FNwqw5+WEv3GWafmosvb?= =?us-ascii?Q?bwM9Sbz6Q9XShqcmTmRF7JwK8f1XkfX4T1tnWqjKKo0EXO1hegXDDq7cA80t?= =?us-ascii?Q?ioq5k9XiJGUdLGzxv9AsQ47atkInhqClUUvLUDJVzhlyID/GzoY1yHBikz4M?= =?us-ascii?Q?6gz5HSHiZ+OpDQWBbEVcLiIxBKhSLQpGE8kIPSxctNX8orjKHJeX23dq7t+/?= =?us-ascii?Q?vDkKScV/T7CB1yqjAhK56WfjSvsXNjbtC2kDT5yUW+gfBMznR+feDD17O500?= =?us-ascii?Q?Cs04MWdhzfC76X6CGRNLUuIfrXoZq9JkRga6vWGQ4PPTqHqEml0BLulMb3fY?= =?us-ascii?Q?bdZ4PHLYew6rNjpLRN+yWxt3/KE3sAsKARwTGJbVyyIK6Q5+bkyNwlA/28cc?= =?us-ascii?Q?ZqBfL+s+FWwjenxgV+u5EI6qi41CNTzbxUaLGlht1195nhoEh8CY6oiCrEGE?= =?us-ascii?Q?ajbPebrdF/pxnbgQBB7atXDFR6ut0+zxb4X3bknbHW241b74e2Chox0XGYYG?= =?us-ascii?Q?+8d6TxmYx9aWkYqYBn70cWTglhUsl/Wit2UVve4cjSTOPy12EQHiPJBcGAlf?= =?us-ascii?Q?jxFL9EthfFUy0I6G3kFSfZOmIvIT3lD/MAkOwTTBub+QOu9h6P1YowOxDdaG?= =?us-ascii?Q?vPEKNib0I6LdsxaNt1cM/BIfhJ9eWZHUaZd4FDV6aGDmu0QUP0QKa60CnQ2m?= =?us-ascii?Q?2i/eKXscfty+TLylIwEDilazFQqSw6pirMIfE2gFuMppuF6PQCMuWmEWaeLh?= =?us-ascii?Q?G6FoC2/K4PmOKVD9gNCEAW+3RIGIZ/Bwu7GzdLrRYO5hgzFf+zdX0/PBb1QN?= =?us-ascii?Q?+CoLpYQAMpYuGtXGRX30rrVcSTjNzGzXG50rEL1rQ8sw5cRQfPTAxTgcd8BX?= =?us-ascii?Q?aQZ/WTe+YNTnfL8WLU6zc4pJy6TYVdBfHolQFkcrV5SRSlyy29NzV6kQABj7?= =?us-ascii?Q?65isFBRGIoYyF1TuurFEhU0M38rOSuPXG4Z58sddEcRG//UYDhMDQY5beuzS?= =?us-ascii?Q?KyiPuIIrzGYs10RKZSM81XAubAPIRGRVq1I9PukmRfQN05ieKbsy5xwUfF25?= =?us-ascii?Q?k34luE+fV8TF2AS1RklGqQrN?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: c7171c57-843d-4e37-bcab-08d90bce70b4 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:33.4335 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: xt6bjytB5uzScHDc99ZY3qIOxxN81GaSPG6xGzNU84KgFS2T1cbF81Hrauc7H2OXo9OPu6xTE+fjt6sahl2pBA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2783 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: UD9HXRvGW46WXq6I1fPGWejMx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783562; bh=fwNsRohM3XAEF684AP5je0+/rWIn0dlWuoCjDFPj/sU=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=dSjM/YrumPqQpZ8wMGlI5y051QNLEaAKK0s5Thbvm2amY3b2goAUd2gteG/fUs5OBzG 6FPQTpiAodWiOPxGkhs2Tm1SaoIjHTwM60Klw3CsjtUeQ0LgEw1xcwvmOGBd2i1vcyKMI YQ1U1udwj3lUqbOpH1R5aye2NTxHP3koSpY= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Now that OvmfPkg supports version 2 of the GHCB specification, bump the protocol version. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- MdePkg/Include/Register/Amd/Ghcb.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MdePkg/Include/Register/Amd/Ghcb.h b/MdePkg/Include/Register/A= md/Ghcb.h index 1e7c0daed3..7a1b6c6d24 100644 --- a/MdePkg/Include/Register/Amd/Ghcb.h +++ b/MdePkg/Include/Register/Amd/Ghcb.h @@ -24,7 +24,7 @@ #define VC_EXCEPTION 29 =20 #define GHCB_VERSION_MIN 1 -#define GHCB_VERSION_MAX 1 +#define GHCB_VERSION_MAX 2 =20 #define GHCB_STANDARD_USAGE 0 =20 --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74655): https://edk2.groups.io/g/devel/message/74655 Mute This Topic: https://groups.io/mt/82479085/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-